Skip to main content

Wednesday, February 09 2022

Determining the Correct Cyber Compliance Level



Determining the Correct Cyber Compliance Level

Why is it important to determine the correct cyber compliance level for your company?

Determining the correct cyber compliance level for your company could potentially save tens of thousands of dollars and months of work. It is based on the information that you receive and must protect.

If a company only receives Federal Contract Information (FCI), and they do not receive Controlled Unclassified Information (CUI):

  • They only need to accomplish 15-17 foundational cybersecurity controls.
  • Many companies are doing some of these already.
  • In most cases, the gaps can be closed in less than a week.
  • With full-time out-sourced support (the most expensive path), it only costs several thousand dollars.

On the other hand, if a company receives CUI:

  • There are 110 cybersecurity controls that must be accomplished.
    • It takes at least 6-18 months to complete all controls.
    • It is about $100k in various expenses to close all gaps.
    • There are ongoing operational costs for network security monitoring.

This is a significant business decision! In order to help you make an informed decision on the correct cyber compliance level for your company, contact Purdue MEP today.

Want to know more about Cybersecurity? Don't risk being unprepared. Purdue MEP's Cybersecurity program can be the resource you need!


Writer: Gene Jones, 765-496-7802,

Return to main content

Purdue Manufacturing Extension Partnership, 550 Congressional Blvd., Suite 140, Carmel, IN 46032, (317) 275-6810

© 2024 Purdue University | An equal access/equal opportunity university | Copyright Complaints | Maintained by Manufacturing Extension Partnership

Trouble with this page? Disability-related accessibility issue? Please contact Manufacturing Extension Partnership at