Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Manufacturing Extension Partnership (MEP)

Metalworking Group CMMC Progress

With the help of: Ohio Manufacturing Extension Partnership (Ohio MEP)

About

With facilities in Cincinnati and Fairfield, Ohio, Metalworking Group (MWG) produces metal fabrications, CNC machined parts, robotic weldments, metal stampings, liquid painting, powder coating, and complete product assemblies. MWG employs 140 individuals and has been in business for over 40 years.

The Challenge

MWG handles a number of DOD-oriented contracts, and thus is required to become CMMC Level 2-compliant. While the organization has received ISO 9001:2008 certification, they have not undergone any cybersecurity-focused assessments or certifications. Without an internal compliance function, the organization sought guidance and assistance from TechSolve, part of the Ohio MEP and the MEP National Network™, with assessing their current CMMC compliance, drafting policy and plan documentation, obtaining an accurate SPRS score, and developing a plan of actions and milestones for any items requiring remediation.

Points of contact on the MWG side included members of the engineering, facilities, and senior leadership teams. MWG's managed services provider, Nexigen, was also involved in this engagement, providing insight into the monitoring and maintenance performed for MWG as part of their service-level agreement.

Our collaboration with TechSolve marked the beginning of our CMMC Level 2 compliance journey; it was hugely beneficial to setting us up for success in this new realm. TechSolve began by laying the foundation for us about what exactly CMMC compliance is, why it is being required, how progress is measured / tracked, and various methods for working toward compliance. Without TechSolve's expertise and partnership, we would be significantly further behind on our qualification path.

A team of skilled professionals in the cybersecurity/IT/regulatory space, TechSolve was able to answer any questions we had or research/seek-out the correct answers throughout the entirety of our CMMC collaboration period. MWG would highly reccomend TechSolve to any business looking for expert advice and navigation with regard to CMMC compliance.
— Tyler Weiskittel, Sr. Manufacturing Engineer

MEP's Role

Beginning with a gap assessment, TechSolve utilized FutureFeed to document MWG's compliance, calculate a SPRS score (SPRS is a procurement risk analysis tool for the areas of price, item, and supplier risk), and create a plan of actions and milestones (PoAM) detailing outstanding items requiring remediation. As part of this engagement, TechSolve also assisted MWG in the creation of a full suite of CMMC-compliant security policies and an incident response plan. TechSolve provided security awareness and CUI training (CUI, or controlled unclassified information, is sensitive information that does not meet the criteria for classification but must still be protected) to employees with access to CUI. Additionally, an organizational risk assessment and tabletop testing of the incident response plan were performed.

Results

$3,000,000 in new or retained sales
40 employees work on DOD-related contracts
$90,000 in new investment
Relevant employees received CUI and security awareness training

Congressional District

1st District

8th District

Download PDF

Download Success Story PDF

MEP Center Contact

77 South High St., 28th Floor
Columbus, OH 43215-1068
United States

+1 (614) 582-7395

mep [at] development.ohio.gov

https://development.ohio.gov/business/manufacturing/ohio-manufacturing-extensio…

Created January 30, 2025