42 DEFENCE EXPORT
MARCH-APRIL 2022 | WWW.AUSTRALIANDEFENCE.COM.AU
 SECURING DEFENCE EXPORT DATA
Most small to medium enterprises (SMEs) working in the defence export sector will be aware of the restrictions imposed by the US International Traffic in Arms Regulations (ITAR), but life is about to get a whole lot more complicated.
NIGEL PITTAWAY | MELBOURNE
   SOME of these small businesses may not yet be aware of US Government regulations shortly to come into effect, which will mandate that any data sent via the cloud will have to be protected by stringent cybersecurity processes. If the in- formation is also ITAR controlled, then this complicates life even further.
Under the Cybersecurity Maturity Model Certification (CMMC) regulations, the US is bringing in new cybersecu- rity requirements for contractors and organisations work- ing within the US Department of Defense (DoD) frame- work. Industry primes must not only adhere to these new
stringent relationships, but must ensure all their contrac- tors and suppliers are equally compliant.
CYBERSECURITY MATURITY MODEL CERTIFICATION
The CMMC regulations are mandated by the US Govern- ment’s Defense Federal Acquisition Regulation Supplement (DFARS), which requires all DoD contractors and sub-con- tractors to comply. These new rules are expected to become ef- fective across the US defence sector within the next two years.
According to the US DoD, the CMMC is a framework that “measures a contractor’s cybersecurity maturity to
  GETTY IMAGES