Cyber Risk Management Frequently Asked Questions
Major update for our startup and small business community! The DOE SBIR/STTR programs are now managed by the DOE Office of Technology Commercialization (OTC) to streamline program administration and support technology commercialization. Please get started on your SBIR/STTR journey by visiting the Office of Technology Commercialization Website.
The FAQ is designed to help SBIR/STTR applicants/awardees understand and navigate questions related to the Cybersecurity (CS) requirement. The FAQ was developed based upon common questions asked by applicant/awardees during SBIR/STTR CS webinars. The FAQ addresses common questions regarding CS Performance Goal (CPG) implementation guidance, DOE SBIR/STTR application submission timelines, risk mitigation, as well as other topics. Whether you're just starting or looking to improve your understanding of the DOE SBIR/STTR CS Self-Assessment requirements, our FAQ provides practical insights and actionable steps to help smooth the process of completing the CS Self-Assessment and submission of your application.
The FAQ can be found via the following link: CS-Frequently Asked Questions_rev1
For the cybersecurity assessment, do we need any other documents beside the completed checklist?
No other documents are required at this time.
Some of the questions in the SBIR/STTR CS Self-Assessment are scoped and will be started in the next couple of months. Would that affect my submission?
Yes. Full implementation of the required 16 CPGs prior to application submission is highly recommended.
When will the SBIR/STTR Cybersecurity Training and learning resources be available?
Cybersecurity training will be available August 2024. Please refer to the Learning and Education Resources page for training schedules and updates.