A Cybersecurity Compliance Program
The Michigan Defense Center (MDC), an operation of the Michigan Economic Development Corporation (MEDC), is offering Michigan’s small and medium-sized defense contractors a comprehensive one-stop shop to assist your company in meeting the Department of Defense (DoD) cybersecurity compliance requirements.
Reduced pricing on your NIST SP 800-171 Gap Analysis along with grant funding to get you to the appropriate level of the Cybersecurity Maturity Model Certification (CMMC) make this a unique program for Michigan companies!
Regardless of size, every company is required to meet these mandates in order to continue current contracts or to bid on new DoD contracts. There are no waivers accepted, so it’s important to get started now.
The MDC has pre-qualified Michigan contractors to provide cybersecurity technical services to assist with the implementation of the National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171) requirements for meeting DFARS 252.204-7012 in order to prepare for the upcoming Cybersecurity Maturity Model Certification (CMMC) that will be required for all United States DoD and Department of Homeland Security (DHS) contracts and work within the federal supply chain.
CyberSmart Phase 1: Michigan small and medium-sized businesses can contract with the pre-approved vendor list to develop a Gap Analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward meeting NIST SP 800-171 compliance. The Gap Analysis assists in determining an initial Supplier Performance Risk System (SPRS) score and identifies if your company is ready to obtain CMMC, or if remediation to close gaps is needed.
CyberSmart Phase 2: After completing Phase 1, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.
*You must be an existing DoD prime contractor or subcontractor to be eligible for grant funding and the funding does require a 25% match from your company.APPLY FOR PHASE 1 NOW
The Michigan Defense Center and Michigan Economic Development Corporation (MDC/MEDC) know that some small and medium sized companies don’t have the time to attend classes or prefer to learn requirements hands-on.
The MDC has created a Self-Assessment Tool in the Bid Targeting System environment that can be used prior to selecting a vendor to complete the standardized Gap Analysis. It is a preliminary NIST SP 800-171 self-assessment tool to help you familiarize yourself with the process leading to cybersecurity compliance and help you understand what you will need to know to become compliant and eventually CMMC certified.
There are other organizations directed by the federal government to help educate you or provide resources to you. We encourage you to check out as many of them as you can to help you understand how NIST SP 800-171 and CMMC impact your business.
Bid Targeting System
Complete the NIST 800-171 self-assessment for a general IT infrastructure gap analysis.
MICHIGAN DEFENSE CYBERSMART PROGRAM
PHASE 1 -- Starting from the Beginning, NIST 800-171 Compliance
Phase 1 of the MDC CyberSmart Program provides Michigan businesses the ability to contract with a pre- approved cybersecurity vendor to provide them with a NIST SP 800-171 Gap Analysis report at a pre- negotiated discounted cost of $1,500 as the first step toward compliance and CMMC.
The MDC/MEDC called for Michigan cybersecurity consultants who proved their experience in providing NIST SP 800-171 Gap Analysis. The vendors (listed on the right) provided to MDC/MEDC references, sample Gap Analysis reports and have agreed to a set fee of $1,500 to conduct on-site evaluations for Michigan’s small and medium sized defense suppliers and primes. The deliverable will be an understandable, standardized report and directions for next steps as well as how to register in the federal Supplier Performance Risk System (SPRS) if needed. The SPRS Quick Entry Guide can be found here.
The next step to compliance is to fill out a Plan of Action and Milestones (PoAM) and a System Security Plan (SSP). You will use the Gap Analysis report as the content to fill out the PoAM and SSP and make progress toward achieving DFARS 252.204-7012 compliance.
- You can download online templates HERE and try it yourself
- You can engage a consultant to assist you
- You can utilize one of the Vendors on the Vendor Referral list to assist you
Once your company has completed the gap analysis report, POAM and SSP, you are invited to check the Cybersecurity box on your Bid Targeting System (BTS) profile to indicate that your company is actively pursuing DFARS 252.204-7012 compliancy. This update will make it easy for the state to share your cybersecurity status with federal and prime partners looking to fulfill supply chain needs.
- Applicant must be a Michigan-based business.
PHASE 2 -- Michigan Defense Remediation Grant
The MDC/MEDC will be offering grants to Michigan defense contractors to assist in hiring consultants to offer technical assistance to get you through remediation tasks leading to CMMC.
In Phase 2, qualified companies* can receive up to $22,500 in grant funding to address deficiencies in their IT infrastructure and become fully compliant with DoD cybersecurity requirements.
*You must be an existing DoD prime contractor or subcontractor to be eligible for grant funding and the funding does require a 25% match from your company.
- Registered in System for Award Management as a Michigan Company
- In good standing with the State of Michigan
- A standardized gap analysis report from the Michigan Defense Center Vendor Referral List
- Average Bid Targeting System (BTS) score of at least 50
- Up to $22,500 grant with 25% match requirement
- Reimbursement based on paid invoices
- Grant paid directly to MDC Preferred Vendors
- Access to application available on BidTarget.org after June 1, 2021
To apply for Phase 2, please fill out the application hereAPPLY FOR PHASE 2 NOW
Vendors have demonstrated experience and examples of successful consulting efforts in assisting small or medium-sized companies in achieving cybersecurity compliance in accordance with NIST SP 800-171 and DFARS requirements, including DFARS clause 252.204-7012.