Cybersecurity

Funding Available for Cybersecurity Assessment and Implementation Support for Indiana Small Businesses!

The Indiana Economic Development Corporation (IEDC), using a program funded by the U.S. Small Business Administration (SBA), is partnering with Purdue MEP to conduct cybersecurity assessments and implementation. Using the Department of Defense’s unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB) - Cybersecurity Maturity Model Certification (CMMC), the following projects are planned:

• 25 CMMC L1 assessments and implementation
• 20 CMMC L2 assessments
• 10 virtual Chief Information Security Officer (vCISO) 24 hour slots

This opportunity is perfect for small companies, per SBA size standards, that need support to adopt foundational cyber practices and are unable to participate in the U.S. Department of Defense (DoD) contracting realm without it. However, this program is not limited to defense industrial base companies, it is open to any small business that wants to better protect its information!

Click here to learn more.  Funding is open now through August 2025 - or until funding runs out.

Funded through a Cooperative Agreement with the U.S. Small Business Administration.

Did You Know these facts about cybersecurity?

• 61% of experts in technology and policy predict a major cyberattack causing widespread harm will occur by 2025, according to a Pew Research Center report.
• $445 billion is lost annually to cybercrime and espionage across the entire world economy, according to the Center for Strategic and International Studies.
• 46,605 breaches of federal computer networks occurred in 2013 according to the US - Computer Emergency Readiness Team.

Now, do we have your attention?

All Department of Defense (DoD), General Services Administration (GSA), and NASA contractors must have met the Federal Acquisition Regulations (FAR) minimum cybersecurity standards as of December 31, 2017. If you are not compliant, your company is at risk of losing federal contracts.

On November 30, 2020, a second significant DoD cybersecurity contracting requirement became effective. The Defense Federal Acquisition Regulation Supplement (DFARs): Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) introduced three new DFARs clauses:

1. DFARS 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements
1. This clause provides the requirement for a cybersecurity assessment to be completed prior to contract award and score entered in the Supplier Performance Risk System (SPRS).
2. DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements
1. This clause includes the DoD assessment requirements for contractors.
3. DFARS 252.204-7021, Contractor Compliance with the Cybersecurity Maturity Model Certification (CMMC) Level Requirement*
1. This clause describes the requirements for DoD’s new CMMC program.

*Note: All of the above DFARs clauses are effective while DoD reviews and modifies the CMMC program, however, DoD is not utilizing DFARs 252.204-7021, which implements CMMC, until the review and regulation change is effective. The CMMC 2.0 modifications to the DFARS are anticipated to be effective in the first quarter of 2025 at which point a three-year phase-in of CMMC requirements on DoD contracts will begin. Once CMMC is implemented, it will be a pre-award requirement at the level required by the DoD contract: CMMC L1 self-assessment, CMMC L2 self-assessment or certification, or CMMC L3 certification.

It is important to note that DoD cyber contracting requirements do not apply to commercial off-the-shelf and micro-purchases.

If you are a manufacturer that makes a product unique to DoD specifications, you most likely need CMMC Level 2. CMMC Level 2 takes many months to attain, so don’t wait to get started!

If you’re like many manufacturers, you may not know everything that is expected or even how to get started. To make this process easier Purdue MEP has assembled a team of cybersecurity experts to help ensure you are compliant with the standards described in NIST Special Publication 800-171. Additionally, you could attend one of our cybersecurity workshops to learn the DoD cybersecurity requirements, to be exposed to resources to help you become compliant, and to meet local cybersecurity providers.

Why is it important to determine the correct cyber compliance level for your company?

Determining the correct cyber compliance level for your company could potentially save tens of thousands of dollars and months of work. It is based on the information that you receive and must protect. Click here to learn more.

DON’T RISK BEING UNPREPARED. CALL TO SEE HOW WE CAN HELP.