Ten Small Business Development Centers to help DoD understand impact of Cyber Security Maturity Model Certification (CMMC) on small businesses
The Department of Defense is determined to do everything it can to protect itself and our nation by taking an aggressive stance in cyber warfare.
As a result their Chief Information Security Officer is mandating all contractors and supply chain members be certified against the Cybersecurity Maturity Model Certification currently being created by a collaborative effort with Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University Software Engineering Institute, Defense Industrial Base Sector Coordinating Council (DIB SCC), Office of Small Business Programs, and others.
Draft v.4 of the CMMC can be found here: https://www.acq.osd.mil/cmmc/draft.html
Contact us at via email: firststeps at ammericassbdc dot org
or by phone at: two zero two – eight three nine – five five six three
The ASBDC has raised a concern about the impact of on small businesses and will help the DoD understand it and contribute to the effort by supporting small businesses by reducing the economic burden of this new program on them.
A select group of SBDC’s with a high concentration of defense and supply chain contractors have agreed to participate in a series of initial training sessions utilizing the NIST 800-171 curriculum created by University of Texas San Antonio for consistency. Because of the nature of this effort we will use an assessment tool hosted on a FedRAMP secure cloud. These centers host DoD Procurement Technical Assistance Centers who are now positioned to identify companies and inform them of this mandate.
Our role is to help businesses make informed business decisions not set up their routers and other activities which are technical in nature. Local and national resources will help with that.
We need to maintain our business relationship and help businesses access capital and help them understand this needs to be something addressed in their business plans and policies as well as daily activities.
Once the initial classes are finished, we will summarize lessons learned and best practices and move on to a much wider distribution. We will also offer Webinar based offerings in order to reach the mass numbers who need to do this.