You are here

Defense Cybersecurity Assurance Program

NIST SP 800-171

Did you know? The Department of Defense (DoD) deadline for all defense contractors handling Covered Defense Information to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 was December 31, 2017. NIST SP 800-171 is a guideline made to protect unclassified information in non-federal information systems. The Department of Defense wants contractors to organize and address security requirements including access control, incident response,  and security assessments.

Not compliant or not sure? DCAP at The Ohio State University can help!


The Defense Cybersecurity Assurance Program (DCAP) is a program that aids defense contractors at any tier of the supply chain by offering expert cybersecurity consulting services and matching funds to qualifying companies that need assistance in becoming compliant with NIST SP 800-170. Ohio State will engage 20 Ohio firms in Defense Cybersecurity Assurance Program (DCAP) services. The initial assessment will identify firms’ knowledge of the cybersecurity guidelines (NIST SP 800-171) and level of assistance required to comply with the needs of the defense industry. Following compliance, the university will connect the firms with expert support to identify cybersecurity gaps and implement a customized plan. These DCAP services will be available to both new firms as well as past DMAP clients regardless of the level of assistance provided in DMAP 1.0 or 2.0. We anticipate cybersecurity projects will be funded at up to a 50% cost share match basis. 


As firms gain a better understanding of measures necessary to insure the protection of controlled unclassified information they will be better equipped to conduct the necessary missions of the Department of Defense. Through the process of evaluation and supporting security initiatives with on-site work of private sector experts, firms will adopt the latest security practices and increase their proactive response to threats. The main outcome will be more rural defense suppliers will be compliant to the guidelines as outlined in NIST SP 800-171. 


Eligibility for DCAP services relies on the following criteria*

   - Small to medium-size company

   - Earning at least 5% annually of their business revenues from DoD-derived contracts (at any supply chain tier) currently or within the past 5 years


   - Demonstrating the critical potential to address a particular need in the defense supply chain


*Priority will be given to companies in rural areas.

NIST MEP cybersecurity requirements and handbook  available at:

Download the informational flyer here

DCAP impact across the Ohio, Michigan, and Indiana region (as of February 28, 2019):

DCAP Impact Update