Defense Industrial Base Cybersecurity Assessment Center
Also known as: DIBCAC
The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) is the Defense Contract Management Agency (DCMA) component that conducts NIST SP 800-171 assessments and CMMC Level 3 assessments on DoD contractors. DIBCAC assessments are the highest assurance level in the program.
Related terms
- CMMC Level 3
CMMC Level 3 is the highest CMMC certification tier, reserved for DoD programs involving CUI of the highest priority. It requires implementing NIST SP 800-171 plus 24 enhanced controls drawn from NIST SP 800-172, and triennial assessments performed by the DoD's Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).
- NIST SP 800-171
NIST SP 800-171 is the National Institute of Standards and Technology publication that defines 110 security controls for protecting Controlled Unclassified Information (CUI) on non-federal systems. It is the controls catalog used at CMMC Level 2 — but is not used at Level 1, which is based on the 15 safeguarding requirements in FAR 52.204-21.