Latest news with #SPRS
Time of India
04-07-2025
- Business
- Time of India
Need to enhance outreach of NSIC, NSSH schemes across Maharashtra: MSME Minister Manjhi
In an outreach to promote Micro, Small and Medium Enterprises (MSMEs) in Maharashtra, Jitan Ram Manjhi , Union Minister for MSME , visited the NSIC Office in Mumbai on Friday. The Minister participated in a plantation drive and presided over a function organised for distribution of Single Point Registration Scheme (SPRS) certificates under the National SC-ST Hub ( NSSH ) and NSIC the gathering, the Minister stated that the MSMEs are the vibrant and dynamic part of Indian economy and plays a crucial role in nation's growth, it highly contributes to the employment generation and emphasized the need to enhance the outreach of NSIC and NSSH schemes across Maharashtra, ensuring that more MSME units, especially from marginalized and underserved communities, benefit from Ministry of MSME schemes. He reaffirmed the government's commitment to building a stronger MSME ecosystem through better market access, financial support, and capacity development. The Minister motivated the entrepreneurs to contribute more in the GDP of the event marked a vibrant display of government commitment towards fostering MSME growth and inclusivity. It was attended by Mercy Epao, Joint Secretary - SME, Ministry of MSME; Subhransu S Acharya, Chairman-cum-Managing Director, NSIC; and other senior officials from the Ministry of MSME including MSME Development and Facilitation Office (MSME-DFO) and Khadi and Village Industries Commission (KVIC).During the programme the SPRS certificates to selected MSME units were distributed and an interactive session where the Minister engaged directly with entrepreneurs and assured them of continued government support.
Technical.ly
17-02-2025
- Business
- Technical.ly
Hoping to score a federal contract during the Trump years? Prepare your security plans now
This is a guest post by Will Sweeney, managing partner at data privacy and cyber risk consulting firm Zaviant. With a new administration now in office, cybersecurity is likely to take center stage as overall national security efforts become increasingly prioritized. As a result, we will continue to see stricter cyber policies from the US government, some of which will have a direct impact on federal contractors. For example, the Pentagon recently posted the final rule for the Cybersecurity Maturity Model Certification 2.0, solidifying their plans to implement new cybersecurity standards for contractors later this year. To avoid business disruptions, it's essential that companies align their cybersecurity programs with evolving standards. Here's how your businesses can strengthen their privacy and security protocols to stay secure and hopefully land more deals with the government in 2025 and beyond. Document how you follow current protocols Any contractor working with the US government should create and maintain a comprehensive system security plan (SSP). It's not just best practice — it's a requirement under frameworks like NIST SP 800-171 and the Federal Acquisition Regulation clauses. This document outlines how your company protects sensitive government data, covering all aspects of system design, data handling and security controls. It demonstrates your company's commitment to data security if legislators crack down. Preparing this plan takes a few key steps like defining the scope of the SSP, gathering existing documentation, conducting a gap analysis, closing any gaps, drafting the SSP and reviewing and validating it. Furthermore, all prime contractors and their subcontractors will need a Cybersecurity Maturity Model Certification (CMMC) if they do business with the Department of Defense (DOD). Having an SSP will be helpful here because CMMC requires your business to have an SSP to satisfy the requirements for systems where Controlled Unclassified Information (CUI) is stored or shared. Check your current protocols against government best practices Ahead of enhanced cybersecurity protocols, all government contractors should take a serious look at their current program. This is best done through a gap analysis, an assessment that compares your existing security controls against industry standards. For example, companies can anticipate that they'll need to comply with frameworks like NIST 800-171, which is widely adopted by US government contractors to ensure that CUI is properly protected. The framework provides a set of 14 families of security requirements, covering everything from access control to incident response. By assessing your company's compliance with these standards, you can identify any gaps or deficiencies in your security posture ahead of any upcoming changes. Find out your SPRS score Once you have a solid grasp of your security program's current state, it's time to focus on your Supplier Performance Risk System (SPRS) score. The SPRS score is a measure of your compliance with the Defense Federal Acquisition Regulation Supplement clause 252.204-7012, which requires defense contractors to report their compliance with NIST 800-171. Contractors are required to input their compliance status into SPRS, and the resulting score is used by government agencies to assess the risk level of contracting with your company. A higher SPRS score indicates a strong cybersecurity posture, which is likely to become increasingly important moving forward. If you don't have an acceptable score, you may not be able to do business with the government until you improve it by fixing the gaps it points out. Outline a plan to fix any gaps and comply with future regulations When conducting a gap analysis, you're likely to uncover areas where your security program falls short of government requirements. This happens, but it's important to address these gaps by creating a Plan of Action and Milestones (POA&M) document, which serves as a roadmap for outlining the steps, responsible parties and timelines for achieving compliance. The document should prioritize actions based on risk levels and ensure that milestones are met to demonstrate progress. The POA&M is particularly important for contractors working with the DOD because it shows what gaps are in place and gives specific timelines on when those gaps will be closed. Follow through on your plans to improve Once your POA&M is in place, it's time to work toward improving your security maturity and increasing your SPRS score. This involves addressing the gaps identified during the assessment and executing the corrective actions in your POA&M. Improving your security maturity may involve regularly reviewing and refining your security policies and procedures in response to new regulations, implementing automation where possible to streamline compliance activities, training staff on cybersecurity best practices and engaging third-party auditors to assess the effectiveness of your program. Make sure your other vendors are in compliance, too Government contractors are responsible not only for their own data security but also that of third-party vendors they engage to support their business. Flowing down government requirements is crucial to ensure that your entire ecosystem of contractors and subcontractors meets the necessary standards to protect sensitive data. To accomplish this, companies should clearly communicate security expectations to third-party vendors, ensure that they are compliant with NIST 800-171 and other relevant frameworks, and include compliance requirements in contracts.
