Blue Cyber Education Series

As small businesses drive innovation and support the Department of the Air Force (DAF) missions with cutting-edge technologies, it is vital we work together to protect DAF sensitive data and networks.  Failure to protect our sensitive data will put service members and military missions at risk.  We must match the aggressiveness of our cyber adversaries with radical teamwork to bring our small businesses up-to-speed in the most modern methods for comprehensive protection of DAF sensitive data and networks.

The DAF CISO Office Blue Cyber education series is the early partnership with the Defense Industrial Base (DIB), which enables small businesses to bake-in cybersecurity and move forward at the speed of innovation.  Pairing small businesses with the most modern cyber protection methods in the industry, better positions DIB small businesses to protect sensitive information and networks just  soon as they have a contract to innovate for the DAF.  Small businesses are equally vulnerable to cyber threats and may have fewer resources than larger businesses with which to counter cyber threats. The key to protecting our DAF Airmen and Guardians in the exercise of their missions is getting an early start embracing our common cybersecurity and data protection goals by working together to create layered cyber defenses for the DIB small businesses.

The Blue Cyber Education Series can be found on the DAF CISO public website


Understanding and managing risk for all Information Technology (IT) is of paramount importance. The Department of the Air Force (DAF) office of the Chief Information Security Officer supports U.S. Air Force core missions by ensuring the cybersecurity and resiliency of systems, information, and staff, and provides information to help Small Businesses frame their Cybersecurity approach. 

Small Businesses can outline their efforts to address cybersecurity through preparation for a Risk Management Framework assessment and compliance with numerous federal regulations. The DAF will assist all information technology in the formulation of Cybersecurity Strategy. The Cybersecurity Strategy is a required acquisition document that details how a program will ensure the information technology can protect and defend itself from a cyber-attack. The DAF is migrating to the cloud and has aligned software development efforts towards Cloud One, Platform One, and Software Factors. It is important to establish your DevSecOps in a secure Cloud environment that meets your business needs. 

The Air Force office of the Chief Information Security Officer has outlined advice for small businesses in a memo titled “Cyber Security and Resiliency Information for Small Businesses”. Access the memo at the DAF CISO public website.

Also provided is a PowerPoint Cybersecurity and Information Security Plan template to help small businesses prepare for Air Force authorization of their IT system.  This assistance is to address the formulation of a holistic cybersecurity strategy. Access the Security Plan template and a list of Cybersecurity FAQs at the DAF CISO public website

Data Release to Small Businesses

Prohibiting improper disclosure of data is vital to national security. The memorandum linked below addresses existing policies and guidance for Small Businesses to reference in their responsibilities to keep Department of the Air Force data secure. The Department of the Air Force adheres to strict data exchange and security policies to guide in the use and release of data for contractors, civilian employees, and uniformed members of the United States Air Force, United States Space Force, the Air Force Reserve and Air National Guard.

In addition, DAF data exchange is tightly controlled. To keep data safe from improper disclosure or loss, every instance of data sharing with Small Business should be conducted in accordance with the most current Department of the Air Force guidance and at the direction of the local data office and/or the contract technical representative.

A disciplined approach to data protection, including enterprise attribute-based access control, allows the Department of the Air Force to maximize the use of data while also employing the most stringent security standards to protect the American people.  A good Department of the Air Force-Small Business contractor relationship begins with the proper release of data. Suitability for data release is determined in a security and policy review process; approval for release is obtained through the appropriate chain of command.

The Department of the Air Force office of the Secretary of the Air Force Chief Data Officer has outlined advice for small businesses in a memo titled “Release of Data to Small Businesses”. View the memo here

In addition, a list of Data Release FAQs can be found at the DAF CISO public website.


Please direct any questions or research on DAF Cybersecurity or Data Protection to the DAF CISO Office, kelley.kiernan@us.af.mil.



Education Series Links