Manufacturers need to meet cybersecurity standards in order to do business with the U.S. Department of Defense (DoD). Companies that do not work with DoD directly but are still part of the DoD supply chain also need to meet cybersecurity requirements.
Today, a clause in the Defense Federal Acquisition Regulation Supplement (DFARS) allows manufacturers to self-attest to their cybersecurity compliance according to the NIST SP 800-171 Special Publication (SP). In the future, companies will be required to meet an appropriate level of Cybersecurity Maturity Model Certification (CMMC).
Because CMMC adds a verification component to DFARS 252.204-7012, companies that do not meet the DFARS cybersecurity requirements described in NIST SP 800-171 risk losing their ability to bid on new contracts or to complete existing contracts. To prevent this from happening, New York State is offering assistance to qualifying companies and seeking to increase the number of NYS defense contractors who are compliant.
The Cybersecurity Cohort
Mohawk Valley Community College (MVCC) and the Advanced Institute of Manufacturing (AIM) have been awarded a DoD Cybersecurity Assistance Grant from Empire State Development (ESD) to help small-to-medium manufacturers, who are part of the DoD supply chain, learn how to perform a cybersecurity self-assessment based on NIST SP 800-171 and meet their current DFARS cybersecurity requirements.
Under this grant, AIM has partnered with FuzeHub to create a cohort of 320 DoD supply chain manufacturers that will receive cybersecurity assistance and training. There is no cost for qualified manufacturers to join this cohort. All of these cohort manufacturers will participate in an on-line training program that will provide instruction about how to perform a cybersecurity self-assessment. This training will be supplemented by a series of five webinars and three workshops across the state that are designed to provide cybersecurity education and awareness as well as to encourage DoD manufacturers to join the cohort.
Of these 320 cohort manufacturers, 67 will be eligible for a grant for a personalized cybersecurity risk assessment according to the DFARS cybersecurity requirements detailed in NIST SP 800-171. This assessment will be performed by AIM, the Manufacturing and Technology Enterprise Center (MTEC), or one of their subcontractors.
The maximum award amount is $6,000. All grant recipients are required to pay a minimum of 20% of the project costs. For example, if a project costs $7,500 and the company is awarded $6,000, the company must pay $1,500, which represents 20% of the total.
Manufacturers that receive cyber assistance grants must pay the required 20% amount directly to the service provider. The project must be completed by September 30, 2021.
How to Apply
Eligible manufacturers must apply here, on this website below, for membership in the cybersecurity cohort.
Are You A Manufacturer Looking To Learn More About How You Can Protect Your Business From Cyber Attacks?