Ecliptic Enterprises (Cybersecurity)

Ecliptic Enterprises Corporation (Ecliptic) was founded in 2001 as a manufacturer of video and imaging systems for use on rockets and spacecraft. Since then, they have expanded their product offerings to include the production of space avionics and sensor systems to control experiments onboard rockets, orbital spacecraft (satellites) and the International Space Station. Ecliptic’s video systems are the leading brand used in U.S. commercial, military and civil space missions. Ecliptic is based in Pasadena, CA and employs 14 workers.


Challenge

Ecliptic is the world’s leading supplier of rugged video systems for use on rockets, spacecraft and in other extreme environments. As a Department of Defense (DoD) contractor, Ecliptic was concerned about meeting the strict cybersecurity regulations (DFARS 252.204-7012 ) which requires all contractors to adhere to the 110 controls contained in the NIST SP800-171 rev1. Failure to meet with the cybersecurity requirements would jeopardize their DoD contracts.

Solution

CMTC met with Ecliptic’s senior staff with a plan to progress towards implementation and compliance with DFARS 252.204-7012. CMTC provided expertise and guidance to develop cybersecurity plans training, documentation, policies and procedures to Ecliptic. The desired outcome was that Ecliptic would remain and grow as a qualified supplier in the defense, commercial and civil space supply chain.

Initially, a baseline analysis consisting of an on-site assessment of the information system ecosystem was performed to determine the current level of DFARS compliance. CMTC then provided guidance to Ecliptic on a set of four deliverables: 1) initiate the fulfillment of the Self-Attestation Questions via the U.S. Department of Homeland Security’s Cyber Security Evaluation Tool to help a compliance reviewer’s work with completing an assessment of Ecliptic; 2) develop a Systems Security Plan to document the controls that had been selected to mitigate risks to the system which would allow Ecliptic’s information technology staff or an auditor to verify the effectiveness of that control; 3) create a plan of Actions & Milestones to assist Ecliptic in identifying, assessing, prioritizing and monitoring the progress of corrective efforts for security weaknesses found in programs and systems; and 4) utilize an Incident Reporting Plan to define areas of responsibility and establish procedures for handling various security incidents.

Once the four deliverables were successfully implemented, Ecliptic tripled their adherence level of the 110 controls in the NIST SP800-171 rev1 and they were positioned to be able to report positive progress towards DFARS 252.204-7012 compliance goals consistent with the requirements of their prime contractors.

“We appreciate CMTC’s knowledge of the industry, unbiased advice and their responsiveness.”

- Rex Ridenoure, CEO

Download This Case Study