Export controls, defense acquisition, cybersecurity maturity, controlled unclassified information, and AUKUS obligations. AuditDSS decomposes 69 regulations into 41,420 individually testable obligations across 7 jurisdictions with 4-axis risk scoring.
DDTC, OFAC, and DOJ are imposing record penalties for export control, sanctions, and corruption violations. Without compliance, you lose contracts, face criminal prosecution, and get debarred.
$189M
DDTC ITAR penalties
BAE $79M, FLIR $30M, Airbus $26M — ITAR violations trigger massive civil penalties and potential debarment
$13.3B
OFAC sanctions fines
BNP Paribas $9B — OFAC sanctions violations in defense supply chains produce the largest corporate penalties in history
$5.9B
DOJ FCPA enforcement
Goldman $2.9B — foreign bribery enforcement in defense contracting continues to produce multi-billion dollar resolutions
300,000+
Companies needing CMMC
Every company in the DoD supply chain handling CUI must achieve CMMC Level 2 certification by a C3PAO
69
Regulations covered
4,265
Rules decomposed
41,420
Obligations scored
7
Jurisdictions
7 jurisdictions, 69 regulations
From CMMC and NIST 800-171 to ITAR export controls and DFARS cybersecurity clauses, from OFAC sanctions screening to FCPA anti-bribery — AuditDSS decomposes every defense regulation into independently testable obligations.
Score your CMMC readiness across all 110 NIST 800-171 practices. Validate DFARS cybersecurity compliance and ITAR registration before the C3PAO assessment.
Australian and UK companies entering the US defense supply chain need to meet the same CMMC and ITAR requirements as domestic contractors. Score your readiness against the full US defense compliance stack.
Tier 2 and Tier 3 subcontractors face the same DFARS flow-down requirements as primes. CMMC certification will be required at contract award — not after. Get ahead of the deadline.
All 69 regulations applicable to defense & national security, grouped by theme. Every regulation links to its detailed obligation breakdown.
Australian Department of Defence — Defence Export Controls
European Parliament and Council
Directorate of Defense Trade Controls
Export Control Joint Unit
Committee on Foreign Investment in the United States
Bureau of Industry and Security
Cyber and Infrastructure Security Centre
Joint Committee of European Supervisory Authorities (EBA/ESMA/EIOPA)
Center for Internet Security
European Union Agency for Cybersecurity
National Institute of Standards and Technology
National Institute of Standards and Technology
PCI Security Standards Council
Saudi Arabian Monetary Authority
Cybersecurity and Infrastructure Security Agency
General Services Administration
General Services Administration
Office of Management and Budget
HITRUST Alliance
American Institute of Certified Public Accountants
Office of the Australian Information Commissioner
Department of Homeland Security
European Data Protection Board
National Institute of Standards and Technology
Saudi Data and AI Authority
Information Commissioner's Office
Department of Labor - Employee Benefits Security Administration
European Parliament and Council
US Department of Justice — FCPA Unit
Agence Française Anticorruption
Securities and Exchange Commission
Serious Fraud Office
Australian Securities and Investments Commission
European Parliament and Council
International Sustainability Standards Board
International Sustainability Standards Board
Securities and Exchange Commission
Safe Work Australia
European Parliament and Council
Occupational Safety and Health Administration
Occupational Safety and Health Administration
Health and Safety Executive
Fair Work Commission
Australian Border Force
Ministry of Human Resources and Social Development
Equality and Human Rights Commission
Advisory, Conciliation and Arbitration Service
Independent Anti-Slavery Commissioner
U.S. Department of Labor — Wage and Hour Division
U.S. Department of Labor — Wage and Hour Division
Equal Employment Opportunity Commission
American Institute of Certified Public Accountants
Center for Internet Security
Information Systems Audit and Control Association
Committee of Sponsoring Organizations of the Treadway Commission
Cloud Security Alliance
International Auditing and Assurance Standards Board
International Auditing and Assurance Standards Board
American Institute of Certified Public Accountants
American Institute of Certified Public Accountants
Answer a few questions about your business. Get a complete compliance program — policies, procedures, and operational forms — tailored to your risk profile and mapped to every obligation. Ready in minutes.
Defense & National Security Compliance Policy
Risk-calibrated · 10–15 sections
Operational Procedures
Step-by-step · Staff-ready
Forms & Checklists
Operational forms · Ready to use
The AUKUS trilateral security pact (Australia-UK-US) and NATO joint programs mean that Australian, British, and European defense contractors must now meet US compliance standards — CMMC, ITAR, DFARS — to participate in joint defense programs.
Whether it's AUKUS Pillar II advanced capabilities, F-35 supply chain participation, or NATO DIANA innovation projects, international companies face the same compliance stack as US defense primes. AuditDSS gives you visibility into exactly which obligations apply.
Australian and UK companies participating in submarine programs, quantum computing, AI/autonomy, hypersonics, and electronic warfare must achieve CMMC Level 2+ and ITAR compliance. The US is streamlining export controls for AUKUS partners, but the cybersecurity bar remains.
European defense SMEs bidding on NATO contracts, joint procurements, or participating in NATO DIANA need to demonstrate CUI handling compliance equivalent to NIST 800-171. CMMC reciprocity agreements are still evolving — score your gaps now.
Tier 2 and Tier 3 subcontractors are the weakest link. DFARS 252.204-7012 flows down to every subcontractor handling CUI. CMMC certification will be required at contract award — not after.
Score your existing policies against 41,420 obligations — or generate a complete compliance program tailored to your business in minutes.