CybersecurityEDGE

Grant Guidelines for GDEcD Cybersecurity Grant for CURRENT Defense Contractors

This is a grant opportunity to assist EXISTING Georgia Defense Contractors in complying with the Interim DFARS rule 2019-d041.  GDEcD has contracted with Cyber Security Solutions, Inc. (CSS)  (https://securedbycss.com/) to complete assessment scans of grantee organizations. Scope of services is limited to the Georgia offices of each company. The applications will be approved on a rolling basis, so GDEcD encourages eligible organizations to apply as early as possible while funding is available. 
 
The non-invasive assessment scan does not interfere with the grantee organization’s daily operations, and no data will leave the corporate network at any time. Prior to starting the assessment scan, CSS and the grantee organization will sign a Mutual Non-Disclosure Agreement.  CSS will need the grantee organization to establish an administrative account for tracking and scanning purposes. This will ensure the grantee organization can identify what was done within the network by CSS for any future auditing purposes.
 
CSS will install an agent on the organization’s server (domain controller) where the scanner engine will be installed. The automated assessment scan can be completed remotely, takes 48 hours to complete, and requires a total of 1 hour of “touch time” with the grantee organization, which is spent answering physical security questions and uploading the scan results into the SPRS website. CSS will produce documentation required to meet the Interim DFARS rule case number 2019-d041 compliance requirements. Within the Final Report and Summary delivery, CSS will detail potential solution paths for Interim DFARS rule case number 2019-d041 remediation and CMMC compliance solutions. CSS will share all results utilizing a secure link within a FedRAMP approved cloud environment as the results of the assessment scan are considered Controlled Unclassified Information (CUI).
 
After completing the scan, the following deliverables will be provided to the grantee organization:

  • DoD Assessment Scoring Template – A completed scorecard showing the grantee organization’s compliance score ready for upload into the Supplier Performance Risk System (SPRS) website. (The final upload into the SPRS website must be completed by the grantee organization, and a screenshot of uploaded score completion (redacted to show only the name of the company, and upload completion, but not the score) must be provided to CSS in order to avoid liability for full cost of the assessment).
  • System Security Plan (SSP) – A full SSP will be provided outlining the network layout, system identification, system environment, and documenting fully implemented security controls/practices.
  • Plan of Actions and Milestones (POAM)- The POAM will identify the system's known weaknesses and security deficiencies, and describe the specific activities the grantee organization, or its provider will take to correct them.
  • DoD SPRS Upload – CSS will assist the grantee organization in uploading the necessary documentation into the SPRS website in order to meet Interim rule 2019-d041 compliance requirements.
  • CMMC Compliance Dashboard Access – A comprehensive CMMC compliance dashboard will be provided to the grantee organization for 1-year after the delivery of results for compliance implementation and tracking.
  • Final Report and Summary – A final report will be provided to support oversight of the Interim rule 2019-d041 compliance and discuss potential paths forward.

 
GRANT ELIGIBILITY CRITERIA
In order to be eligible for this grant, organizations must:

  • Be registered with the Georgia Secretary of State under the business name provided in the application
  • Currently have an active DoD contract, or have had a DoD contract with an expiration date within the last 6 months.
  • Have needed documentation, and artifacts available to share with CSS upon signature of grant acceptance, and have the ability to complete all work by 30 August 2021 (New Client Information).

Additionally, applicants for this grant certify that they:

  • Will provide all needed demographic and network information to CSS, including but not limited to IT environment information, current certification information, the number of devices in the environment, completed data mapping of Federal Contract Information (FCI).
  • Understand that their contact information will be shared with CSS and that they will need to complete a Mutual Non-Disclosure Agreement (NDA) to be signed by CSS and the grantee organization. Will enter into a three-party grant agreement with GDEcD and CSS.
  • Understand that they will be required to pay an initial payment of $500 to begin the process.  In most cases, GDEcD will cover the remaining costs for the assessment, provided that the grantee organization uploads its score to SPRS and provides proof of the same. In the event that the grantee organization does not complete the assessment, upload its score to SPRS, or provide proof of score upload, the grantee organization will be liable to CSS for the full cost of the assessment ($6,200). 
  • Are willing to work with CSS to complete an SSP (Systems Security Plan) and POAM (Plan of Action and Milestones) within grant timeline, and are willing to work with CSS to determine the date of POAM completion and other necessary collaboration.
  • Agree to submit documentation of SPRS submission through the Procurement Integrated Enterprise Environment (PIEE) to CSS via a redacted document or image. (Such as redacted screenshot of SPRS submission showing company name and date of submission)