Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Technology for Energy, Cybersecurity & AS9100 Oh My!

About

Technology for Energy Corporation (TEC) is a manufacturer of diagnostic instruments for multiple industries including the aviation, electric power, nuclear, and materials testing industries and is located in Knoxville, Tennessee. The company has approximately 50 employees and most are located in the Knoxville office, with a handful in a Huntsville, Alabama, location. TEC’s entire staff is involved in customer communication from product development to delivery and beyond. All TEC instruments are designed and built by the employee-owners of the company.

The Challenge

The client needed to establish a quality management system that adhered to the AS9100D standard to continue to serve clients in the defense and aerospace markets and to seek out and serve new clients in this market as well. This part of the engagement with TEC was led by TEC’s Tim Smith, a key project engineering manager. TEC turned to Tennessee MEP, part of the MEP National Network™, for help.

We anticipate the benefits will continue to happen for the next few years.  These services will help us maintain DOD contracts and help us in new markets and ultimately an increase of $10M/year for us is possible.

— Tim Smith, Project Engineering Manager

MEP's Role

The Tennessee MEP team performed a NIST Cybersecurity Framework for Manufacturers Gap assessment. This framework included assessment project-planning and management, a review of the NIST gap assessment methodology and establishment of milestones. A cybersecurity remediation project followed to assist with compliance to the Department of Defense DFARS 252.204-7012 and NIST 800-171 Interim Rule Gap Assessment.

The cybersecurity assessment and remediation projects resulted in compliance portal configuration and assignment of roles, the deployment of network scanning tool along with an initial scan for evidence collection. Worksheets and forms were created and delivered to address policy, process and evidence documentation. Subsequently guidance and consultation services were provided related to the assessment. This led to an additional cyber security remediation project which focused on improving communications protection, configuration management and access control.

The key deliverable for the AS9100D Gap assessment were the key steps required to gain AS9100D certification. The key resulting deliverables of the cybersecurity project were a NIST auditor checklist, a risk analysis, a risk treatment plan, evidence of compliance, a policies and procedures template, an application and asset inventory, and an external vulnerability scan report, along with supporting worksheet and forms. The client also received access to the compliance portal for 60 days. Guidance and assistance were provided to help bring TEC into compliance in the key areas of communications protection, configuration management and access control. 
Created January 30, 2025