NaviSec has partnered with Totem Technologies, LLC — an innovative Software-as-a-Service solution provider that perfectly meshes cybersecurity and compliance requirements. — to help deliver cybersecurity compliance to several DoD contractors.
We describe two example success stories below.
Perellion, Inc.:
DoD Fabricator
NIST 800-171 and CMMC Compliance
Because they handle Controlled Unclassified Information (CUI), Perellion, Inc., a small Defense Industrial Base (DIB) aerospace Industrial Control System (ICS) automation and tooling fabrication shop, needed to achieve compliance with the DFARS 252.204-7012 requirement, and prepare for Cybersecurity Maturity Model Certification (CMMC) at Level 2. This company is rapidly growing, so they needed flexible security consultation and administration to adapt to their changing physical and logical environments.
How we teamed with Totem:
- With the help of a stipend from Impact Washington, Perellion attended Totem Tech’s DFARS/CMMC Workshop, where they learned all about the requirements for the protection of CUI and the coming CMMC certification.
- Using what they learned in the Workshop, Perellion leveraged the Totem™ Cybersecurity Compliance Management tool to generate a robust System Security Plan (SSP), and periodically consulted with Totem experts to plan the SSP implementation.
- Although they have quite capable IT system administrators, Perellion realized they needed assistance with “heavier lift” security technology installation as well as ongoing continuous monitoring.
- Totem referred Perellion to NaviSec. Through remote consultation, Navisec helped them install several security components, such as an upgraded firewall, and deployed continuous monitoring sensors in the environment.
- NaviSec continues to help Perellion administer security technologies, and assists them with response to any alerts generated by security operations monitoring tools.
The Results
- With Totem’s help, Perellion learned how to develop and manage the cybersecurity plans that brought it into compliance with the DFARS mandate to protect CUI.
- NaviSec helped Perellion upgrade its security technology and established a security operations capability to monitor and respond to threats. Together, Totem and Navisec helped Perellion increase its SPRS score by over 84 points, a 120% score improvement.
DoD SBIR
Grantee
NIST 800-171 and CMMC Compliance
A small Commercial Off The Shelf (COTS) surveillance equipment manufacturer received a Small Business Innovation Research (SBIR) grant to integrate their products into USAF facilities. One of the gates for SBIR Phase II is implementation of the NIST 800-171 standard for protecting CUI. Because this company is extremely small and their staff is dispersed geographically, monitoring their systems and training their staff is particularly challenging.
How we teamed with Totem:
- Company representatives attended Totem Tech’s DFARS/CMMC Workshop, where they learned all about the requirements for the protection of CUI and the coming CMMC certification.
- After the Workshop, the company determined they needed a cybersecurity gap assessment and help planning a compliant cybersecurity program. Totem assisted them by executing our NIST 800-171/CMMC Assessment.
- As a result of the assessment, Totem helped the company realize they handle very little CUI, and only relatively infrequently. Instead of an internal infrastructure for handling CUI, the company could rely entirely on a cloud-based “enclave”. We therefore recommended our Zero Client solution, and tailored their SSP accordingly.
- For ongoing security training of their dispersed workforce interacting with the enclave, Totem referred the company to NaviSec, who are adept at security operations for small non-local businesses.
- NaviSec deployed their staff training services to meet objectives laid out in the Zero Client SSP.
The Results
- Totem helped the company avoid cybersecurity overspend by identifying that they handle very little CUI. The company then implemented Totem’s lightweight Zero Client approach to enclaving CUI.
- The company engaged NaviSec to round out the security training and check the final boxes that will allow them to pass through the SBIR Phase II gates, one step closer to a lucrative DoD contract.