Michigan Defense CyberSmart Program Provider
As a pre-qualified provider of services to Michigan defense contractors, B. Riley Advisory Services is proud to be part of the Michigan Defense CyberSmart Program. We believe that the Michigan Defense CyberSmart Program is an innovative and robust cost-sharing approach to helping small and medium sized defense contractors in Michigan understand how to most cost-effectively meet their new cybersecurity obligations as DoD contractors.
We are a CMMC-AB Registered Provider Organization. Our unique Defense Sector cybersecurity expertise was developed with years of experience as Chief Information Security Officer (CISO) for companies like Lockheed Martin and Sikorsky Aircraft. We work with many defense contractors on their DFARS cybersecurity compliance obligations to NIST 800-171/171A, in preparation for CMMC 2.0 compliance.
Understanding the New Rules
As of November 30, 2020, the 4,000 Michigan DoD contractors must be prepared to attest to their compliance with DFARS 252.204-7012, 7019, 7020 & 7021. They must understand the flow of Controlled Unclassified Information (CUI) in their defense contracts. They must assess their compliance posture, post their compliance scores on the DoD's Supplier Performance Risk System (SPRS) database for DoD scrutiny, and close the gaps revealed in their assessments through a Plan of Actions and Milestones (POAM). False or misleading cybersecurity posture attestations are subject to legal actions under the False Claims Act.
Becoming compliant with these rules now will best prepare Michigan DoD contractors to meet the coming CMMC 2.0 requirements when federal rulemaking is complete in late 2022 or early 2023.
How B. Riley Advisory Services Can Help
The Compliance, Risk & Resilience practice at B. Riley Advisory Services works in concert with the Michigan Defense CyberSmart Program to provide these services to help Michigan defense contractors meet today's DFARS requirements as a bridge to meeting upcoming CMMC 2.0 requirements:
- low-cost gap assessments and report with remediation and improvement recommendations
- providing robust SPRS scores
- development of realistic System Security Plans (SSP) and POAMs
- support for compliance gap remediation and closure
- validation of remediation and CMMC assessment readiness