Use Case: Defense Industry 2023

Ensuring CMMC and ITAR compliance with data monitoring and classification on creation.

Use Case: Defense Industry 2023


  • Continuous Automated Monitoring for CMMC Compliance
  • Data Visibility and EUC Policy Enforcement
  • Accelerated Adoption of CMMC Practices
  • Data policy and reporting set-up at speed
  • Data KPI Progress Tracking
  • AI-Powered Support for Various Data Sources

Data Challenges for Defence organisations

Defence organisations face a myriad of complex data challenges with the highest priority being data security, as safeguarding sensitive and classified information from cyber threats and unauthorised access is paramount. The sheer volume of data generated, including surveillance, intelligence, and operational data, can be overwhelming. Data is often fragmented in silos across various departments and systems, hindering collaboration and efficient data sharing. Interoperability is crucial to ensure different defence systems can effectively communicate and share data. Maintaining data quality and accuracy is essential to avoid critical errors. Data integration from diverse sources, such as sensors and satellites, poses technical challenges. Compliance with data privacy regulations is a continuous concern, while making sense of the data and deriving actionable insights through analytics is an ongoing challenge. Access control, data retention, and the integration of emerging technologies also add to the complexity of managing defence data effectively. Geospatial and supply chain data are specific areas of focus in this context. Addressing these challenges is essential to enhance operational capabilities and ensure national security.

The Need for Achieving CMMC and ITAR Compliance 

CMMC (Cybersecurity Maturity Model Certification) compliance is essential for safeguarding sensitive data and national security, especially in defence and government sectors. ITAR (International Traffic in Arms Regulations) compliance is crucial for controlling the export of defence-related materials and technologies, preventing unauthorised access, and maintaining international trade relationships. Both are legally mandated and necessary for securing contracts, protecting intellectual property, and avoiding severe penalties. Compliance ensures business continuity, upholds national security, and opens doors to valuable opportunities in the defence and aerospace industries.

The CMMC consists of 5 levels, and contractors will need to be CMMC compliant to access DOD contracts. The NIST 800-171 already required cybersecurity for unclassified information. The protection of controlled unclassified information (CUI) resident in non-federal systems and organisations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its essential missions and functions.

Contractors have 2 primary areas of focus for the CMMC, which protects two forms of sensitive data:

  1. Federal contract information (FCI) – Information created by, or on behalf of the federal government, under contract, but not intended for access by the general public.
  1. Controlled unclassified information (CUI) – Information legally required to be protected in one way or another, but not under the status of 'classified.

Every organisation will need to attain a minimum level of maturity measured by the CMMC in protecting this data.

Level 1 – Basic Cyber Hygiene: Basic processes are performed for basic safeguarding of federal contract information (FCI).

Level 2 – Intermediate Cyber Hygiene: This level is considered a transition step to protect CUI.

Level 3 – Good Cyber Hygiene: Processes are managed to protect CUI.

Level 4 – Proactive: Processes are reviewed.

Level 5 – Advanced/Progressive: Processes are optimised.

The CMMC framework also contains similar domains to the NIST 800-171 with a few additions:

  1. Asset Management
  2. Recovery
  3. Situational Awareness

The primary challenge lies in identifying, controlling, and managing this data effectively. Extending existing security measures to protect such data necessitates a comprehensive analysis of all systems handling it, as these documents and files can be diverse and numerous. The key is to accurately comprehend an organisation's data and maintain it with appropriate technology. External auditors assess an organisation's data management, adding external pressure. Understanding their criteria is crucial for successful evaluation. The evaluation is based on a graduated level system that assesses critical cyber defence practices and processes.

Getvisibility Solution Suite

Contractors need a single unified view of their data. The Getvisibility platform provides a foundational capability for integrating siloed data sources and newly created data points into a single asset management/data inventory system. Getvisibility’s Data Guard solution provides organisations a single view into their enterprise data, where it is, what it is and how it is changing. This is possible through a customisable data reporting dashboard, data ownership, and alert systems.

The Getvisibility solution platform enables organisations to accurately and cost effectively find and manage their regulated data through the following features:

Getvisibility Data Guard

  • Define and implement data policy enabling continuous compliance.
  • Finds misallocated CMMC and export controls data and helps to fix the access rights.

Getvisibility Focus

  • Scan and find CMMC CUI, FOUO and FCI data along with ITAR and export control data.

Getvisibility Synergy

  • Allow EUC to label necessary documents in line with CMMC and ITAR requirements visually.
  • Finds CMMC and export control data on user end-points when users work with such documents.
  • Integrate with MS Outlook to protect sensitive government data including CMMC and export control data from being sent to the wrong recipients.

Defence organisations deploying the Getvisibility suite of data solutions will have the ability to:

  • Continuously monitor their environment to achieve and maintain their CMMC compliance requirements.
  • Accelerate the adoption and achievement of CMMC- required practices.
  • Build a full audit log and reporting system for auditors.
  • Chart and measure progress against key KPI.

Getvisibility is powered by advanced AI and supports on-prem and cloud-based

data The solution supports file shares, collaboration portals (such as SharePoint), cloud storage systems (such as G-Suite, Dropbox, AWS, OneDrive or Box), and all types of email.

The Getvisibility solution provides visibility to this unstructured data no matter where it resides and then helps enforce policies to better govern access to this content, and ensures it is available only to users that should have access to it. Getvisibility compliments a data loss prevention (DLP) program.

Want to see our products in action? Speak to one of Getvisibility's many experts.