Federal Projects have new standards on document control for your projects. Understanding how these impact construction projects can be a daunting task.
Being International Traffic in Arms Regulations (ITAR) compliant or Defense Federal Acquisition Regulation Supplement (DFARS) compliant requires a different look at how you use your systems both internally and externally. Let’s take a look at how these impact your company.
International Traffic in Arms Regulations (ITAR)
ITARs that control the manufacture, sale, and distribution of defense, space-related articles, and services are defined in the United States Munitions List (USML.)
ITAR mandates that access to physical materials or technical data related to defense and military technologies is restricted to US citizens only. Limiting access to the physical materials is straightforward; limiting access to digital data is key. A US-based company with overseas operations is prohibited from sharing ITAR technical data with employees locally hired unless they gain State Department authorization. The same principle applies when US companies work with non-US subcontractors.
From a security and platform perspective, StratusVue complies with all ITAR requirements. You and your core team will need to validate and keep records (I9s) for all project members who will be accessing the data. The project will require a standards document and we can supply the proper settings that the project would need in the system for access and usage. Aside from the system behavior, the following plan should be established and implemented.
Defense Federal Acquisition Regulation Supplement (DFARS)
DFARS is a set of restrictions to protect the US defense industry. DFARS requires extended security addressing Controlled Unclassified Information (CUI). Information that is created or owned by the government requires safeguarding or dissemination controls consistent with applicable laws, regulations, and government-wide policies. This is the core focus of DFARS. In order to do DoD projects, contractors are now required to get “Cybersecurity Maturity Model Certification” (CMMC) and is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB).
The StratusVue platform complies with DFARS requirements from a security and platform perspective and can be included in your CMMC assessment as meeting the new requirements for your projects. Join us on May 21st for a webinar hosted by StratusVue CEO John Goecke that addresses the established needs for your federal projects.