NC Dynamics, based in Long Beach, California, engineers, manufactures and assembles sophisticated machined structures for the commercial aerospace and defense industry. The company needed to meet a deadline to comply with requirements outlined by NIST SP 800-171, a special publication released by the National Institute of Standards and Technology (NIST) aimed at protecting Controlled Unclassified Information (CUI) in nonfederal information systems and organizations.

NIST SP 800-171 is a framework that specifies how a company’s information systems and policies needs to be configured to protect CUI. NIST SP 800-171, which is divided into 14 different control families with 110 controls, can best be described as a standardized set of requirements for cybersecurity. NC Dynamics needed assistance reviewing the security controls and creating a System Security Plan (SSP) to help the company reach compliance.

VectorUSA conducted an initial assessment of NC Dynamics’ environment to identify any gaps between its current state and the requirements outlined by NIST SP 800-171. We then reviewed each of the NIST 800-171 requirements with NC Dynamics technical personnel and documented NC Dynamics current implementation and/or planning of required security controls. Lastly, VectorUSA drafted a SSP that outlined NC Dynamics compliance with requirements of the SSP. The SSP included a list of high-level recommendations for new processes and/or technologies necessary to meet the NIST 800-171 requirements.

NC Dynamics now has a plan to reach compliance with a target compliance date. The company also has all the required budgets for the projects necessary to reach 100 percent NIST SP 800-171 compliance. VectorUSA reviewed the controls and implemented an action plan in less than a month to ensure NC Dynamics met the December 31, 2017 deadline set forth by NIST SP 800-171.