Cyber Thursday: CMMC and ITAR – Navigating the differences between the requirements and understanding where they overlap

This session will examine the key differences and points of intersection between the Cybersecurity Maturity Model Certification (CMMC) and the International Traffic in Arms Regulations (ITAR). Attendees will gain a clear understanding of how CMMC requirements for protecting Controlled Unclassified Information (CUI) compare and contrast with ITAR’s stringent controls over defense-related technical data and exports. The discussion will highlight overlapping areas such as access controls, data protection, and incident response, while also addressing distinct compliance obligations, enforcement mechanisms, and the roles of different federal agencies. This session is essential for defense contractors managing both CUI and ITAR-regulated data, offering practical guidance on aligning compliance efforts to meet both frameworks effectively.

Speaker: Matt Frost, Government Contract Specialist, Wisconsin Procurement Institute – WI APEX Accelerator