PDA Engineering, on their challenge to achieve (and stay) compliant with DFARS 252.204-7102 / NIST 800-171
NIST 800-171 Controls Review Case Study
"Beryllium hasn’t tried to push any additional products on us that we felt might not be the best solution for our environment, as part of their own agenda. From day one, Beryllium has done an excellent job of laying out options, but also supporting the decisions that PDA makes as a company." -PDA Engineering
About PDA Engineering
PDA is an engineering company (NAICS Code 541330) that provides:
· Mechanical and Electrical design
· Product Development
· Systems Engineering
· Product Assessment
· Manufacturing and Support
· Project Management
These services are available for both commercial and government projects. NIST compliance has become part of the process flow-down and necessary requirement to receive future contracts for many of our projects. Also, working towards fully implement NIST requirements provides a solid baseline for our security practices.
PDA does not have the technical expertise or experience to fully understand what certain NIST requirements truly meant, or what it would take it implement the requirements. Beryllium helped to provide clarification and guidance towards fully meeting those requirements. Also, Beryllium helped us navigate any future revisions to NIST requirements and what those changes could mean for PDA. Additionally, PDA engineering, while still being a small company, has grown quite significantly in the last couple of years in terms of both staffing and equipment. Keeping up with this growth has caused us to make numerous changes to our IT environment. Many of these changes which were implemented quickly and sometimes without fully knowing the impact to security. Beryllium was able to help us assess those changes and determine if we need to roll something back or go even further with what we have implemented.
Describe your selection process and what criteria you were looking for. How did you go about searching for a solution? In the end, why did you choose Beryllium ?
Beryllium is a locally-based company and we felt that it was important to have a resource that could be immediately available for incident response. When we were searching for that available resource it was immediately clear through a webinar presentation specific to DFARS/NIST 800-171 compliance solutions that Beryllium was the right choice.
What results have you seen since implementing our solution? What business processes does this solution enhance, and how much does it reduce the cost and time to complete these particular processes?