Cyber attacks are a growing concern for small businesses.
Learn about the threats and what you must do to protect data when contracting with the government.
Cyber-attacks disrupt business operations and put intellectual property and sensitive information at risk. In a 2018 report, the Council of Economic Advisers (CEA) estimated that malicious cyber activity costed the U.S. economy between $57 billion and $109 Billion in 2016. Another report by the Center for Strategic and International Studies (CSIS), in partnership with McAfee, states that about $600 billion, nearly one percent of global GDP, is lost to cyber-crime annually (Source).
Model Certification (cMMC)
In early 2020 the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification (CMMC).
This new guideline and certification process rolls in various cybersecurity standards and best practices into one multi-level framework to ensure cybersecurity is met at the appropriate level across all federal acquisition processes.
All companies interested in contracting with the DoD, including subcontractors, must be certified through an accredited independent third party organization and expected to see CMMC levels incorporated into Requests for Information as early as June 2020.
department of defense resources:
- Cybersecurity Maturity Model Certification
- Cybersecurity resource webpage
- Project Spectrum
- Other resources
While PTACs are not certifiers, PTAC counselors are able to help clients who are DoD Primes and Subs step through the Level 1 requirements as they are not highly technical. For higher levels of certifications, PTAC counselors are able to guide clients through the framework and available tools and refer them to other accredited independent third party organizations.
For further assistance contact your Procurement Specialist or Apply for services.
Below are links to learn more about the risks of cyber-attacks, self-assessment tools, and the latest regulations.
- CMMC Model and Assessment Guides | Department of Defense (DoD)
- Readiness Review Level 1 | APEX Accelerator at Del Mar College (Coming Soon)
- Supplier Performance Risk System (SPRS) | Department of Defense (DoD)
- CMMC Maturity Level 1 (ML1) Questionnaire | RD Risk Advisors, LLC.
- Cybersecurity Requirements Worksheet | Norcal APEX Accelerator (Coming Soon)
- Assessing Security Requirements for Controlled Unclassified Information (PDF) | National Institute of Standards and Technology (NIST)
- Assessment & Auditing Resources | National Institute of Standards and Technology (NIST)
- Cybersecurity Resources for Manufacturers | National Institute of Standards and Technology (NIST)
- Small Business Cybersecurity | Small Business Administration (SBA)