Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Defense Contracts: EPM’s Journey to Cybersecurity Compliance

About

Electro Product Management (EPM) is a family-owned electronic component test lab that has been a trusted partner in the technology and defense sectors for over 23 years. Specializing in delivering tailored solutions to high-stakes industries like aerospace, military & defense, and industrial, EPM works closely with top-tier manufacturers to meet the precise needs of their clients. Based in Fairfield, New Jersey, EPM has grown into a close-knit team of about 20 employees.

The Challenge

For Electro Product Management, staying ahead in the competitive defense sector meant meeting increasingly stringent cybersecurity requirements. With most of their defense clients now mandating NIST SP800-171 compliance for both new contracts and continued business, it was clear that achieving this standard wasn’t optional—it was essential.

As a small, family-run business built on trust and transparency, EPM needed a partner who shared their values and could provide clear, actionable guidance. Navigating the complex framework of NIST SP800-171 posed significant challenges, from understanding the intricate security requirements to implementing them without disrupting daily operations.

Oftentimes, working with other vendors can be challenging, but in this case, everything went very well and smoothly. The interface with NJMEP was great.

— Ray D'Alessandro, VP of Engineering

MEP's Role

To meet the demands of their defense clients and achieve NIST SP800-171 compliance, EPM partnered with NJMEP, part of the MEP National Network™, for specialized support. While EPM sometimes relies on independent contractors for specialty work, navigating the intricacies of cybersecurity compliance required a trusted partner with the right expertise. NJMEP’s team provided the guidance EPM needed, breaking down the complexities of the compliance process into manageable steps and tailoring their recommendations to EPM’s unique operational needs. The project was structured into 5 dedicated workdays spread across the year, delivered quarterly, for a total of 40 hours. This strategic approach ensured that NJMEP could provide consistent, focused support while minimizing disruption to EPM’s operations.

Key areas of focus included conducting a Risk Review Assessment, where NJMEP helped EPM periodically evaluate risks to organizational operations and assets, ensuring ongoing protection against potential vulnerabilities. NJMEP also implemented role-based IT security training, conducted biannually, to equip EPM’s team with the knowledge needed to maintain a secure and compliant environment.

“NJMEP has been very helpful in obtaining the NIST 800-171 compliance, which most of my defense customers have been requesting in addition to the SPRS score,” said Ray D’Alessandro, VP of Engineering.

Created January 29, 2025