skip to Main Content
Helping Stay Secure and CompliantEnd-to-End Cloud Storage
Blue outline of a shield protects the blue outline of a cloud, symbolizing how RegDOX Solutions provides regulated data security in the cloud.

ITAR, EAR, DFARS, and CMMC Compliance FAQs

Our cloud solutions help organizations share secure documents across organizations, jurisdictions, and countries. We provide world-class ITAR, EAR, DFARS and CMMC compliant cloud solutions for the multifaceted needs of large enterprises.

ITAR compliance mandates that access to electronic materials or technical data named or described on the US munitions list be safeguarded by secure measures & encrypted communications and restricted to US persons and properly licensed government individuals only.

In addition to its regulatory compliant technology, RegDOX Solutions offers many services. These services will help you achieve compliance with the updated DFARS Clause 252.204-7012 and NIST SP 800-171 and NIST SP 800-172, and CMMC Levels 1 and 2. It is and will remain RegDOX’s goal to enable its customers to achieve and maintain compliance as regulations continue to intensify with heightened cyber security protocols.

They involve details implementation of controls existing in the following areas:

  • Access Control
  • Awareness and Training
  • Auditing and Accountability
  • Configuration Management
  • Identification and Authentication
  • Incident Response
  • Maintenance
  • Media Protection
  • Personnel Security
  • Physical Protection
  • Risk Assessment
  • Security Assessment
  • System and Communication Protection
  • System and Information Integrity
  • Contractors must be fully compliant with the requirements outlined in NIST SP 800-171
  • Contractors must report cyber incidents within 72 hours or less to the DoD
  • Non-compliance must be reported to the DoD within 30 days after the contract award
  • Compliance must extend to all operation aspects, suppliers, and contractors

The updated DFARS rule affects every aspect of how DoD contractors fulfill their contracts, as compliance must be maintained at every level. Thus, the revision to DFARS clause 252.204-7012 requires all suppliers and subcontractors to comply with all operational aspects. Failure to meet the updated compliance requirements may result in losing current contracts and forfeiture of all future agreements.

Additional protocols that go beyond clause 252.204-7012 have also been added and require contractors to complete a DFARS CDI Assessment (current cybersecurity posture) and report the findings to the DoD Chief Information Officer (CIO) within 30 days of contract award.

While this number can undoubtedly be relative, security technology assessments for contractors can vary significantly based on the organization’s size. The average for SMEs is about two weeks, and for larger companies, the audit process can take several months. Variable factors include the number of unique “information systems” that must be assessed, employees and their computing devices sites that must be visited during the assessment, federal contracts that must be reviewed for specific requirements, definitions of information systems, and the computing systems in place. While all these tasks may seem daunting at first, a company can avoid project drift by setting and meeting routine milestones for each phase completed.

Contact Us

We work with you to develop a secure solution that best meets your needs and requirements while ensuring compliance with relevant regulations or guidelines. We’re excited to help you achieve the best possible level of document security. Contact us today!

Back To Top