Atec has a long history of supplying critical components to the US Department of Defense (DoD). As a trusted supplier, we proactively work to make sure all parts of our business are meeting or surpassing DoD standards. In the realm of cybersecurity, until recently DFARS/NIST 800-171 recommended requirements guided our actions to protect the confidentiality of controlled unclassified information (CUI). In 2019, DoD announced it would be implementing a new certification for all of its suppliers in order to further standardize its rankings and assessments of vendor capabilities.
CMMC (Cybersecurity Maturity Model Certification) will now be the uniform required certification for all government contractors, and CMMC compliance will be a prerequisite for bids on new work in the future. DoD is making this jump at a time when data protection is on everyone’s minds. Atec welcomes DoD’s enhancements to its cybersecurity compliance program and is making additions to its systems and processes in order to align fully with CMMC. While the DoD has given vendors until 2025 to achieve certification, our goal is to be compliant by the end of 2021.
Chief Technology Officer Mike Patterson is confident the Atec Companies are on track to achieve CMMC compliance. “We were well positioned for the DoD cybersecurity compliance changes,” Patterson said. “For years we have been operating in compliance with DFARS/NIST 800-171, and that mindset has prepared us to move forward successfully with CMMC. We aren’t getting caught flat footed with this.” According to Patterson, the Atec business model has long prioritized heightened cybersecurity measures, and the change in compliance standards fits with work the corporation has already been doing.
“CMMC mindset is really already a part of the Atec business model. Protecting customer data is of paramount importance to us, and we have many contractual requirements that mimic what is now being spelled out by the DoD,” said Patterson. “Our strategic plan specifically highlights our information security priorities, and we are ready to improve upon what we already have in place.”
In addition to protecting sensitive data, cybersecurity enhancements pursued under the new CMMC guidelines will further business continuity by limiting disruption caused by breaches. Cybersecurity experts frequently assert that perfect insulation from any cyber event is impossible. Nonetheless, the companies that consistently improve their response protocols and activate established incident response action plans in the event of a breach, are the ones best equipped for the future.
Michelle Fenley, Atec Director of IT and Materials, who is overseeing the implementation of new security features and trainings associated with CMMC, has been working with her team on several measures to prepare for future cyberattacks. As Atec has had strong cybersecurity measures in place for several years, initial efforts will include documentation of existing processes that will help towards achieving CMMC. Atec’s IT team continues to monitor government sites to stay current with any new information or standards that should be incorporated in CMMC training and updates. Ethan Mayfield has been assigned to focus daily efforts to meet Atec CMMC targets. The Atec IT Team is working with Fidelis Risk Advisors to pace progress and to stay up-to-date on new guidelines as they are rolled out. Atec has added regularly scheduled training to increase awareness and educate users. CMMC has become part of the daily language at Atec. The IT team seeks feedback and evaluates company business practices, not only to stay compliant, but for the overall health and safety of Atec IT Systems.
CEO Howard Lederer has stressed the importance of training for all employees on the new CMMC standards and associated protocols. “We have a long legacy of working for our US warfighters, and we have to do everything we can to keep them safe in both the equipment they use and the data systems that support them,” Lederer said. “I know our team is going to do what it takes to keep Atec in a strong position to offer that level of security to DoD and others.” Lederer also stressed that the Atec corporate executive team and Board of Directors has allocated substantial resources to ensure employees have the tools they need to attain the CMMC rating. “At Atec, we take pride in caring for our customers and their needs. We are working hard and investing in our teams and systems to continue protecting sensitive data as a critical component of our mission.”