Cybersecurity for Defense Contractors (NIST 800-171)

A message from U.S. Senator Gary Peters


All Department of Defense (DoD) contractors must meet the Defense Federal Acquisition Regulation Supplement (DFARS) minimum cybersecurity standards or risk losing federal contracts. If you’re like many businesses, you may not know what is expected or even how to get started. Not to worry. The Michigan Manufacturing Technology Center has assembled a team of cybersecurity experts to determine if you are compliant with the requirements described in NIST Special Publication 800-171.


The Michigan Manufacturing Technology Center works with manufacturers every day to help them accelerate their business growth and sustain success into the future.  We help companies analyze new and existing technology to develop a framework for SECURE business operations.

The Center’s experienced team has designed a comprehensive four-step cybersecurity program. We will help you gauge your current situation and tailor a plan specifically for your internal capabilities, budget and time sensitivity. Here’s how it works:

  1. Discovery – the professional assessment of your company’s practices related to the new standard. If necessary, a gap analysis will be completed to document the scope to be remediated.
  2. Remediate to Meet New Standard – supports all necessary fixes to ensure compliance. This may include updates to firewalls, patches, policy development, employee training, physical security, network configuration, etc.
  3. Test and Validate – verifies that all technology and physical security aspects are working properly. A penetration test may be necessary.
  4. Monitoring/Reporting – establishes ongoing monitoring and scanning of the required enterprise network. Creates a working process to log, remediate and report (as required) cyberattacks.


Defense Department to Require New Cybersecurity Certification from Contractors
Government Supplemental Information 
Addressing Cybersecurity Oversight as Part of a Contractors Purchasing System Review (U.S. Department of Defense)
Memorandum: MDA Cybersecurity Best Practices (U.S. Department of Defense) 
Safeguarding Covered Defense Information and Cyber Incident Reporting (U.S. Department of Defense)
NIST SP 800-171 Memorandum Explanation 
Defense Cybersecurity Requirements: What Small Businesses Need to Know (U.S. Department of Defense)
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (NIST)
Directive-Type Memorandum (DTM): Cybersecurity in the Defense Acquisition System (Dept. of Defense)
Cybersecurity Glossary (
Memorandum:  Implementation of DFARS Clause 252.204-7012 (Department of Defense)


Ask how the Michigan Manufacturing Technology Center can help. Contact The Center today at 888.414.6682 or email to get started. Have a question? Read our most frequently asked cybersecurity questions here