An official website of the United States government

Here's how you know

Official websites use .mil

A .mil website belongs to an official U.S. Department of Defense organization in the United States.

Secure .mil websites use HTTPS

A lock () or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)

The DCMA DIBCAC leads the Department of Defense's (DoD) contractor cybersecurity risk mitigation efforts. DIBCAC assesses DoD contractors' compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations,” and the DFARS clause 252.204-7020’s NIST SP 800-171 DoD Assessment Requirements.

DIBCAC remains the DoD's only authorized assessor for Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessor Organizations (C3PAOs) and the sole entity designated to assess CMMC Level 3 for the DoD. It also serves as the primary NIST SP 800-171 Assessment capability and the de facto training entity for producing qualified cybersecurity assessors for the Defense Industrial Base's (DIB) protection of CUI.

The DIBCAC is proud to be a recipient of the 2021 DoD CIO Cyber and IT Excellence Award.

Read Article: Tech team wins cybersecurity award

Resources For Your Upcoming DIBCAC Assessment

CMMC Assessment

If you are requesting a CMMC Level 3 (DIBCAC) assessment, please submit an email to dcma.lee.hq.mbx.dibcac-cmmc@mail.mil with the subject line “CMMC level 3 (DIBCAC) Assessment Request”. Reminder: Attach CMMC Status of Final level 2 (C3PAO) Certificate issued by C3PAO.

High and Medium NIST SP 800-171 Assessments

Other Resources

Contact Information

If you have general questions, please email DIBCAC Business Operations Inbox: DCMA_7012_Assessment_Inquiry@mail.mil.
If you have DIBCAC training questions, please email our Training Group Inbox: dcma_dibcac_training@mail.mil.
If you have CMMC questions, please email our CMMC Inbox: dcma_dibcac_cmmc@mail.mil.
If you’re part of another government entity and would like to partner with DIBCAC for a joint assessment, please email: DCMA_7012_Assessment_Inquiry@mail.mil.
If you would like to join a DIBCAC Assessor Course, please fill out this form.
Interested in working for DIBCAC as a cybersecurity assessor? Please find details here and watch USAJOBS for any future job opportunities.

DIBCAC Director, Nicholas J. DelRosso Jr.

As the DIBCAC Director for the Defense Contract Management Agency, Nicholas (Nick) DelRosso Jr. oversees DCMA's cybersecurity assessments of the Defense Industrial Base (DIB) based upon DFARS 252.204-7012. Prior to this position, he served as a Team Chief for the DIBCAC. In this capacity, he supervised a team which conducted cybersecurity assessments of the DIB. DelRosso has also served as Software Surveillance Specialist, Computer Engineer, and Support Program Integrator within DCMA. He has software development experience with a defense contractor and program experience as part of a Federally Funded Research and Development Center (FFRDC).

DelRosso earned a Bachelor of Science in Computer Science from The University of Scranton and his Master of Science in Computer Engineering from Villanova University.

Current as of July 2025

Mission

Support the warfighter by assessing the Defense Industrial Base compliance in the protection of DoD Controlled Unclassified Information, ensuring contractors implement appropriate cybersecurity requirements, in support of acquisition decision making.

Vision

Security-focused, highly-trained cybersecurity professionals providing comprehensive and repeatable assessments for risk-based decision making.

Commitment

Integrity, Service, Excellence.