Cybersecurity Awareness Month 2023

OSBP is Raising Awareness and Supporting Small Business with Resources, Tools, and Training 

Cybersecurity Awareness Month was established twenty years ago by The President of the United States and U.S. Congress as a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity.

In recognition of the 20th anniversary this year, the Cybersecurity Infrastructure and Security Agency (CISA) announced a new cybersecurity awareness program, Secure Our World. This new program is designed to make cybersecurity a discipline we incorporate each and every day to protect ourselves when online or using connected devices. The program promotes best practices and behavioral change, with a particular focus on how to protect yourself, your family and your business from online threats.

The Office of Small Business Programs (OSBP) is partnering in this nationwide effort to raise awareness about the importance of cybersecurity, especially for small businesses who are seeking opportunities with the U.S. Department of Defense. Each week throughout the month of October we will focus on a specific cybersecurity concern relevant to small businesses seeking federal contract opportunities. Be sure to follow us on social media and check this page frequently for updates.

BASIC PROTECTIONS
Our campaign kicks off with a focus on the four pillars of CISA’s Secure Our World program:

• Using strong passwords and a password manager
• Turning on multifactor authentication
• Recognizing and reporting phishing
• Updating software

Department of Defense Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a program from the U.S. Department of Defense (DoD) that ensures contractors protect sensitive information. The program is designed to increase trust in compliance with National Institute of Standards and Technology (NIST) standards. 

The CMMC Program: 

• Enforces the protection of sensitive unclassified information shared by the DoD with its contractors and subcontractors
• Combines controls from NIST SP 800-171 and other sources
• Streamlines requirements to three levels of cybersecurity
• Applies to organizations supporting the DoD or higher education research institutions handling the following types of data:
  • Federal Contract Information (FCI)
  • Controlled Unclassified Information (CUI)
  • Covered Defense Information (CDI)

Get Help to Become CMMC Certified:

• Project Spectrum is a cybersecurity education, awareness, and compliance resource from the DoD Office of Small Business Programs to provide the tools and training needed to increase cybersecurity awareness and maintain compliance in accordance with DoD contracting requirements.
  
   

Project Spectrum

• Training Courses - Free of charge courses for small business to increase cyber knowledge and raise the overall level of cybersecurity hygiene. Registration required.
   
• Cyber Readiness Check - If you are handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) on your network or information systems, there are compliance standards you are required to meet. Taking one of our Cyber Readiness Checks will help you determine your current level of security based on NIST 800-171,Cybersecurity Maturity Model Certification (CMMC) Level 1 and CMMC Level 2 requirements. These readiness checks serve as a great first step in your cybersecurity journey. Registration required. 
   
• Cyber Readiness Check Training - Our Cyber Readiness Training videos cover all NIST 800-171, CMMC Level 1 and CMMC Level 2 controls in a fun and engaging way. Prior to taking one of our Cyber Readiness Checks, please take some time to enjoy these videos and prepare yourself to conduct your self assessments. Registration required. 
   
• Useful Tools - Independent, third-party assessment of various cybersecurity-related platforms prepared by our cyber advisors. These reviews are vendor-agnostic and should not be interpreted as an endorsement for any product or platform. Registration required. 

Cybersecurity Infrastructure and Security Agency (CISA) - Secure Our World Campaign

• Secure Your Business - No business is too small to be a target for online crime—the fact is, small businesses are much more likely to be targeted by cybercriminals than larger companies. Did you know that a majority of small and medium-sized businesses who suffer a cyberattack often close as a result? CISA recommends four simple steps you can take to make your business much safer from online dangers: 1) Teach Employees to Avoid Phishing; 2) Require Strong Passwords; 3) Require Multifactor Authentication; and 4) Update Business Software.

National Institute of Standards and Technology (NIST)

• NIST 5-Step Cybersecurity Framework - The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
   
• Enabling Multi-factor Authentication
  • Video: Multi-Factor Authentication
  • Small Business Cybersecurity Corner: Multi-Factor Authentication
  • Small Business Cybersecurity Corner Fact Sheet
  • NCCoE Buzz: Mobile Security Edition Series
     
• Using Strong Passwords and a Password Manager
  • NCCoE Fact Sheet: Securing Property Management Systems
  • Video: Password Guidance from NIST
  • Video: How Good are Kids at Making Passwords?
     
• Updating Software
  • Secure Software Development Framework 
  • National Vulnerability Database
  • National Software Reference Library (NSRL)
  • Software Assurance Metrics and Tool Evaluation (SAMATE)
  • Security Consideration for Code Signing Whitepaper
  • NCCoE One Pager: Securing Distributed Energy Resources
  • NCCoE Fact Sheet: Securing Distributed Energy Resources
  • NCCoE Project: Software Supply Chain and DevOps Security Practices
    ​
• Recognizing and Reporting Phishing
  • You've Been Phished (for individuals)
  • Introducing Phish Scale (for organizations)
  • Video: Protecting Your Small Business: Phishing
  • Small Business Cybersecurity Corner: Phishing
  • Small Business Cybersecurity Corner Fact Sheet
  • NCCoE One Pager: Protecting Your Data from Ransomware and Other Data Loss Events

National Cybersecurity Alliance

The National Cybersecurity Alliance’s CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.

Cybersecurity Infrastructure and Security Agency (CISA) 

Resources and messaging for organizations to use when talking with their employees, customers, and memberships about staying safe online are available from CISA, the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. 
 

National Institute of Standards and Technology (NIST)

Each week NIST is publishing a blog about one of the key focus areas of the 2023 Cybersecurity Awareness Month campaign. NIST has partnered with other federal agencies to help raise awareness about cybersecurity and engage with public and private sector partners through events and initiatives to raise awareness about cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.
 

National Cybersecurity Center of Excellence (NCCoE)

We collaborate with the public to serve the public. Our mission is to solve organizations’ most pressing cybersecurity challenges. Explore our guidance, engage with our teams, and learn more about how you can get involved today.
 

National Cybersecurity Alliance

Digital resources about cybersecurity and staying safe online for home, work, school, or throughout your community. The Alliance is a non-profit organization on a mission to create a more secure, interconnected world and they do this by creating strong partnerships between governments and corporations to amplify their message and to foster a greater “digital” good.
 

Project Spectrum

Project Spectrum is a comprehensive, cost-effective platform that provides companies, institutions, and organizations with cybersecurity information, resources, tools, and training. Our mission is to improve cybersecurity readiness, resiliency, and compliance for small/medium-sized businesses and the federal manufacturing supply chain.

Cybersecurity Infrastructure and Security Agency (CISA) - Secure Our World Campaign Partner Resources and Toolkit

CISA and the National Cybersecurity Alliance (NCA) have partnered to create resources and messaging for organizations to use when they talk with their employees, customers and memberships about staying safe online. To learn more about the campaign, visit cisa.gov/cybersecurity-awareness-month.

• Secure Our World Tip Sheets
• Animated Videos about the Four Ways the Stay Safe Online
• Cybersecurity Awareness Month Social Media Graphics