Skip to main content

Independent Cybersecurity Assessments for Local Public Entities in Michigan

Michigan Cyber Partners has created an opportunity for local public entities in Michigan to contract for an independent cybersecurity assessment from a qualified independent cybersecurity vendor. The state of Michigan has pre-qualified multiple vendors through a competitive request for proposal (RFP) process. A contract with each vendor is available through the MIDEAL program. A local public entity can contract with any of the vendors selected through the competitive RFP to provide assessment, planning, and coaching services using the CIS controls.

Contracts with local entities will be an annual agreement with an option to renew. The assessors will conduct an initial assessment and engage with the local entity throughout the year to guide the improvement of the local entity’s cybersecurity posture.

Getting Started

  1. Understand the Goals of the Service
  2. Understand the Core Services
  3. Review the List of Vendors
  4. Request Quotes from the vendors you choose using the Request for Quote Form

Goals

The goals of this statewide initiative include:

  • Guide the improvement of cyber posture of local entities across Michigan through risk-based assessment and planning.
  • Provide standard assessment methodology and outputs to:
    • Create a common language about cybersecurity.
    • Create opportunities for ongoing collaboration.
  • Give local entities a choice in selecting an appropriate assessor.

Core Services

The MIDEAL contracts allow for local public entities to obtain the core services of cybersecurity assessment, planning, and an ongoing coaching relationship. This specifically includes:

  1. On-site cybersecurity assessment jointly completed by an independent assessor and local entity staff using the CIS Controls Self-Assessment Tool (CSAT).
    Sample: MI Cyber Assessment Services SAMPLE CSAT Assessment Report.docx *
  2. Current-state report (based on CSAT) to the local public entity’s leadership identifying the overall assessment results including most important vulnerabilities and recommended next steps.
    Sample: MI Cyber Assessment Services SAMPLE CSAT Assessment Report.docx *
  3. Annual Cybersecurity Improvement Plan that identifies priority actions to complete in the coming 12 months and other priority activities that have a longer time horizon.
    Sample: MI Cyber Assessment Service SAMPLE CIS Controls IG 1 Assessment and Plan.xlsx *
  4. Verification that local entity has an effective basic cyber incident response plan.
    Sample: SAMPLE Cyber Incident Response Plan.docx*
  5. Monthly one-hour telephone/online or in-person consultation to provide ongoing coaching and consulting regarding understanding of and implementation of cybersecurity improvements.
  6. End-of-year assessment update using CSAT, which identifies progress made towards improving priority items identified in initial assessment and items remaining to be addressed.

* (samples in links are for reference only, vendors may offer an equivalent format)

Requesting a Quote

Process for Obtaining Contracted Independent Cybersecurity Assessment:

  1. Review and understand the services offered (be an educated consumer).
  2. Select one or more vendors whom you would like to receive proposals. The vendors’ page has details about each vendor including proposed pricing.
  3. Download and complete the Cyber Assessment Service Request for Quote Form (Word Doc) and email it as an attachment to the point of contact for each selected vendor. The form includes details about your organization that will allow the vendor to quote services accurately. With this email, you should also identify whether you want core services only or would like to include quotations for optional services.
  4. Select a vendor based on quotations you receive.
  5. Execute an agreement referencing the MIDEAL contract for the selected vendor

Vendor Response

At a minimum, the contractor shall include the following in their proposal:

  • Pricing must not exceed the rates in vendor's MIDEAL Contract.
  • Qualifications shall match or exceed those of the named key personnel in vendor's MiDEAL Contract.