By Keiter CPAs
Examining the bridge between CMMC and ITAR requirements
As part of a series of articles about CMMC Level 1 Practices, the Keiter Technology team discusses the bridge between Cybersecurity Maturity Model Certification (CMMC) and International Traffic in Arms Regulations (ITAR), offering their insights into what Department of Defense (DoD) contractors should consider.
CMMC is a cybersecurity requirement from the DoD aimed at protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC requirements vary by the type of information handled: Level 1 for FCI, and Levels 2 or 3 for CUI. These level 2 and 3 requirements apply to the Organization Seeking Assessment (OSA) as well as their External Service Providers (ESPs), like Cloud Service Providers (CSPs).
CMMC Proposed Rule requires that CSPs be, at least, FedRAMP Moderate Authorized or Equivalent. This limits the population of CSPs to those listed in the FedRAMP Marketplace and those which have received a separate Equivalency determination in accordance with the DoD CIO’s memorandum.
To learn more about the impact this Rule may have on you as a contractor, read the full article here:
If you want to learn more about CMMC, Keiter’s team of cybersecurity specialists can help you. Email | Call: 804.747.0000.
About the Author
The information contained within this article is provided for informational purposes only and is current as of the date published. Online readers are advised not to act upon this information without seeking the service of a professional accountant, as this article is not a substitute for obtaining accounting, tax, or financial advice from a professional accountant.