Success Story: NuVisions Saves Employment Contract Through IMC’s CMMC Assessment

NuVisions Logo

NuVisions Center, located in Lewistown, PA, exists to improve the lives of persons with vision, physical or mental impairments through services and employment; and to also educate the public about vision loss. They serve the Pennsylvania counties of Huntingdon, Juniata, and Mifflin. NuVisions employs persons with disabilities who perform manufacturing, sewing, janitorial, and customer service-related jobs. They currently employ 44 individuals spread among the various areas.

NuVisions Center approached IMC to discuss their desire to comply with the DFARS 252.204-7012, FAR 52.204-21, and the anticipated CMMC level cybersecurity requirements for government contracting. The need for compliance originated because of a requirement from one of their customers. To maintain an existing employment contract, NuVisions had to achieve the appropriate CMMC level of compliance. Higher levels of compliance are continuing to be assessed by the Department of Defense (DoD) and are a moving target for businesses in need of proving compliance. There are currently three levels being evaluated and considered by the DoD. Level 1 is the most basic, Level 2 is more advanced and results in a SPRS score (NIST 800-171 SPRS Score), and the highest level of compliance is currently rated as CMMC Level 3. Those requirements can be daunting to a small company with limited resources. NuVisions Center did not have in-house IT support and were very concerned about the time investment and how to address such a change in procedures.

IMC worked with NuVisions Center to provide them with professional assistance and guidance through self-assessment and used the CISA CSET tool to generate necessary reports.  The CSET tool reports became the foundation for the project deliverables. The plan included a system security plan, action items, and milestones for incremental completion. A Gap Analysis was created, identifying deficiencies and any CMMC controls which weren’t fully met. The project findings were then presented as an Executive Summary showing which requirements were met and any which needed further attention. Throughout the project, NuVisions and their IT contractor provided documentation and answered all questions relative to the content of the requirement.

NuVisions successfully completed the required CMMC requirements. In doing so, they were able to save an employment contract, which resulted in the retention of three jobs for their workforce. Three jobs equate to over 6% of their workforce. That result is very important to the mission of NuVisions Center, and extremely important to the people whose lives are so positively impacted by having a job. The assistance provided by IMC guided NuVisions Center through a process which seemed quite overwhelming and difficult, saving precious time for the leaders of the organization. The project also led NuVisions Center to upgrade some of their IT equipment, which improved operations and further protects their investment from cybersecurity threats.

“We are a small organization and do not have IT staff. Before we found IMC, the task to implement CMMC seemed almost insurmountable. With their help, the process was no longer overwhelming, and we were able to easily manage the implementation of the CMMC requirements.” Terry Knouse, Vice President of Operations, NuVisions Center




What You Need to Know and Do Now to Prepare for DoD CMMC Requirements

The recent NIST SP 800-171 Assessment submission requirement and the upcoming CMMC (Cybersecurity Maturity Model Certification) that will be required of all primes and subcontractors in the near future is a hot topic in DoD.

  • Does CMMC impact your organization?
  • Are you up to date on the requirements?
  • Timelines?
  • Organizational Impacts?
  • What do you need to know and where do you begin?
  • Is your organization ready?

Hear from IMC Partners and Industry Professionals in IT and Management Consulting on the current state of CMMC and the impact it has for your organization currently and in the future. Our speakers will cover this complicated and confusing topic in a way that is understandable for any organization in the DoD supply chain – both prime and sub-contractors – and what it means for you.

Click here to Register via Zoom

Speakers

Scott Dawson
President and Co-Founder @Core Business Solutions
Scott has spent 18 years of running Core Business Solutions and developing ISO programs for small businesses. Core Business Solutions has been approved by CMMC’s official Accreditation Body as a Registered Provider Organization (RPO) for consulting services for CMMC Certification to help small businesses meet DoD contract requirements.

Zane Patalive
Owner @Real IT Care




Cybersecurity Maturity Model Certification (CMMC)

Manufacturers in the DoD supply chain are required to have adequate information security measures in place to protect Controlled Unclassified Information (CUI). Starting in 2020, independent auditors will be assessing manufacturers’ security posture, which will determine which contracts they can bid. This session will provide an overview of these requirements and the various options available to ensure compliance with them.

Register