Naive small business owner looking for help

old.reddit.com / @/u/Jesse_Returns, https://old.reddit.com/user/Jesse_Returns

I've started a small single employee engineering/ manufacturing firm (brand new, zero revenue). I'm registered on sam.gov, sprs, dla/dibbs, have a cage code, have access to cfolders, etc.

I'm interested in gaining access to CUI on CFolders so I can review component drawings/ compile a study to better understand manufacturing requirements (tolerances, materials, etc) of various components. I'd like to put those statistics into a business proposal that I would take to lenders to justify the purchase of manufacturing equipment etc.

It's my understanding that the roadmap to getting access to CUI on cfolders involves submitting a SP800-171 score/ SSP in SPRS, and then submitting form 2345 to JCP. As far as I understand things, DLA/ JCP would then allow me to have access to CUI even if I have not yet implemented the various controls of SP800-171.

I'm a single employee business with an extremely limited budget. I've talked to a few IT companies that claim to specialize in DoD/ government compliance, and they all want to charge me $3-10k just to do a gap assessment/ essentially give me a blank SSP, which seems like a pretty terrible deal at first glance.

My questions for you are:

  • Am I correct in assuming that if I submit a low/ negative score in SPRS and have a mostly blank SSP, that I can still gain access to CUI to do my manufacturing study?

  • Am I greatly overcomplicating things by thinking I need to have a separate entity manage this all for me? I really wish I could just buy an IT solution that is tailor made/ vetted for a simple single employee business, and not have to spend tens of thousands of dollars to make it happen. Is that unrealistic?

I am a mechanical engineer by trade, know my way around modems/ routers/ firewalls etc. Are there any tailor made solutions out there that I'm just not seeing that can be purchased/ implemented by any joe schmoe and don't cost an arm and a leg to implement?

Appreciate any and all feedback. Really lost in all of this and I'm trying not to get fleeced of the money I've spent a long time saving up.

submitted by /u/Jesse_Returns
[link] [comments]

published 4 months ago


Previous

Authorizing a Cloud Service
published 4 months ago

Next

Clarification on Application Allow/Deny List (3.4.8)
published 4 months ago
See all items from the same source