Complying With New NIST Standards

The National Institute for Standards and Technology recently released a set of standards for cyber security. Defense contractors are required to implement these standards by the end of 2017, and that applies to Tekmos. We started off already being compliant with about half of the standards. Achieving compliance with the other half of the standards is more of a challenge.

One major area we are working on is formal documentation. The NIST standards require formal procedures for all aspects of cybersecurity. We already have informal procedures, but converting all of them to formal procedures is a major undertaking. The one advantage to creating all of this documentation is that it fits in with our AS9100 documentation we are creating for our certification audit later on this year.

The second area of work is the addition of card readers to each PC to only allow authorized users on each work station. At first, this seems straightforward, but becomes more complicated when our testers are taken into account. The testers are tightly coupled to engineering, and so are part of our network. But they also run independently, and we have one operator taking care of multiple tester / handler configurations. It is not clear how we will address this.

Another interesting area is the requirement of a whitelist for approved programs. Engineering will frequently try out new programs as part of their jobs. And so the procedures need to be written to allow this, while still providing security.

There is still a lot to do, but we are optimistic that we will be compliant by the deadline. And give the increased cyber threats these days, it is good to be improving our defenses.

Contact us today at for more information.