Defense Department Enhances Cybersecurity Standards for Small Businesses
The U.S. Defense Department is progressing with its Cybersecurity Maturity Model Certification (CMMC) program, aiming to integrate cybersecurity requirements into defense contracts by 2025. This effort targets the defense industrial base, ensuring that contractors meet stringent cybersecurity protocols to protect sensitive information.
However, many small businesses need more resources to meet these cybersecurity requirements. The Army plans to introduce a pilot program called Next-Generation Commercial Operations in Defended Enclaves (NCODE) to address this. Speaking at the 2024 Association of the United States Army Annual Meeting and Exposition, Undersecretary of the Army Gabe Camarillo explained that NCODE will provide a secure environment for small businesses to collaborate and work on projects while remaining compliant with CMMC standards.
“This cyber-secure enclave will allow small businesses to perform tasks in a secure environment, reducing cybersecurity risks,” Camarillo said. “It ensures compliance with the department’s requirements, helping businesses overcome challenges in cybersecurity.”
Army Allocates Funds for NCODE Program
The Army has set aside approximately $26 million for fiscal years 2025 and 2026 to launch the NCODE initiative. The pilot program will create a secure, classified enclave where small businesses can collaborate, access workspace tools, and develop software securely. Camarillo emphasized that NCODE will help these companies mitigate risks and ensure their compliance with CMMC.
While the application process for NCODE is still being finalized, the Army’s Assistant Secretary for Acquisition, Logistics, and Technology is working out the details on how businesses can participate. “We expect to learn a lot from the initial phase and continue to refine the program based on feedback and effectiveness,” Camarillo said.
The Army recognizes the risks small businesses face due to limited capital and resources, making it crucial for such initiatives to help them succeed in a highly regulated cybersecurity environment.
DOD Programs Supporting Small Business Success
In addition to the Army’s efforts, the Department of Defense (DOD) has multiple initiatives in place to support small businesses in navigating government contracting and cybersecurity compliance. Farooq Mitha, director of the DOD Office of Small Business Programs, highlighted the success of the APEX Accelerator program, which helps companies understand how to do business with the DOD. APEX Accelerators also provide guidance on complying with CMMC and exploring new opportunities within the defense sector.
Mitha also discussed improvements to the DOD’s Mentor-Protege Program, which pairs small businesses with larger companies to expand their capabilities in the defense industrial base. Recent changes include reducing the revenue requirement for mentor firms from $100 million to $25 million, and allowing smaller businesses to serve as mentors. Additionally, a new pilot program offers up to 25% reimbursement to protege firms for engineering and software development costs.
“Small and medium-sized businesses can often mentor better than large corporations,” Mitha noted, explaining that the streamlined contracting timeline for mentor-protege agreements has been reduced to 60 days, significantly improving the process.
These efforts underscore the Defense Department’s commitment to supporting small businesses in meeting cybersecurity requirements and expanding their role in the defense industry.
