Threat & Research Team Blog
- CMMC
- Vulnerabilities
- Government
- Security operations
- OT Security
- Compliance
- SOC
- Artificial Intelligence
- ThreatHunting
- Vulnerability Management
- Industrial Control Security
- Ransomware
- Cyber Security Compliance
- Zero-Day
- NIST 800-171
- Critical Infrastructure
- threat advisory
- Penetration Testing
- Emerging Threats
Can ITAR Be CUI? Why ITAR Could Be in Scope for your CMMC Assessment
Any defense contractors mistakenly believe ITAR-controlled data sits outside the boundaries of CMMC Level 2 — but that assumption could cost you your certification.
In reality, the National Archives and Records Administration (NARA) confirms that certain ITAR-regulated information qualifies as Controlled Unclassified Information (CUI Specified). That means if your organization handles ITAR data, it’s likely in scope for your CMMC assessment — and must meet strict safeguarding and dissemination requirements.
In this article, we explain how ITAR and CUI overlap, what the CUI Registry actually says, and why treating ITAR as CUI is both the safest and most compliant path forward for defense contractors.
Tips for preparing for Cyber Security Maturity Model Certification (CMMC)?
Maverc will be posting several articles and the latest news with guidelines on getting ready for CMMC, a new cyber security standard for defense contractors on our blog. Let’s start with an summary of CMMC and how to get started with piloting the certification process.
What role will Manufacturing Extension Partnerships (MEP) play in CMMC and NIST Compliance?
Established by the National Institute of Standards and Technology (NIST) in 1988, the Manufacturing Extension Partnership program, or MEP, is a national network created to support US supply chain manufacturers with organizational growth,
