NuVisions Center, located in Lewistown, PA, exists to improve the lives of persons with vision, physical or mental impairments through services and employment; and to also educate the public about vision loss. They serve the Pennsylvania counties of Huntingdon, Juniata, and Mifflin. NuVisions employs persons with disabilities who perform manufacturing, sewing, janitorial, and customer service-related jobs. They currently employ 44 individuals spread among the various areas.
NuVisions Center approached IMC to discuss their desire to comply with the DFARS 252.204-7012, FAR 52.204-21, and the anticipated CMMC level cybersecurity requirements for government contracting. The need for compliance originated because of a requirement from one of their customers. To maintain an existing employment contract, NuVisions had to achieve the appropriate CMMC level of compliance. Higher levels of compliance are continuing to be assessed by the Department of Defense (DoD) and are a moving target for businesses in need of proving compliance. There are currently three levels being evaluated and considered by the DoD. Level 1 is the most basic, Level 2 is more advanced and results in a SPRS score (NIST 800-171 SPRS Score), and the highest level of compliance is currently rated as CMMC Level 3. Those requirements can be daunting to a small company with limited resources. NuVisions Center did not have in-house IT support and were very concerned about the time investment and how to address such a change in procedures.
IMC worked with NuVisions Center to provide them with professional assistance and guidance through self-assessment and used the CISA CSET tool to generate necessary reports. The CSET tool reports became the foundation for the project deliverables. The plan included a system security plan, action items, and milestones for incremental completion. A Gap Analysis was created, identifying deficiencies and any CMMC controls which weren’t fully met. The project findings were then presented as an Executive Summary showing which requirements were met and any which needed further attention. Throughout the project, NuVisions and their IT contractor provided documentation and answered all questions relative to the content of the requirement.
NuVisions successfully completed the required CMMC requirements. In doing so, they were able to save an employment contract, which resulted in the retention of three jobs for their workforce. Three jobs equate to over 6% of their workforce. That result is very important to the mission of NuVisions Center, and extremely important to the people whose lives are so positively impacted by having a job. The assistance provided by IMC guided NuVisions Center through a process which seemed quite overwhelming and difficult, saving precious time for the leaders of the organization. The project also led NuVisions Center to upgrade some of their IT equipment, which improved operations and further protects their investment from cybersecurity threats.
“We are a small organization and do not have IT staff. Before we found IMC, the task to implement CMMC seemed almost insurmountable. With their help, the process was no longer overwhelming, and we were able to easily manage the implementation of the CMMC requirements.” Terry Knouse, Vice President of Operations, NuVisions Center