TECHNOLOGY ISN’T GOING AWAY: MINOR RUBBER IMPLEMENTS CMMC 2.0 TO STAY AHEAD OF CYBER THREATS
Background
Minor Rubber began its journey as The Alling Rubber Company, and when they withdrew from the market, Charles W. Humphreys, a former employee, purchased the Newark, New Jersey location and Minor Rubber opened its doors in 1914. From the beginning, Minor Rubber established a reputation for innovative, high-quality rubber products, and was at the forefront of adapting to advancements and changing technologies in rubber materials. As technology advanced, Minor Rubber continued expanding its offerings and its product line forayed into custom rubber mats and matting, gaskets, and washers. With the onset of World War II, Minor Rubber again evolved to supply new products to the defense sector and then once again to the emerging aerospace and electronics industries of the ‘50s and ‘60s.
Half a century later, Minor Rubber is still a third-generation, family-owned New Jersey Manufacturer that utilizes more efficient manufacturing technologies and advanced rubber compounds, allowing it to remain on the leading edge of the market.
Challenge
As a supplier of standard and custom molded rubber components to the aerospace and defense industries, and with the onset of Cybersecurity Maturity Model Certification (CMMC) 2.0—a complex and rigorous process that determines how securely your organization creates, handles, and disseminates Controlled Unclassified Information (CUI)—there’s a chance that without meeting these new compliance standards set forth by the Department of Defense, that suppliers can lose out on lucrative government contract work.
“We wouldn’t be able to seek out new government business,” says Josh Gordon, CFO of Minor Rubber. “Some of the business would have to be done through intermediaries and some we would lose altogether. It was the right time for us, and we embarked on the CMMC project.”
Outside of that, Josh says that it was just the perfect time to adopt this new cybersecurity standard as well.
“One of the ways I sold it internally was by saying technology isn’t going away,” adds Gordon, “It’s just going to become more of an issue you have to solve, so why wouldn’t we just start to do this, and evaluate these processes and protections.”
By chance, Minor Rubber just happened to get an email regarding one of NJMEP’s no-cost webinars where Cybersecurity experts would be discussing the latest changes to CMMC.
“It was the right time—we don’t do a ton of government business, but the nature of the business that we do with them we do have to be compliant.”
Solution
“Once we started really looking into it, we just knew we didn’t have the expertise internally,” says Gordon, talking about implementing CMMC 2.0. “And the IT firm we used had the expertise to implement, but in terms of traversing the actual standard and ensuring the documentation was there, and when you had questions—we would’ve wasted so much time having to investigate each and every one ourselves,” Gordon adds. “So that guidance is key to the whole process, and that is definitely where it would’ve been overwhelming, and when you looked at the project as a whole that was the overwhelming side of it.”
Luckily, NJMEP’s Cyber Experts have decades-worth of experience in navigating Cybersecurity compliance, and the collaboration between Minor Rubber and NJMEP began with a Cybersecurity Assessment, based on Cyber Maturity Model Certification (CMMC) 2.0, which incorporates FAR 52.204-21, NIST SP 800-171 rev 1 and NIST SP 800-172. NJMEP’s expert resource assessed CMMC 2.0 Levels 1-2, which, once achieved, demonstrates good cyber hygiene and effective implementation of controls that meet the security requirements of FAR 52.204-21 and NIST SP 800-171.
Embarking on a CMMC project requires substantial commitment on the part of the service provider as well as the client, and it can prove to be a very time-consuming process. This journey required multiple steps to ensure Minor Rubber complied with the correct CMMC requirements.
The following steps were taken:
Cybersecurity Assessment – Based on the DFARS 252.204-7012 and the DoD-designed set of controls as prescribed in the NIST SP800-171 revision 2.
- NIST SP 800-171 Rev2 Gap Analysis and cross reference with CMMC Level 1-2
- Cybersecurity Monitoring and Detection Services – Monitoring and Detection Service based on the DFARS and DoD controls
Cybersecurity Security Operations Center Service (SOC) – Providing outsourced monitoring and detection to include real-time visibility of data reflecting the state of risk to security posture, the network, endpoints, cloud devices, and specific applications.
Each of the above points requires dozens of individual steps to complete. CMMC is not an easy certification to achieve without the right support and partner. However, with the right team, a manufacturer will be guided through every individual requirement to ensure compliance and audit readiness will be reached as quickly and efficiently as possible.
“As daunting as a task as it is to go through and put these plans in place,” says Gordon, “It’s beneficial for ANY organization, just the protections that you can put in place to keep yourselves protected at the digital level. It’s a no-brainer.”
Results
Minor Rubber completed its CMMC requirements and has fulfilled the Cybersecurity requirements to retain its current and secure future government contracts. Through the support of NJMEP and their Cybersecurity Resource, Minor Rubber was able to efficiently meet their contractual requirements and is thoroughly prepared for inspection and audit, safe in the knowledge and guidance that was provided during their time working with NJMEP.
“One of the ways we’ve benefitted from [CMMC compliance] is we’ve actually been told by other subcontractors, either Lockheed or someone like that has actually come back to us and said, ‘Well, let us know when it’s done because we can’t buy from you until you’re compliant,’” says Gordon.
The following results reflect the impact Minor Rubber experienced while engaging with NJMEP over the past 12 months:
- INCREASED SALES: $300,000
- RETAINED SALES: $550,000
- RETAINED JOBS: 1
- COST SAVINGS: $50,000
“We’re looking to expand the product lines that we have, we’re starting to do some value-added services,” says Gordon, talking about what’s next for Minor Rubber. “Part of the LEAN project we did with [NJMEP], was the revamp of our whole shipping and receiving area, and we were able to invest in new technology—a counting machine that bags and prints on the bags. So, we’re now offering that as a service to customers, offering this service to customers in a standardized fashion at minimal cost. We’re also starting to do some light assembly work as well.”