The Administrative Guide to State Government presents what an informed person should know about the major processes of state government .
DTMB has multiple Boards and Commissions for which they have administrative oversight.
DTMB Reports to the Michigan legislature organized by fiscal year
The State Administrative Board has general supervisory control over the administrative activities of all state departments and agencies.
Information technology (IT) Policies document the DTMB's authority to establish Standards and Procedures in the specified areas.
At the heart of the DTMB organization are the fundamental governance elements that define the department's authorities, processes, and procedures
The Archives of Michigan is responsible for preserving the records of Michigan government and other public institutions. The collections also include documents, maps, photographs and film from private individuals and organizations.
Cybersecurity information for the state of Michigan and resources for the public. Featuring educational and support information for local government, schools and more.
The State of Michigan Geographic Information Systems (GIS) and Mapping Site provides access to GIS data, and information across the GIS community in Michigan.
DTMB Delivery Services provides comprehensive transport services tailored to the needs of each customer as well as ID Mail and moving services.
DTMB Mail and Delivery Services offers a full range of automated and manual mail handling and delivery services.
The DTMB Real Estate Division provides real estate and occupancy services for State of Michigan agency needs.
Information and services for local government agencies about managing records and data in the most effective, cost efficient, and legally compliant manner.
The State of Michigan’s Enterprise Risk Management (ERM) section is responsible for insuring and protecting the people, property, and activities of state government.
Details on state surplus property, auctions, and eligibility for federal surplus programs.
Information for state employees and vendors, including hotel listings, travel rates, forms, and regulations.
Design & Construction Information
The Contract Connect website provides info to vendors interested in doing business with the State of Michigan. Contract Connect is managed by State of Michigan Procurement.
Search is currently unavailable. Please try again later.
The web Browser you are currently using is unsupported, and some features of this site may not work as intended. Please update to a modern browser such as Chrome, Firefox or Edge to experience all features Michigan.gov has to offer.
Level 1 items are foundational and set your course. They are intentionally set up as no-cost/low-cost actions that any organization can complete.
Adopt the CIS Controls included in the Essential Practices Guide for K12 as your base cybersecurity framework.
The CIS Controls® follow our prioritized set of actions to protect your organization and data from known cyber-attack vectors. This step is the foundation of your organization's journey toward an orderly and prioritized approach to cybersecurity.
Complete this step by making a commitment within your organization to follow CIS Controls. This could be at a department level or a resolution from your governing body.
Resources:
Conduct a Simple Self-Assessment simple self-assessment.
The MISecure self-audit is a simple conversation starter for you, your team, your organization, and your leadership. Reserve about an hour for the starting conversation. Questions on the self-assessment refer to the CIS Controls.
Achievement of this step involves answering the self-audit questionnaire with a colleague. Note your answers and any questions you may have.
Resources:
Basic Cybersecurity Awareness Training for Staff
Cybersecurity is a team sport. This step enlists everyone in your organization to become the eyes and ears of cybersecurity.
Completing this step means that you are starting a conversation with everyone in your organization about their role in protecting your shared digital environment. When you do your detailed cybersecurity assessment as part of Level 2, you will identify other required trainings.
Resources:
Sign up for MS-ISAC Membership and CISA Cyber Hygiene Monitoring
MS-ISAC (Multi State Information Sharing and Analysis Center) is part of the Center for Internet Security (CIS). They offer free and timely Cybersecurity Advisories and Notification emails. They will also monitor your public IP ranges and domains for possible compromises, and more.
CISA offers free cyber hygiene monitoring, which evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
Complete this step by joining MS-ISAC and sharing your domains and public IP address ranges with them and signing up for CISA's Cyber Hygiene programs.
Resources:
Join Michigan Cyber Partners
Sign up and receive invitations to monthly webinars and timely updates on emerging cybersecurity vulnerabilities impacting organizations in Michigan and nationwide.
Complete this step by signing up for Michigan Cyber Partners and attending at least one monthly webinar.
Resources:
Make Improvements Based on Simple Self-Assessment
The self-assessment that your team completed in Level 1 started the conversation. Now take the time to start making changes based on what you identified.
Many items in the Level 1 simple self-assessment are things that you can do with the tools that you already have in place. Complete those tasks and make plans for more long-term work. For guidance, the CIS Controls are referenced in the self-assessment.
Achievement of this step is based on addressing more than half of the items identified in the self-audit.
Resources:
Prepare for a Cybersecurity Incident
Many people in the cybersecurity field say that your likelihood of experiencing a cyber event in your organization is not a matter of "if" but "when". Given that level of certainty, it is important to spend some time deciding and documenting what you would do in the event of a cyber incident.
Achievement of this step involves preparing a basic cyber incident response plan with your team (including organization leadership) and attending a virtual cybersecurity incident tabletop exercise.
Resources:
Conduct a More Formal Assessment
The Center for Internet Security offers a free online Controls Self-Assessment Tool. This allows you to review your implementation of cybersecurity controls, based on preventing the kinds of attacks that are happening in the real world.
If you have sufficient expertise, you can complete the assessment the tool yourself, but Michigan Cyber Partners recommends that organizations use a trusted third party to complete the assessment. The state of Michigan has pre-qualified vendors who can conduct a standard CIS Controls assessment using CSAT, develop a current state report and annual improvement plan, provide monthly coaching, and help you develop an incident response plan.
Achievement of this step is done by completing the CIS Controls CSAT assessment for Implementation Group 1.
Resources:
Attend Annual Statewide Cyber Briefing
To protect your organization, you need to keep abreast of recent and on-going cybersecurity attacks and the most important prevention measures as well as stay in touch with people and organizations who can help. Michigan Cyber Partners is working with others to develop and present an Annual Statewide Cybersecurity Briefing in the second half of 2021.
Resources:
Annual Formal Cyber Assessment
Conducting one-time assessments give you a good roadmap of what needs to be done. Doing assessments annually ensures that you stay on track and up to date as well as help you measure and report your progress.
Achievement of this step involves conducting a second CIS Controls CSAT assessment one year after your initial assessment.
Make Measurable Improvements
At this stage, you get points for staying on track and making real improvements to your cybersecurity posture.
Complete this step by achieving a control score of 60 or above for each of the 43 sub-controls of Implementation Group 1
Host an Internal Cyber-Incident Tabletop Exercise
The incident response tabletop exercises in Level 2 are hosted by state of Michigan partner. They are designed to walk you through the steps required to prepare a basic cyber incident response plan and test the plan in a few scenarios. Full preparation for an incident at your organization requires the same kind of exercise with leaders and staff from across your organization. When you host your own tabletop, you will help people in your organization know what to do in the event of a cyber incident.
Complete this step by conducting a cybersecurity incident response tabletop exercise at your organization with participants from your IT group, executive leadership, risk management, and business areas. This tabletop will help the "players" understand their roles in the event of a cyber incident.
Resources:
Provide Internship Opportunities
As you have recognized by now, completing all the work involved in preventing cyber attacks is not easy. Establishing an internship program can help you qualify for assistance in implementing an organized cybersecurity plan and provide useful on-the-job skills for people seeking careers in the field.
Complete this step by establishing a cybersecurity internship program at your organization.
Resources:
