Michigan Defense CyberSmart Guide
A Cybersecurity Compliance Program


The Michigan Defense Center is offering Michigan’s small and medium-sized defense contractors a comprehensive one-stop shop to DoD cybersecurity compliance to save this nation’s federal supply chain—and your business.

Reduced pricing on your Gap Analysis along with grants to get you to the appropriate level of the Cybersecurity Maturity Model Certification (CMMC) makes this a unique program and is only offered to Michigan companies!

Direct contractor or sub, small, medium or large, every company is required to meet these mandates to continue current or bid on new contracts. There are no waivers. Get started now.


The Michigan Defense Center (MDC/MEDC) has pre-qualified Michigan contractors to provide cybersecurity technical services to assist with the implementation of the requirements in National Institute of Standards and Technology Special Publication (NIST SP) 800-171 required for meeting DFARS 252.204-7012 requirements, and direction on CMMC compliancy for all United States Departments of Defense (DoD) and Homeland Security (DHS) contracts and work in the federal supply chain.

CyberSmart Phase 1: Michigan small and medium-sized businesses can contract with the pre-approved vendor list to develop gap analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward compliance and Cybersecurity Maturity Model Certification (CMMC). The gap analysis allows companies to submit to SPRS and other requirements.

CyberSmart Phase 2: After completing Phase 1 by completing a Gap Analysis with a pre-approved vendor, up to $22,500 in grant funding is available to address any deficiencies in their IT infrastructure, and become fully compliant with DoD cybersecurity requirements for all contractors.



MDC/MEDC knows that some small and medium sized companies don’t have the time to attend classes or prefer to learn requirements hands-on.

The MDC has created a Self-Assessment Tool in the Bid Targeting System environment that can be used prior to selecting a vendor to complete the Standardized Gap Analysis. It is a preliminary NIST 800-171 self-assessment tool to help you familiarize yourself with the process leading to cybersecurity compliance and help you understand what you will need to know to get compliant and eventually CMMC certified.

There are other Organizations directed by the federal government to help educate you or provide resources for you. We encourage you to check out as many of them as you can to help you understand how NIST 800-171 and CMMC impact your business.

Michigan Manufacturing Technology Center (MMTC)

Procurement Technical Assistance Center (PTAC)

Bid Targeting System

Self-Assessment Tool

Complete the NIST 800-171 self-assessment for a general IT infrastructure gap analysis.


PHASE 1 -- Starting from the Beginning, NIST 800-171 Compliance

The Michigan Defense Center’s Michigan Defense CyberSmart Phase I provides Michigan businesses with the ability to contract with a pre-approved cybersecurity vendor to provide you with a NIST 800-171 gap analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward compliance and Cybersecurity Maturity Model Certification (CMMC).

The Michigan Defense Center (MDC) and Michigan Economic Development Corporation (MEDC) called for Michigan cybersecurity consultants who proved their experience in providing NIST 800-171 gap analysis. The Vendors below provided to MDC/MEDC references, sample gap analysis reports and have agreed to a set fee of $1500.00 to conduct on-site evaluations for Michigan’s small and medium sized defense suppliers and primes. The deliverable will be an understandable, standardized report and directions for next steps as well as how to register in the federal Supplier Performance Risk System (SPRS)  if needed. The SPRS Quick Entry Guide can be found here.


  • COLT Cyber Security Consultants
  • Securely Yours LLC
  • The Mako Group
  • Dewpoint
  • CyberForce|Q
  • LaScala
  • ICS Data
  • Praetorian Secure
  • B. Riley Advisory Services
  • TECH LOCK Inc.
  • Brightline Technologies
  • Global Solutions Group, Inc.
  • Systems X

The next step to Compliance is to fill out a Plan of Action Milestone/Mitigation (POAM) and a System Security Plan (SSP). You will use the Gap Analysis Report as the content to fill out the POAM and SSP and make progress toward achieving DFARS 252.204-7012 compliancy.

  • You can download online templates HERE and try it yourself
  • You can engage a consultant to assist you
  • You can utilize one of the Vendors on the Vendor Referral list to assist you

Once your company has completed the gap analysis report, POAM and SSP, you are invited to check the Cybersecurity box on your Bid Targeting System (BTS) profile to indicate that your company is actively pursuing DFARS 252.204-7012 compliancy. This update will make it easy for the state to share your cybersecurity status with federal and prime partners looking to fulfill supply chain needs.

Eligibility Requirement:

  • Applicant must be a Michigan-based business.

PHASE 2 -- Cybersecurity Maturity Model Certification (Levels 1,2,3)

Yes, the federal government is still developing the details of CMMC, but, make no mistake—your company will have to be certified in the coming years and working towards that now will position you for future contracting.

The Michigan Defense Center has brought together resources from around the state to assist you in remediating the gaps found in your Gap Analysis and contained on your POAM and SSP. If you need help getting to the next level of compliance; CMMC levels 1,2 or 3, Check out these Michigan based resources.

  • Michigan Manufacturing Technology Center (MMTC) 
    The Michigan Manufacturing Technology Center has assembled a team of cybersecurity experts to determine if you are compliant with the requirements described in NIST Special Publication 800-171. The Center’s experienced team has designed a comprehensive four-step cybersecurity program. We will help you gauge your current situation and tailor a plan specifically for your internal capabilities, budget and time sensitivity.
  • University of Michigan’s Economic Growth Institute (EGI) Concierge Service. MDC has worked with EGI to offer a counseling session that will help you determine your next steps and can connect you to an EGI database of Cybersecurity Service Providers identified in their Defense Cybersecurity Assurance Program (DCAP).

These vendors can assist you in completing items your Plan of Action and Milestones (POAM), System Security Plan and Remediation tasks.

Counseling and updates on CMMC audits and level certifications should be part of your interaction with these or other Cybersecurity Service Providers.

PHASE 3 -- Michigan Defense Remediation Grant

The Michigan Defense Center/Michigan Economic Development Corporation will be offering grants to Michigan Defense Contractors to assist in hiring consultants to offer technical assistance to get you through your remediation tasks leading to CMMC level 1,2,3.

Eligibility Requirement:

  • Registered in System for Award Management as a Michigan Company
  • In good standing with the State of Michigan
  • A standardized gap analysis report from the Michigan Defense Center Vender Referral List
  • Average Bid Targeting System (BTS) score of at least 50
  • Completed POAM and SSP
  • Bid Targeting System (BTS) firm profile is updated with the Self-Certification box checked showing NIST Compliance


Vendors have demonstrated experience and examples of successful consulting efforts in assisting small or medium-sized companies in achieving cybersecurity compliance in accordance with NIST 800-171 and DFARS requirements, including DFARS clause 252.204-7012.

COLT Cyber Security Consultants, LLC
Mark Tellier
(616) 581-3894
View Details
Securely Yours LLC
Sajay Rai
(248) 723-5224
View Details
The Mako Group
Shane O’Donnell
Chief Audit Executive

(313) 769-8506, ext. 401
View Details
Silas Olson
(313) 670-1276
View Details
Terrie Mathison
(248) 837-1242
View Details
Dan Marietta
(734) 659-4131
View Details
ICS Data
Rick Tice
View Details
Praetorian Secure
Brent Bernard
brent.bernard@prae toriansecure.com
Office: (855) 519-7328 Cell: (248) 953-3853
View Details
B. Riley Advisory Services
Scott Corzine
View Details
Brian McManamon

Brightline Technologies
John Renders
View Details
Global Solutions Group, Inc.
Lisa Salvador
(248) 291-5440
View Details
Systems X
Karen Kiewski

The Grant:

  • Up to $22,500 grant with 25% match requirement.
  • Total award based on needs provided on POAM and SSP
  • Reimbursement based on paid invoices
  • Grant paid directly to MDC Preferred Vendors
  • Access to application available on BidTarget.org after June 1, 2021


  • COLT Cyber Security Consultants
  • Securely Yours LLC
  • The Mako Group
  • Dewpoint
  • CyberForce|Q
  • LaScala
  • ICS Data
  • Praetorian Secure
  • B. Riley Advisory Services
  • TECH LOCK Inc.
  • Brightline Technologies
  • Global Solutions Group, Inc.
  • Systems X


Coming Soon: When your company has completed their CMMC federal audit and attained a certification level, check the CMMC Level 1-3 Certification box on your BTS profile to update your company’s record showing the CMMC Certification. The CMMC Shield Badge on your company profile will make it easy for federal and prime contractors using BTS to identify your company as being CMMC Certified. The Michigan Defense Center also assists DoD programs, Primes and companies looking for partners by using BTS to identify potential suppliers.