A Georgia Tech-produced free instructional video that provides step-by-step guidance to government contractors seeking compliance with Department of Defense (DoD) cybersecurity requirements received the Outstanding Project Award from the Association of Procurement Technical Assistance Centers (APTAC).
The award, given annually, recognizes an accomplishment that stands out from the day-to-day activities that all PTACs organize and undertake.
The Georgia Tech Procurement Assistance Center (GTPAC), which produced the 20-minute video and related template for contractors’ use, accepted the award on March 7, 2018 at APTAC’s spring conference in Jacksonville, Fla. APTAC represents 98 procurement technical assistance centers across the United States and the U.S. territories of Guam and Puerto Rico.
GTPAC is an economic development program of Tech’s Enterprise Innovation Institute (EI2). It helps Georgia enterprises identify, compete for, and win government contracts. Funded in part through a cooperative agreement with the U.S. Department of Defense, GTPAC’s services are available at no cost to any Georgia businesses that have an interest and potential to perform work — as a prime contractor or a subcontractor — for federal, state, or local government agencies.
The video is accessible at this link: gtpac.org/cybersecurity-training-video. Its accompanying resources include a cybersecurity template for contractors’ use.
The video and template were funded through a cooperative agreement with the Defense Logistics Agency, and created with the support of the Georgia Institute of Technology. The content of the video presentation does not necessarily reflect the official views of, or imply endorsement by, the DoD, the Defense Logistics Agency, or Georgia Tech.
Both PTACs, which counsel businesses, and businesses themselves have heralded the video and template as valuable one-stop resources for existing contractors and aspiring DoD contractors alike. Since the 2017 launch of these training tools, 1,284 persons have viewed the video and downloaded the template 1,508 times.
Specifically, the video explains Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, including its key definitions and cyber obligations, including its primary requirement that defense contractors which process, store or transmit “covered defense information” must address 110 individual cybersecurity controls outlined in National Institute of Standards and Technology (NIST) Special Publication 800-171.
The 20-minute-video not only provides information on these requirements, but also provides specific guidance on how government contractors can achieve compliance with the DFARS clause and the NIST standards. The video guides government contractors on how they can perform a “self-assessment” of their information system using NIST’s Manufacturing Extension Partnership (MEP) Cybersecurity Self-Assessment Handbook.
One of the most creative and innovative aspects of the project is the 127-page cybersecurity template GTPAC created in conjunction with the video. The template provides step-by-step instructions on how government contractors can create a “Systems Security Plan” and “Plan of Action” — documentation necessary to achieve compliance.
“The resources we created come just as the DoD’s recent warning that it plans to request and evaluate cybersecurity plans from businesses as a part of the contract award decision-making process,” said GTPAC program manager Joe Beaulieu. “By providing the video and cybersecurity template, GTPAC’s objective is to make the process of achieving compliance much easier, especially for small defense contractors who may not have the resources necessary to develop such plans from scratch.”
The template makes the process of drafting the required documentation easier, as contractors merely have to fill in the blanks and answer specific questions, rather than work from a blank slate. While it is ultimately up to the contractor to meet the requirements and to fill in the blanks, GTPAC’s video and template provide contractors with an excellent starting point for assessing, achieving and documenting compliance.
In honoring GTPAC with the Outstanding Project Award, APTAC encouraged other PTACs to make use of the video, template, and resource materials. NIST recently provided similar encouragement to its nationwide MEP network — including the Georgia Manufacturing Extension Partnership (GaMEP) — in their work with U.S. manufacturers.
GTPAC coordinated the creation of the cybersecurity materials with GaMEP, which is a sister economic development program offered through Tech’s EI2.