Michigan Defense CyberSmart Guide
A Cybersecurity Compliance Program

INTRODUCTION

The Michigan Office of Defense and Aerospace Innovation (ODAI), an operation of the Michigan Economic Development Corporation (MEDC), is offering Michigan’s small and medium-sized defense contractors a comprehensive program to assist with meeting the Department of Defense (DoD) cybersecurity compliance requirements.

Reduced pricing on a National Institute of Standards and Technology (NIST) SP 800-171 Gap Analysis along with grant funding for qualified companies to get to the appropriate level of Cybersecurity Maturity Model Certification (CMMC) make this a unique program for Michigan companies!

Regardless of size, every company is required to meet these mandates in order to continue current DoD contracts or to bid on new contracts. There are no waivers accepted, so it’s important to get started now.

PROGRAM OVERVIEW

The CyberSmart program, conducted in two phases, has pre-qualified Michigan contractors available to provide cybersecurity technical services to assist with the implementation of the NIST SP 800-171 requirements for meeting DFARS 252.204-7012 in order to prepare for CMMC that will be required for all United States DoD and Department of Homeland Security (DHS) contracts and work within the federal supply chain.

Phase 1: Michigan small and medium-sized businesses can contract with a vendor from the pre-qualified list to develop a Gap Analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward meeting NIST SP 800-171 compliance. The Gap Analysis assists in determining an initial Supplier Performance Risk System (SPRS) score and identifies if your company is ready to obtain CMMC, or if remediation to close gaps is needed.

Phase 2: After completing Phase 1, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.

*You must be an existing DoD prime contractor or subcontractor, or have had a contract in the past year to be eligible for grant funding and the funding does require a 25% match from your company.

APPLY FOR PHASE 1 NOW

EDUCATION RESOURCES

The Michigan Office of Defense and Aerospace Innovation and Michigan Economic Development Corporation (ODAI/MEDC) know that some small and medium sized companies don’t have the time to attend classes or prefer to learn requirements hands-on.

The ODAI has created a Self-Assessment Tool in the Bid Targeting System environment that can be used prior to selecting a vendor to complete the standardized Gap Analysis. It is a preliminary NIST SP 800-171 self-assessment tool to help you familiarize yourself with the process leading to cybersecurity compliance and help you understand what you will need to know to become compliant and eventually CMMC certified.

There are other organizations directed by the federal government to help educate you or provide resources to you. We encourage you to check out as many of them as you can to help you understand how NIST SP 800-171 and CMMC impact your business.

Michigan Manufacturing Technology Center (MMTC)

Apex Accelerators

Bid Targeting System

Self-Assessment Tool

Complete the NIST 800-171 self-assessment for a general IT infrastructure gap analysis.




MICHIGAN DEFENSE CYBERSMART PROGRAM


Phase 1 - Gap Analysis

Phase 1 of the CyberSmart program provides Michigan businesses the ability to contract with a pre- qualified cybersecurity vendor to provide them with a NIST SP 800-171 Gap Analysis report at a pre- negotiated discounted cost of $1,500 as the first step toward compliance and CMMC.

The ODAI/MEDC called for Michigan cybersecurity consultants who proved their experience in providing NIST SP 800-171 Gap Analysis. The vendors (listed on the right) provided to ODAI/MEDC references, sample Gap Analysis reports and have agreed to a set fee of $1,500 to conduct evaluations for Michigan’s small and medium sized defense suppliers and primes. The deliverable will be an understandable, standardized report and directions for next steps as well as how to register in the federal Supplier Performance Risk System (SPRS)  if needed. The SPRS Quick Entry Guide can be found here.


The next step to compliance is to fill out a System Security Plan (SSP) and a Plan of Action and Milestones (PoAM). You will use the Gap Analysis report as the content to fill out the SSP and PoAM and make progress toward achieving DFARS 252.204-7012 compliance.

  • You can download online templates HERE and try it yourself.
  • You can engage a consultant to assist you.
  • You can utilize one of the Vendors on the Pre-Qualified Vendor list to assist you.

Once your company has completed the Gap Analysis report, SSP and POAM, you are invited to check the Cybersecurity box on your Bid Targeting System (BTS) profile to indicate that your company is actively pursuing DFARS 252.204-7012 compliance. This update will make it easy for the state to share your cybersecurity status with federal and prime partners looking to fulfill supply chain needs.

Eligibility Requirement:

  • Applicant must be a Michigan-based business.


Phase 2 - Technical Assistance Grant

Once you’ve completed Phase 1, the ODAI/MEDC can provide grant funding to eligible Michigan defense contractors for continued work through remediation tasks in preparation for CMMC.

In Phase 2, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.

*You must be an existing DoD prime contractor or subcontractor to be eligible for grant funding and the funding does require a 25% match from your company.

Eligibility Requirement:

  • Registered in System for Award Management (SAM) as a Michigan company
  • In good standing with the State of Michigan
  • Completed Phase 1 of the program
  • Must have a current DoD contract or subcontract, or have had one in the past year

The Grant:

  • Up to $22,500 grant with 25% match requirement
  • Grant paid directly to ODAI Preferred Vendors

To apply for Phase 2, please fill out the application here

APPLY FOR PHASE 2 NOW

PRE-QUALIFIED VENDORS

Vendors have demonstrated experience and examples of successful consulting efforts in assisting small or medium-sized companies in achieving cybersecurity compliance in accordance with NIST SP 800-171 and DFARS requirements, including DFARS clause 252.204-7012.

COLT Cyber Security Consultants, LLC
Mark Tellier
mtellier@coltcsc.com
(616) 581-3894
Website
View Details
Securely Yours LLC
Sajay Rai
sajayrai@securelyyoursllc.com
(248) 723-5224
Website
View Details
Centric Consulting
Shane O’Donnell
Vice President
shane.odonnell@centricconsulting.com
734-707-1044
Website
View Details
Dewpoint
Silas Olson
solson@dewpoint.com
(517) 258-2750
Website
View Details
CyberForceQ
Terrie Mathison
tmathison@cyberforceq.com
(248) 837-1242
Website
View Details
LaScala
Russell Irvine
rirvine@lascala.com
(734) 659-4131
Website
View Details
ICS Data
Rick Tice
rtice@icsdata.com
(616)844-0245
Website
View Details
Praetorian Secure
Brent Bernard
brent.bernard@praetoriansecure.com
Office: (855) 519-7328 Cell: (248) 953-3853
Website
View Details
RedSpin
Jeremy Mares
jeremy.mares@redspin.com
(414)687-1099
Website
View Details
Brightline Technologies
Nick Roe
nroe@brightlineit.com
(248) 886-0248
Website
View Details
Global Solutions Group, Inc.
Lisa Salvador
lisas@globalsolgroup.com
(248) 291-5440
Sapana Shah
sapanas@globalsolgroup.com
Website
View Details
Systems X
Karen Kiewski
karen.kiewski@systems-x.com
(586)684-5252
Website