Safeguarding lives on physical and cyber battlefields.
FN America, LLC, is a U.S. subsidiary of FN Herstal, S.A., a global leader in developing and manufacturing high-quality, reliable firearms for military, law enforcement, and commercial customers worldwide. True to its vision to be the firearm industry’s most innovative company, the company makes cybersecurity one of its main priorities. They have been at the forefront of the U.S. Department of Defense’s latest mission to protect America’s defense industrial base from foreign and domestic cyber breaches and attacks with the rollout of the Cybersecurity Maturity Model Certification (CMMC).
“Cyberattacks targeting systems and data throughout the world are constantly increasing in both volume and sophistication. Our purpose is to safeguard the lives of American service members and its allies, and we understand that this purpose extends to the cyber battlefield as well. Therefore, we strive to take the same innovative approach to cybersecurity as we do with our firearms.”
— Jason Britton, IT Director, FN America
The Challenge
In 2016, the Department of Defense (DoD) announced a new cybersecurity requirement for DoD suppliers—DFARS 252-204-7012. This requires all companies who provide products and services to the DoD to implement NIST 800-171 cybersecurity controls within their IT systems. FN America promptly conducted a self-assessment to determine their compliance gaps and found issues they tried to correct themselves.
FN America’s IT leadership initially over complicated the process and implemented controls that were difficult to understand and implement. Like many other manufacturers, FN America’s shop floor also presented challenges and complexities to secure compared to development or service floors—sensitive information was often left exposed on unattended computers, and new procedures disrupted their productivity.
The Solution
When CMMC was first announced in 2019, FN America decided to rethink their approach to implementing NIST 800-171 in order to avoid their previous pitfalls of incorrectly interpreting the standard with the goal of becoming one of the first companies to be CMMC certified. After a thorough search of the market for NIST 800-171/CMMC experts, they partnered with SysArc in early 2020 to provide CMMC Advisory Services including Program Management of their CMMC Project. As a first step, SysArc provided a comprehensive NIST 800-171 gap assessment that identified FN America’s compliance gaps. From there, SysArc assisted with the SSP, POAM items, Policies & Procedures and Assessment preparation.
The Result
FN America’s early and consistent collaboration with the compliance experts at SysArc allowed them to secure their CMMC certification through the Joint Surveillance Voluntary Assessment Program (JSVAP), positioning them ahead of their competitors. Fewer than 100 companies worldwide have successfully navigated this process and achieved certification, making FN America a leader in their industry.
“FN America was successful in their compliance journey because they received a solid commitment of support from their overseas parent company, FN Herstal, and they were diligent about working through all of the requirements, no matter how challenging.”
— Bernhard Bock, SysArc CISO and CMMC Program Manager
Since completing certification and starting their program with SysArc, FN America is not only compliant with their customers’ requirements, but are more secure and have reduced their risk of a serious breach. Through this process, they have become more committed to continuous improvement with an ongoing effort to maintain high-security standards and compliance moving forward. By improving the security of sensitive information, FN America can now better serve the war fighter and are doing their part to protect the DIB supply chain from bad actors.
Do you need help preparing for CMMC?
We’ve helped over 1,500 DoD contractors throughout the U.S. navigate the complexities of DFARS, NIST 800-171, and now CMMC. Through our many experiences, we’ve fine-tuned several solutions that enable our clients to prepare to achieve compliance faster and at a lower cost compared to other solutions that have been popping up in the market recently. If you need help preparing for CMMC, give us a call or request a consultation today.