DOD plans free software tools to support cyber compliance by small biz

Ivan Cholakov/Getty Images

The Department of Defense wants to bolster the number of small contractors it does business with, so it's planning to debut a series of free software tools to make it easier to work with industry.

As the Defense Department focuses on increasing the number of small contractors in the defense industrial base, its Office of Small Business Programs is working on a series of software tools it plans to provide to industry to make it easier to do business with the federal government. 

Speaking at an enterprise information technology event hosted by AFCEA's northern Virginia chapter Thursday, Farooq Mitha, director of the Pentagon’s Office of Small Business Programs, said the office would be releasing a series of software tools later this year to assist on everything from better market intelligence for the acquisition workforce to operation security for small businesses. 

Mitha said the latter will become increasingly important as the DOD continues to develop its Cybersecurity Maturity Model Certification regulation, which would require contractors to possess certain levels of cybersecurity to compete for defense contracts.

“When I first came into this job, a company said to me, ‘Hey, DOD is rolling out CMMC, and I’m not going to be able to comply with this. It’s costly, there are a lot of different levels and it’s a barrier to entry,’” he said. “I wanted to make sure we were helping companies, at the earliest stage possible, get the resources they need to comply with not just CMMC, but the current [National Institute of Standards and Technology] 800-171 requirements.” 

Mitha said the rulemaking process for the anticipated regulation is still being developed following its revision in 2021, but that his office, through its Project Spectrum education and training initiative, would be deploying free downloadable tools "in the coming months" for small contractors handling the controlled unclassified information that CMMC is intended to protect.

“I think that small business operational security is critical,” he said. “When you [have] cyber and other types of intrusions, you lose [intellectual property], you have financial losses, we lose government data and nobody wins. So it’s on us to protect you.”

He added that the Office of Small Business Programs is still working out the details of a possible cost-sharing model with industry to determine what features the DOD would fund and what companies would pick up, but the goal would be to small businesses secure their systems and offset some of the cost compliance burden they would entail under CMMC.

Those forthcoming tools complement resources the Pentagon is already providing through Project Spectrum’s website, such as cyber readiness training, tool reviews, free access to cyber advisors and other resources. 

Outside of the CMMC compliance efforts, Mitha also said the Office of Small Business Programs was also working on new software tools to provide better market intelligence to the Pentagon’s acquisition workforce. 

“If we want to go out and find not companies that are just in the DOD marketplace, not just in the federal government marketplace, but new entrants, companies that have only been commercial business, we need to do better market research,” he said.

The new tools, expected to debut later this year, will support small business professionals, contracting officers, program managers and others to provide a wider view of the federal government and commercial landscape to identify more potential companies to do business with. 

Small business participation has declined precipitously in the past decade, with the number of small companies receiving a federal contract in fiscal 2022 representing roughly half of the 121,270 received in fiscal 2010.

A DOD memo earlier this year instructed officials to prioritize small business goals and contracting opportunities over best in class contract goals.