Podcast Show Notes
2025-03-21 Federal Market Insights Episode 6 — Session Overview
WPI Podcast Episode 6 Summary
The goals of WPI Podcasts are to provide businesses and listeners insight and information related to doing business with the federal government. We discuss news items, regulations and topics that will provide background information, perspective and in general the type useful to those interested in expanding their federal work or entering the federal marketplace.
This episode’s main topic is Information Security Programs contractor should know. Our discussion focused on CUI, JCP and ITAR.
Before we begin that discussion, we would like to mention some interesting information that may be useful for companies interested in doing business with DoD.
The first item discussed was DoD’s 10 Steps to winning your first DoD contact. This resource can be accessed at https://business.defense.gov/ This resource provides many practicable and useable ideas such as Develop Your Network, Understand the Rules and Target your Market. These ideas are fundamental to business but are often overlooked. Compare your efforts with these strategies, identify gaps and implement appropriate actions for how to improve move forward.
If you have any questions on how to implement these steps, contact WPI’s main office.
In addition to discussing this useful document we highlighted several articles that mention the Defense Industrial Base (DIB) and challenges being addressed such as attracting and retaining small businesses, DLA investigating the use of AI to assist with Supply Chain Security and the growing importance of Space and Aviation in future conflicts.
For those interested, the articles reviewed can be accessed at the following links:
Contractors need to be aware of Information Security Program requirements that apply to information they possess, use and share.
Not only do they need to know about the rules and requirements related to specific programs, but they must also implement systems and procedures to provide the necessary cyber protection.
There are four principal types of information that companies are most likely to handle – possess, store or have pass through their system. They are Federal Contract Information (FCI), Controlled Unclassified Information (CUI), Export Controlled information (JCP and/or ITAR). Each type of information is sensitive for a variety of reasons and has specific security and safeguarding requirements. The goal of these programs is to secure the identified information so that it is not released to the public in any form – via conversation, print or digital.
Key to protecting the information is knowledge and awareness about the security requirements by all individuals who will be in contact with the information. Having only one person responsible for this shared task will not suffice. Leadership needs to be involved. Leadership needs to set the tone, set the example, function as a champion, build a team and provide the necessary funding to achieve the goal. An item that can be overlooked is to design systems that have redundancies, which include identifying staff to receive training for key positions.
Compliance cannot be achieved in silos. Communication is necessary. Information must flow with the goal of identifying issues and correcting them.
Companies need to ask broad questions such as what types of information do we possess, share and use. What are the origination points? What pathways or routes does the information travel. Can the information be shared and if so, what is required?