Cybersecurity Compliance Key to Business Sustainability

Corru-Seals, dba Nicholsons, is part of a global company specializing in the design and manufacture of resilient, high-temperature metal seals, gaskets, and ancillary components for extreme conditions. For over 45 years, the company has been supplying the aerospace sector from its U.S. site in Wallingford, Connecticut. The company provides a complete engineering service from design and rapid prototype manufacture to full volume production of standard, optimized, and specialized metal seals. They are an approved supplier for major U.S. aerospace industry customers, including Pratt & Whitney, GE, Honeywell, Rolls-Royce and Bombardier.

Corru-Seals, as a supplier to the defense industry, is required to comply to NIST SP 800-171. DFARS 252.204-7012 compliance with NIST SP 800-171 requires contractors to provide “adequate security” for all covered CDI on all contractor systems used to support the performance of the contract. With over 20% of company revenue from defense products that fall into this category, implementation was critical, but this was the company’s first endeavor into safeguarding covered defense information (CDI), controlled unclassified information (CUI) and cyber incident reporting.

The leadership at Corru-Seals sought CONNSTEP’s technical expertise to better interpret and meet cybersecurity compliance requirements, identify and correct mistakes, and translate complex processes into simple terms. CONNSTEP, part of the MEP National Network™, performed a gap analysis to help the company understand the requirements of DFARS and NIST SP 800-171, CONNSTEP worked with the leadership team to develop a plan of action and milestones (POAM). The plan of action was designed to correct deficiencies based on risk prioritization.

CONNSTEP also reviewed the areas of Cybersecurity Maturity Model Certification (CMMC) to assist Corru-Seals in their transition to CMMC 2.0. All security measures were considered to ensure compliance, including identifying and correcting non-compliant customers and vendors. They have advanced the security of their infrastructure, introducing new cybersecurity tools such as multi-factor authentication throughout the company.

The Corru-Seals team has also implemented matrices to plan, track, and monitor the POAM. The process has made everyone at Corru-Seals aware of the importance of protecting the transmittal of information – both sending and receiving documentation – and the importance of compliance and security of communications. Corru-Seals is now well on the way to meeting the requirements of CMMC 2.0.