HAVERHILL, Mass., March 18, 2020 – IMI, Inc., the Massachusetts based printed circuit board fabricator announced that after a comprehensive third-party audit, it has received a letter of assurance confirming it has satisfactory controls in place to meet the cybersecurity requirements of the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204- 7012 and the National Institute of Standards and Technology Special Publication (NIST SP) 800-171A.
The assessment, conducted by Neoscope, an IT and Cybersecurity management firm located in Portsmouth, New Hampshire, established that IMI, Inc. implemented satisfactory controls and complied with all 110 information protection requirements. Ensuring these regulations flow through the entire supply chain is critical to the success of the DFARS/NIST cybersecurity initiative, which is quickly becoming a mandatory requirement for winning new defense contracts. IMI, Inc. is one of a small percentage of companies that have received objective verification of having a “substantive” cybersecurity controls program in place, demonstrating its commitment to helping its customers meet their trusted supply chain requirements.
“IMI has been, and remains committed to safeguarding protected information and made compliance with the latest DFARS and NIST standards a top priority,” said Peter Bigelow, IMI’s President and CEO. “We have invested significantly in building out our cybersecurity capabilities so to continue to supply our defense related customers, as well as all our customers who value doing business with companies who value IT and IP security. Receiving this independent third-party validation of our cybersecurity controls program is a major milestone in our comprehensive defense industrial security plan.” He continued, “we look forward to being audited and certified later this year to the new CMMC cybersecurity certification protocol”.
Cyber and information warfare are the latest battlefields in the race for commercial and military dominance. The Department of Defense (DoD) launched this compliance program in an effort to broaden and deepen the security practices of companies supplying mission- critical products and services to the U.S. government and provide further protection against cyber threats. DFARS 252.204-712, “Safeguarding Covered Defense Information and Cyber Incident Reporting”, published October 2016, was specifically designed to ensure the protection of Controlled Unclassified Information (CUI) by non-federal agencies, or “Contractors”. It covers information technology (IT) cybersecurity from printers to servers to cloud computing, and it mandates compliance with NIST 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”. NIST 800-171 contains 110 requirements across 14 families of information control, all of which contractors must be compliant with to ensure sufficient safeguards are in place to protect CUI against cyberattacks.
Currently it is estimated that most defense contractors comply with less than 60% of the requirements contained in NIST 800-171. According to Craig Taylor, Neoscope’ s Chief Information Security Officer, “Neoscope has been specializing in cybersecurity for over a decade as a trusted partner to a multitude of small, medium and large businesses, providing turnkey capabilities to municipalities, medical, legal, and commercial markets. Our team conducted a comprehensive and detailed review of IMI’s information controls program which has satisfactorily met the objectives of the NIST 800-171 based on a sampling of the requirements as well as the related cybersecurity requirements as outlined in the DFARS 252.204-7012 clause.”