How TABA Funds Can Strengthen Your SBIR/STTR Proposal

In today’s competitive SBIR/STTR atmosphere, companies are always looking for a way to stand out and strengthen their proposal submissions. One way to do this is with the use of TABA funds. This blog post covers everything you need to know about using TABA funds and how Ingalls's services can help you better adhere to government cybersecurity standards.

What are TABA Funds?

In today’s competitive SBIR/STTR atmosphere, companies are always looking for a way to stand out and strengthen their proposal submissions. One way to do this is with the use of TABA funds. TABA stands for Technical and Business Assistance fund and was created by the 2019 John McCain National Defense Authorization Act (NDAA) as a way to assist small businesses commercialize innovative technologies coming out of the SBIR/STTR program. Therefore, TABA helps you get additional funding over and above the SBIR/STTR grant budget cap to help pay for any commercialization and business costs not included in your SBIR/STTR proposal. The commercialization plan required by the Broad Agency Announcements (BAA) for the SBIR/STTR is usually one of the proposal evaluation criteria and therefore any efforts to strengthen the proposal in this area can give a company a better chance at receiving an award.

• Phase I - Up to $6,500
• Phase II - Up to $50,000

These funds are in addition to the SBIR/STTR award amount and will not reduce the amount of maximum award for the technical effort in the SBIR/STTR. A few agencies are selecting funding limits for the TABA funds that are below these limits, and that is acceptable. As an example the Department of Transportation has put limits on their TABA funds that are below these maximums defined by the 2019 NDAA (DOT Phase I limit is $5,000 and Phase II limit is $13,000). Some agencies do not allow for TABA.  The BAA will normally include specific guidance on the TABA funds for the specific proposal.

The request for TABA funds are evaluated separately and does not affect the selection criteria for the merit of the SBIR/STTR award.

The National Science Foundation (NSF) further defines TABA funds for SBIR/STTR awardees from this agency as follows (each agency posts their own definition):

1. The identification and development of customers for the NSF-funded technology;

2. Providing advice on financing strategy and fundraising from the private sector;

3. Establishing strategic partnerships with relevant stakeholders;

4. The evaluation and protection of intellectual property;

5. The evaluation and establishment of regulatory and reimbursement strategy; and/or

6. Other activities that will accelerate or strengthen the commercialization case for the underlying technology.

The TABA funds are issued to help commercialize technologies sponsored by the SBIR/STTR with tasks outside of the research and development funds of the proposal budget. TABA funds are issued by each agency and this additional funding must be used to help in the areas that lead toward commercialization. These funds must be spent with a third party expert to provide these services for the company (either a vendor recommended by the agency or one selected by the awardee and approved by the agency). The funds cannot be spent internally in the awardee's company. 

How Can Ingalls Help?

Ingalls can assist as a cybersecurity expert to provide activities that will accelerate and strengthen the commercialization case for innovative software technology. This will allow the government evaluators to recognize that your company will invest in the critical area of cybersecurity. These evaluators will be able to see that important taskings have been built in your proposal that allow the company to work toward government cybersecurity standards:

We offer the following services that can be paid with TABA funds:

1. CMMC
   
   CMMC’s key objective is to enhance the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the supply chain. Because you’re likely to handle these information types as a DIB supplier, specific safeguarding requirements are outlined by CMMC to keep them secure. CMMC reviews and combines various cybersecurity standards and best practices, making it a comprehensive verification mechanism for effective security.
   
   In order to win future contracts with the DoD, you must adhere to the specific cyber hygiene level your contract requires. Three levels currently exist, where 1 represents basic hygiene and 3 represents advanced and resilient cyber risk programs. CMMC readiness activities are already underway, where most are in the process of compliance planning for Level 1 cyber hygiene. To conform with Level 1, each Government Contractor known as an Organization Seeking Certification (OSC), must demonstrate conformance with 17 safeguarding controls from the National Institute of Standards and Technology Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Systems and Organizations” and self-Attest annually. While level 2 DIBs that create, process, store or transmit CUI will have to comply with all 110 controls from NIST SP 800-171 and either self-attest annually or receive a CMMC from a C3PAO. Level 3 DIBS must comply with Level 2 requirements and additionally comply with NIST SP 800-172 requirements.
   
   Ingalls is a Registered Practitioner Organization (RPO).  An RPO is an organization that chooses to have a consultative relationship with the Government Contractor. An RPO will employ accredited people that can help in pre-gap reviews and recommend strategies and tactics to remediate those gaps.
   
   Ingalls is registered with the CMMC and appears on the CMMC marketplace.
   
   

2. RMF/ATO Support
   
   The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) is a 7-step process that organizations can use to manage information security and privacy risk for organizations and their systems. All DoD information systems must undergo the RMF process to achieve an Authorization to Operate (ATO).
   
   Navigating the RMF/ATO process is exhaustive, resource-intensive, and often not considered until the system or application is ready to deploy, significantly delaying timely delivery of today’s technology to the warfighter.
   
   Ingalls understands the ATO challenge, so much so that we have developed CSAR, our ATO preparation software that will help users be positioned for ATO success. An ATO may be required to go from a SBIR Phase II to a Phase III for software development and definitely prior to going commercial.
   
   

3. Security Awareness Training
   
   Cybersecurity awareness training is critical in minimizing the serious cybersecurity threats posed to end users by phishing attacks and social engineering. Key training topics typically include password management, privacy, email/phishing security, web/internet security, and physical and office security.
   
   Ingalls performs simulated social engineering that evaluates the knowledge employees have of social engineering tactics, as well as employees’ ability to successfully identify and respond to threats
   
   Ingalls will manage interactive, browser-based initial, remedial, and annual training to ensure that employees are able to recognize or react appropriately to information security threats and incidents.
   
   

4. Penetration Testing
   
   Penetration testing is the practice of actively simulating an attack on systems to identify vulnerabilities that an attacker could exploit. By performing regular penetration testing, an organization can proactively identify and address potential vulnerabilities before they can be exploited by malicious actors.
   
   Ingalls offers Web Application Penetration Testing (WAPT), Internal Penetration Testing (IPT), and External Penetration Testing (EPT).
   
   

5. Code Testing and Analysis
   
   Ingalls will perform a Static Code Review that will identify any insecure pieces of code which may cause vulnerabilities in the vital records application. Ingalls’ static code review will highlight any weaknesses that could lead to unauthorized access, areas of deficient configuration that could lead to an undetected attack, and/or noncompliance with best practices and organizational security policies.
   
   Ready to strengthen your SBIR/STTR commercialization plan and build a stronger cyber defensive posture to meet government cybersecurity standards? Learn more about our government programs and professional services by replying directly to this email or filling out a contact form.