Cybersecurity

Funding Available for Cybersecurity Assessments for Indiana Small Businesses!

The Indiana Economic Development Corporation (IEDC), using a program funded by the U.S. Small Business Administration (SBA), is partnering with Purdue MEP to fund up to $250,000 in 2024-2025 for Cybersecurity Maturity Model Certification (CMMC) Level 1 assessments and implementation.

This opportunity is perfect for small companies, per SBA size standards, that need support to adopt foundational cyber practices and are unable to participate in the U.S. Department of Defense (DoD) contracting realm without it. However, this program is not limited to defense industrial base companies, it is open to any small business that wants to better protect their information!

Click here to learn more.  Funding is open now through August 2025 - or until funding runs out.

Funded through a Cooperative Agreement with the U.S. Small Business Administration.

Did You Know these facts about cybersecurity?

• 61% of experts in technology and policy predict a major cyberattack causing widespread harm will occur by 2025, according to a Pew Research Center report.
• $445 billion is lost annually to cybercrime and espionage across the entire world economy, according to the Center for Strategic and International Studies.
• 46,605 breaches of federal computer networks occurred in 2013 according to the US - Computer Emergency Readiness Team.

Now, do we have your attention?

All Department of Defense (DoD), General Services Administration (GSA), and NASA contractors must have met the Federal Acquisition Regulations (FAR) minimum cybersecurity standards as of December 31, 2017. If you are not compliant, your company is at risk of losing federal contracts.

On November 30, 2020, a second significant DoD cybersecurity contracting requirement became effective. The Defense Federal Acquisition Regulation Supplement (DFARs): Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) introduced three new DFARs clauses:

1. DFARS 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements
1. This clause provides the requirement for a cybersecurity assessment to be completed prior to contract award and score entered in the Supplier Performance Risk System (SPRS).
2. DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements
1. This clause includes the DoD assessment requirements for contractors.
3. DFARS 252.204-7021, Contractor Compliance with the Cybersecurity Maturity Model Certification (CMMC) Level Requirement
1. This clause describes the requirements for DoD’s new CMMC program.

CMMC will be gradually included in DoD contracts at a rate that is controlled by the Under Secretary of Defense for Acquisition and Sustainment. By October 1, 2025, all DoD contracts, except commercial off-the-shelf and micro-purchases, will require a Cybersecurity Maturity Model Certification prior to DoD contract award. This will be a “go/no-go” criteria in the selection process which means that your proposal will be rejected if it does not include the required CMMC level.

If you are a manufacturer who makes a product unique to DoD specifications, you most likely need CMMC Level 3. CMMC Level 3 takes many months to attain, so don’t wait to get started!

If you’re like many manufacturers, you may not know everything that is expected or even how to get started. To make this process easier, Purdue MEP has assembled a team of cybersecurity experts to help ensure you are compliant with the standards described in NIST Special Publication 800-171. Additionally, you could attend one of our cybersecurity workshops to learn the DoD cybersecurity requirements, to be exposed to resources to help you become compliant and to meet local cybersecurity providers. 

Purdue MEP’s experienced team has designed a comprehensive four-step cybersecurity program. This is intended to help you gauge your current situation, and then tailor a plan specifically for your company’s internal capabilities, budget, and time sensitivity.

Four-Step Cybersecurity Program:

• Step 1: Discovery – an assessment of your company’s practices related to the new standard. If necessary, a gap analysis will be completed to document the scope to be remediated.
• Step 2: Remediate to Meet New Standard – supports all fixes necessary for compliance. Sample work could include updating firewalls, patches, policy development, employee training, physical security, network configuration, etc.
• Step 3: Test and Validate – verifies all technology and physical security aspects are working properly.
• Step 4: Monitoring/Reporting – establishes ongoing monitoring and scanning of the required enterprise network. Creates a working process to log, remediate, and report (as required) cyberattacks.

Why is it important to determine the correct cyber compliance level for your company?

Determining the correct cyber compliance level for your company could potentially save tens of thousands of dollars and months of work. It is based on the information that you receive and must protect. Click here to learn more.

DON’T RISK BEING UNPREPARED. CALL TO SEE HOW WE CAN HELP.