Understanding and managing risk for all Information Technology (IT) is of paramount importance. The Department of the Air Force (DAF) office of the Chief Information Security Officer supports U.S. Air Force core missions by ensuring the cybersecurity and resiliency of systems, information, and staff, and provides information to help Small Businesses frame their Cybersecurity approach. 

Small Businesses can outline their efforts to address cybersecurity through preparation for a Risk Management Framework assessment and compliance with numerous federal regulations. The DAF will assist all information technology in the formulation of Cybersecurity Strategy. The Cybersecurity Strategy is a required acquisition document that details how a program will ensure the information technology can protect and defend itself from a cyber-attack. The DAF is migrating to the cloud and has aligned software development efforts towards Cloud One, Platform One, and Software Factors. It is important to establish your DevSecOps in a secure Cloud environment that meets your business needs. 

The Air Force office of the Chief Information Security Officer has outlined advice for small businesses in a memo titled “Cyber Security and Resiliency Information for Small Businesses”. Link:  https://www.safcn.af.mil/Organizations/CISO-Homepage/Small-Business-Innovation-Research-SBIR/

Also provided is a PowerPoint Cybersecurity and Information Security Plan template to help small businesses prepare for Air Force authorization of their IT system.  This assistance is to address the formulation of a holistic cybersecurity strategy and a list of Frequently Asked Questions.  
Link:  https://www.safcn.af.mil/Organizations/CISO-Homepage/Small-Business-Innovation-Research-SBIR/


Data Release to Small Businesses

Prohibiting improper disclosure of data is vital to national security. The memorandum linked below addresses existing policies and guidance for Small Businesses to reference in their responsibilities to keep Department of the Air Force data secure. The Department of the Air Force adheres to strict data exchange and security policies to guide in the use and release of data for contractors, civilian employees, and uniformed members of the United States Air Force, United States Space Force, the Air Force Reserve and Air National Guard.

In addition, DAF data exchange is tightly controlled. To keep data safe from improper disclosure or loss, every instance of data sharing with Small Business should be conducted in accordance with the most current Department of the Air Force guidance and at the direction of the local data office and/or the contract technical representative.

A disciplined approach to data protection, including enterprise attribute-based access control, allows the Department of the Air Force to maximize the use of data while also employing the most stringent security standards to protect the American people.  A good Department of the Air Force-Small Business contractor relationship begins with the proper release of data. Suitability for data release is determined in a security and policy review process; approval for release is obtained through the appropriate chain of command.

The Department of the Air Force office of the Secretary of the Air Force Chief Data Officer has outlined advice for small businesses in a memo titled “Release of Data to Small Businesses”. View the memo here

In addition, a list of Data Release FAQs can be found here



If you still have questions, ask them via the Air Force SBIR/STTR Help Desk at usaf.team@afsbirsttr.us.