The Georgia Tech Procurement Assistance Center (GTPAC) was honored this week by the Association of Procurement Assistance Centers (APTAC), the organization which represents 98 procurement technical assistance centers (PTACs) across the United States, Guam and Puerto Rico.
GTPAC was presented with APTAC’s Outstanding Project Award which annually recognizes an accomplishment that stands out from the day-to-day activities that all PTACs organize and undertake.
The project recognized by APTAC is GTPAC’s instructional video that provides step-by-step guidance to government contractors on how they can achieve compliance with Department of Defense (DoD) cybersecurity requirements designed to safeguard DoD information and report on cyber incidents.
GTPAC’s video and accompanying resources – including a template which contractors may use – are made available free of charge on the GTPAC web site at: http://gtpac.org/cybersecurity-training-video.
The video and template have been heralded both by PTACs, who counsel businesses, and by businesses themselves as valuable one-stop resources for existing contractors and aspiring DoD contractors alike. Since the launch of these training tools at the end of last year, 1,284 persons have viewed the video and downloaded the template 1,508 times.
Specifically, the video explains Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, including its key definitions and cyber obligations, including its primary requirement that defense contractors which process, store or transmit “covered defense information” must address 110 individual cybersecurity controls outlined in National Institute of Standards and Technology (NIST) Special Publication 800-171.
The 20-minute video not only provides information on these requirements, but also provides specific guidance on how government contractors can achieve compliance with the DFARS clause and the NIST standards. The video guides government contractors on how they can perform a “self-assessment” of their information system using NIST’s Manufacturing Extension Partnership (MEP) Cybersecurity Self-Assessment Handbook.
One of the most creative and innovative aspects of the project is the 127-page cybersecurity template GTPAC created in conjunction with the video. The template provides step-by-step instructions on how government contractors can create a “Systems Security Plan” and “Plan of Action” – documentation necessary to achieve compliance.
The resources GTPAC created are very timely in light of recent warnings from DoD that it plans to request and evaluate cyber plans from businesses as a part of the contract award decision-making process. If the video is carefully reviewed and the template is fully completed and properly filled out, contractors will be in a position to document their compliance with the DFARS cybersecurity requirements.
GTPAC program manager Joe Beaulieu points out that “by providing the video and cybersecurity template, GTPAC’s objective is to make the process of achieving compliance much easier, especially for small defense contractors who may not have the resources necessary to develop such plans from scratch.” Indeed, the template makes the process of drafting the required documentation easier, as contractors merely have to fill in the blanks and answer specific questions, rather than work from a blank slate. While it is ultimately up to the contractor to meet the requirements and to provide accurate information, GTPAC’s video and template provide contractors with an excellent starting point for assessing, achieving and documenting compliance.
In honoring GTPAC with the Outstanding Project Award, APTAC encouraged other PTACs to make use of the video, template, and resource materials posted at http://gtpac.org/cybersecurity-training-video. NIST recently provided similar encouragement to their nationwide network of MEPs in their work with U.S. manufacturers. GTPAC coordinated the creation of the cybersecurity materials with the Georgia MEP (GaMEP) which, like GTPAC, is a part of the Georgia Institute of Technology’s Enterprise Innovation Institute (EI2).
EI2 is Georgia Tech’s business outreach organization which serves as the primary vehicle to achieve Georgia Tech’s goal of expanded local, regional, and global outreach. EI2 is the nation’s largest and most comprehensive university-based program of business and industry assistance, technology commercialization, and economic development.
GTPAC is a state-wide program operated by EI2 under a cooperative agreement with the Defense Logistics Agency (DLA). In 2017, Georgia businesses won more than 5,000 government contracts – worth more than $1 billion – with GTPAC’s help. All totalled, GTPAC provided counseling, instruction, and bid opportunities to 2,548 Georgia businesses during the past year.