A Cybersecurity Compliance Program

Receive a Complete On-site Standardized Gap Analysis Report From a Michigan Cybersecurity Vendor at the pre-negotiated rate of $1,500.


INTRODUCTION

The Michigan Defense Center is offering Michigan’s small and medium sized defense contractors a comprehensive one-stop shop to federal cybersecurity compliance to save this nation’s federal supply chain and your business. This program is one of the first in the nation to provide a business solution to this federal mandate and strives to drive standardization, accountability and cost-effectiveness to the process. We know you don’t have time or money to waste!

This multi-phased approach will help you navigate proven resources to meet your needs no matter what phase you are in and provides guidance to assist you in protecting and growing your business.

PROGRAM OVERVIEW

The Michigan Economic Development Corporation’s (MEDC) Michigan Defense Center (MDC) has identified Michigan contractors to provide cybersecurity consulting services for small and medium-sized Michigan businesses to assist with the implementation of the requirements in National Institute of Standards and Technology Special Publication (NIST SP) 800-171 required for achieving DFARS 252.204-7012 compliancy, as well as CMMC direction in order to qualify for United States Departments of Defense (DoD) and Homeland Security (DHS) contracts and work in the federal supply chain.

Vendor activities include conducting on-site standardized gap analyses at a fixed rate of $1,500 utilizing a standardized deliverable report as selected by the Michigan Defense Center (MDC) and Michigan Economic Development Corporation (MEDC).

Implementation grants are available to address deficiencies and prepare for CMMC Prerequisites.

EDUCATION RESOURCES

MDC/MEDC knows that some small and medium sized companies don’t have the time to attend classes or prefer to learn requirements hands-on.

The MDC has created a Self-Assessment Tool in the Bid Targeting System environment that can be used prior to selecting a vendor to complete the Standardized Gap Analysis. It is a preliminary NIST 800-171 self-assessment tool to help you familiarize yourself with the process leading to cybersecurity compliance and help you understand what you will need to know to get compliant and eventually CMMC certified.

There are other Organizations directed by the federal government to help educate you or provide resources for you. We encourage you to check out as many of them as you can to help you understand how NIST 800-171 and CMMC impact your business.

Michigan Manufacturing Technology Center (MMTC)

Procurement Technical Assistance Center (PTAC)

Bid Targeting System Self-Assessment Tool
Complete the NIST 800-171 self-assessment for a general IT infrastructure gap analysis.


MICHIGAN DEFENSE CYBERSMART PROGRAM

PHASE 1 — Starting from the Beginning, NIST 800-171 Compliance

The Michigan Defense Center’s Michigan Defense CyberSmart Phase I provides Michigan businesses with the ability to contract with a Michigan cybersecurity vendor to provide you with a NIST 800-171 gap analysis report at a pre-negotiated discounted cost of $1,500 as the first step toward compliance and Cybersecurity Maturity Model Certification (CMMC).

The Michigan Defense Center (MDC) and Michigan Economic Development Corporation (MEDC) called for Michigan cybersecurity consultants who proved their experience in providing NIST 800-171 gap analysis. The Vendors below provided to MDC/MEDC references, sample gap analysis reports and have agreed to a set fee of $1500.00 to conduct on-site evaluations for Michigan’s small and medium sized defense suppliers and primes. The deliverable will be an understandable, standardized report and directions for next steps as well as how to register in the federal Supplier Performance Risk System (SPRS)  if needed. The SPRS Quick Entry Guide can be found here.

VENDOR REFERRAL LIST:

  • COLT Cyber Security Consultants
  • Securely Yours LLC
  • The Mako Group
  • FullCircle Communications, LLC
  • Dewpoint
  • CyberForce|Q

The next step to Compliance is to fill out a Plan of Action Milestone/Mitigation (POAM) and a System Security Plan (SSP). You will use the Gap Analysis Report as the content to fill out the POAM and SSP and make progress toward achieving DFARS 252.204-7012 compliancy.

  • You can download online templates HERE and try it yourself
  • You can engage a consultant to assist you
  • You can utilize one of the Vendors on the Vendor Referral list to assist you

Once your company has completed the gap analysis report, POAM and SSP, you are invited to check the Cybersecurity box on your Bid Targeting System (BTS) profile to indicate that your company is actively pursuing DFARS 252.204-7012 compliancy. This update will make it easy for the state to share your cybersecurity status with federal and prime partners looking to fulfill supply chain needs.

Eligibility Requirement:

  • Applicant must be a Michigan-based business.

PHASE 2 — Cybersecurity Maturity Model Certification (Levels 1,2,3)

Yes, the federal government is still developing the details of CMMC, but, make no mistake—your company will have to be certified in the coming years and working towards that now will position you for future contracting.

The Michigan Defense Center has brought together resources from around the state to assist you in remediating the gaps found in your Gap Analysis and contained on your POAM and SSP. If you need help getting to the next level of compliance; CMMC levels 1,2 or 3, Check out these Michigan based resources.

  • Michigan Manufacturing Technology Center (MMTC) 
    The Michigan Manufacturing Technology Center has assembled a team of cybersecurity experts to determine if you are compliant with the requirements described in NIST Special Publication 800-171. The Center’s experienced team has designed a comprehensive four-step cybersecurity program. We will help you gauge your current situation and tailor a plan specifically for your internal capabilities, budget and time sensitivity.
  • Coming Soon: University of Michigan’s Economic Growth Institute (EGI) Concierge Service. MDC has worked with EGI to offer a counseling session that will help you determine your next steps and can connect you to an EGI database of Cybersecurity Service Providers identified in their Defense Cybersecurity Assurance Program (DCAP).

These vendors can assist you in completing items your Plan of Action and Milestones (POAM), System Security Plan and Remediation tasks.

Counseling and updates on CMMC audits and level certifications should be part of your interaction with these or other Cybersecurity Service Providers.

PHASE 3 –Michigan Defense Remediation Grant

Coming Soon: The Michigan Defense Center/Michigan Economic Development Corporation will be offering grants to Michigan Defense Contractors to assist in hiring consultants to offer technical assistance to get you through your remediation tasks leading to CMMC level 1,2,3.

Eligibility Requirement:

  • Registered in System for Award Management as a Michigan Company
  • In good standing with the State of Michigan
  • A standardized gap analysis report from the Michigan Defense Center Vender Referral List
  • Average Bid Targeting System (BTS) score of at least 50
  • Completed POAM and SSP
  • Bid Targeting System (BTS) firm profile is updated with the Self-Certification box checked showing NIST Compliance

The Grant:

  • 50% match up to $15,000.
  • Total award based on needs provided on POAM and SSP
  • Reimbursement based on paid invoices
  • Grant paid directly to MDC Vendors
  • Access to application available on BidTarget.org after June 1, 2021

VENDOR REFERRAL LIST:

  • COLT Cyber Security Consultants
  • Securely Yours LLC
  • The Mako Group
  • FullCircle Communications, LLC
  • Dewpoint
  • CyberForce|Q

PHASE 4

Coming Soon: When your company has completed their CMMC federal audit and attained a certification level, check the CMMC Level 1-3 Certification box on your BTS profile to update your company’s record showing the CMMC Certification. The CMMC Shield Badge on your company profile will make it easy for federal and prime contractors using BTS to identify your company as being CMMC Certified. The Michigan Defense Center also assists DoD programs, Primes and companies looking for partners by using BTS to identify potential suppliers.

BUSINESS CONTACT INFORMATION
Dustin Frigy at Frigy@MichiganDefenseCenter.org