Michigan Defense CyberSmart Guide
A Cybersecurity Compliance Program


The Michigan Office of Defense and Aerospace Innovation (ODAI), an operation of the Michigan Economic Development Corporation (MEDC), is offering Michigan’s small and medium-sized defense contractors a comprehensive one-stop shop to assist your company in meeting the Department of Defense (DoD) cybersecurity compliance requirements.

Reduced pricing on your NIST SP 800-171 Gap Analysis along with grant funding to get you to the appropriate level of the Cybersecurity Maturity Model Certification (CMMC) make this a unique program for Michigan companies!

Regardless of size, every company is required to meet these mandates in order to continue current contracts or to bid on new DoD contracts. There are no waivers accepted, so it’s important to get started now.


The ODAI has pre-qualified Michigan contractors to provide cybersecurity technical services to assist with the implementation of the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) requirements for meeting DFARS 252.204-7012 in order to prepare for the upcoming Cybersecurity Maturity Model Certification (CMMC) that will be required for all United States DoD and Department of Homeland Security (DHS) contracts and work within the federal supply chain.

CyberSmart Phase 1: Michigan small and medium-sized businesses can contract with the pre-approved vendor list to develop a Gap Analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward meeting NIST SP 800-171 compliance. The Gap Analysis assists in determining an initial Supplier Performance Risk System (SPRS) score and identifies if your company is ready to obtain CMMC, or if remediation to close gaps is needed.

CyberSmart Phase 2: After completing Phase 1, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.

*You must be an existing DoD prime contractor or subcontractor to be eligible for grant funding and the funding does require a 25% match from your company.



The Michigan Office of Defense and Aerospace Innovation and Michigan Economic Development Corporation (ODAI/MEDC) know that some small and medium sized companies don’t have the time to attend classes or prefer to learn requirements hands-on.

The ODAI has created a Self-Assessment Tool in the Bid Targeting System environment that can be used prior to selecting a vendor to complete the standardized Gap Analysis. It is a preliminary NIST SP 800-171 self-assessment tool to help you familiarize yourself with the process leading to cybersecurity compliance and help you understand what you will need to know to become compliant and eventually CMMC certified.

There are other organizations directed by the federal government to help educate you or provide resources to you. We encourage you to check out as many of them as you can to help you understand how NIST SP 800-171 and CMMC impact your business.

Michigan Manufacturing Technology Center (MMTC)

Apex Accelerators

Bid Targeting System

Self-Assessment Tool

Complete the NIST 800-171 self-assessment for a general IT infrastructure gap analysis.


PHASE 1 -- Starting from the Beginning, NIST 800-171 Compliance

Phase 1 of the ODAI CyberSmart Program provides Michigan businesses the ability to contract with a pre- approved cybersecurity vendor to provide them with a NIST SP 800-171 Gap Analysis report at a pre- negotiated discounted cost of $1,500 as the first step toward compliance and CMMC.

The ODAI/MEDC called for Michigan cybersecurity consultants who proved their experience in providing NIST SP 800-171 Gap Analysis. The vendors (listed on the right) provided to ODAI/MEDC references, sample Gap Analysis reports and have agreed to a set fee of $1,500 to conduct on-site evaluations for Michigan’s small and medium sized defense suppliers and primes. The deliverable will be an understandable, standardized report and directions for next steps as well as how to register in the federal Supplier Performance Risk System (SPRS)  if needed. The SPRS Quick Entry Guide can be found here.

The next step to compliance is to fill out a Plan of Action and Milestones (PoAM) and a System Security Plan (SSP). You will use the Gap Analysis report as the content to fill out the PoAM and SSP and make progress toward achieving DFARS 252.204-7012 compliance.

  • You can download online templates HERE and try it yourself
  • You can engage a consultant to assist you
  • You can utilize one of the Vendors on the Vendor Referral list to assist you

Once your company has completed the gap analysis report, POAM and SSP, you are invited to check the Cybersecurity box on your Bid Targeting System (BTS) profile to indicate that your company is actively pursuing DFARS 252.204-7012 compliancy. This update will make it easy for the state to share your cybersecurity status with federal and prime partners looking to fulfill supply chain needs.

Eligibility Requirement:

  • Applicant must be a Michigan-based business.

PHASE 2 -- Michigan Defense Remediation Grant

The ODAI/MEDC will be offering grants to Michigan defense contractors to assist in hiring consultants to offer technical assistance to get you through remediation tasks leading to CMMC.

In Phase 2, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.

*You must be an existing DoD prime contractor or subcontractor to be eligible for grant funding and the funding does require a 25% match from your company.

Eligibility Requirement:

  • Registered in System for Award Management as a Michigan Company
  • In good standing with the State of Michigan
  • A standardized gap analysis report from the Michigan Office of Defense and Aerospace Innovation Vendor Referral List
  • Average Bid Targeting System (BTS) score of at least 50

The Grant:

  • Up to $22,500 grant with 25% match requirement
  • Reimbursement based on paid invoices
  • Grant paid directly to ODAI Preferred Vendors
  • Access to application available on BidTarget.org after June 1, 2021

To apply for Phase 2, please fill out the application here



Vendors have demonstrated experience and examples of successful consulting efforts in assisting small or medium-sized companies in achieving cybersecurity compliance in accordance with NIST SP 800-171 and DFARS requirements, including DFARS clause 252.204-7012.

COLT Cyber Security Consultants, LLC
Mark Tellier
(616) 581-3894
View Details
Securely Yours LLC
Sajay Rai
(248) 723-5224
View Details
Centric Consulting
Shane O’Donnell
Vice President

View Details
Silas Olson
(517) 258-2750
View Details
Terrie Mathison
(248) 837-1242
View Details
Dan Marietta
(734) 659-4131
View Details
ICS Data
Rick Tice
View Details
Praetorian Secure
Brent Bernard
brent.bernard@prae toriansecure.com
Office: (855) 519-7328 Cell: (248) 953-3853
View Details
B. Riley Advisory Services
Scott Corzine
View Details
Jeremy Mares
View Details
Brightline Technologies
John Renders
View Details
Global Solutions Group, Inc.
Lisa Salvador
(248) 291-5440
Sapana Shah
IT Compliance Manager

View Details
Systems X
Karen Kiewski