DIBCAC training strengthens defense industrial base

DIBCAC training strengthens defense industrial base

By Elizabeth Szoke DCMA Public Affairs

The Defense Contract Management Agency's Defense Industrial Base Cybersecurity Assessment Center, or DIBCAC, recently led a week-long cybersecurity training event here to strengthen assessment consistency and support the Department of War's mission.

The DIBCAC training team gathered assessors and business operations staff from across the country to refine skills, align processes and address emerging cybersecurity challenges across the defense industrial base.

"This training strengthens how we execute the mission across the enterprise," said Walt Eady, DCMA's Technical Directorate executive director. "Our teams assess some of the most critical programs in the War Department, and they must operate with precision, consistency and confidence every time."

The training focused on ensuring teams assess contractor environments in a consistent, repeatable and predictable manner. That consistency directly supports DIBCAC's role in evaluating critical defense programs under Cybersecurity Maturity Model Certification Level 3 requirements.

"DIBCAC sits at a critical point in the acquisition process," said Nick DelRosso, DIBCAC director. "These assessments help validate whether our most important contractors can protect sensitive information and that directly impacts who supplies the warfighter."

DIBCAC assessors serve a key role in protecting sensitive defense information tied to the nation's most vital programs.

"Their assessments act as a gate for contractors supporting the department's most critical systems, which ensures those environments meet strict cybersecurity standards before a contract can be awarded," DelRosso said.

During the training, industry experts provided technical briefings on cloud environments commonly used across the defense industrial base. The sessions gave assessors deeper insight into platform configurations, security expectations and risk areas within the Federal Risk and Authorization Management Program, or FedRAMP, Moderate equivalent environments.

"Presentations from several of the industry's largest providers of the most commonly used cloud service offerings afforded us with the opportunity to gain a better understanding of their existing service offerings, both commercial and FedRAMP Authorized," said Erik Joslyn, DCMA cybersecurity assessment specialist. "The Q&A portion of the sessions was especially beneficial as it allowed each of the different providers the opportunity to give us direct answers to some of the most critical questions that come up during our assessment process."

The training insights help assessors better evaluate how contractors store, process and protect controlled unclassified information in cloud-based systems.

"The value of (the event) was connecting with fellow assessors across teams," said Priyam Patel, a DCMA cybersecurity specialist. "Their sharp, insightful questions remind me how much expertise we have across DIBCAC and how much better we should leverage it year-round to faithfully execute our mission in securing the DIB supply chain."

Government partners also contributed to the training. The Cybersecurity Maturity Model Certification Program Management Office provided updates on program execution and performance, while representatives from the National Institute of Standards and Technology shared insight into evolving cybersecurity requirements.

"We're seeing frequent changes across CMMC and NIST standards and cloud environments," said Stephanie Rocha, DIBCAC deputy director. "Those updates ensure assessors stay aligned with current policy and future expectations as cybersecurity standards continue to evolve."

The training also included internal sessions focused on complex Level 3 requirements, including advanced threat-hunting techniques tied to NIST Special Publication 800-172 controls. The team used interactive scenarios to walk through real-world applications of those requirements and reinforce how to identify and assess advanced threats.

"The interactive training offered levity to an otherwise complex and arduous learning topic, keeping everyone engaged while reinforcing the agency's expectations for how to properly evaluate these critical security requirements," Joslyn said. "The audience's active engagement gave us the opportunity to learn from our shared experiences and real-world examples from within the industry."

Beyond technical development, the event strengthened collaboration across the DIBCAC enterprise. Bringing the team together in person allowed assessors to share lessons learned, standardize approaches and build cohesion across geographically dispersed teams.

That alignment ensures DIBCAC continues to deliver high-quality, consistent assessments that support acquisition decisions and protect critical defense information.

"I'm proud of the work this team continues to do and the impact it has across the defense industrial base," Eady said. "As threats evolve, DIBCAC will remain at the forefront of cybersecurity, and this team is ready to meet that challenge head-on."