CMMC, NIST 800-171, ITAR, DFARS, DTCA, SOCI — AuditDSS maps the complete defense compliance ecosystem across Australia, the US, and the UK. Every obligation decomposed, scored, and cross-referenced.
9,961
Defense obligations
6
Frameworks
320+
Regulatory frameworks
146,445+
Scored obligations
Before AUKUS, Australian defense contractors had one primary compliance relationship — with the Australian Department of Defence via DISP. Now they need CMMC certification to participate in US DoD programs, ITAR compliance for any defense article transfer, DFARS cybersecurity clauses flowing down through every subcontract tier, and NIST 800-171 as the cybersecurity baseline. Australia's own DTCA still controls exports. And SOCI captures defense-adjacent critical infrastructure.
These frameworks overlap significantly — a single security control might satisfy CMMC Practice CA.L2-3.12.1, NIST 800-171 control 3.12.1, DFARS 252.204-7012, and DTCA record-keeping simultaneously. But no defence contractor has visibility into these overlaps.
AuditDSS maps every cross-reference.
9,961 obligations across 6 frameworks, scored and ready. AuditDSS is the only platform that decomposes ALL of them and shows how they connect.
Updated March 2026 — new frameworks added regularly
The gateway to US DoD contracts. Level 2 requires 110 NIST 800-171 practices. Level 3 adds 24 NIST 800-172 practices. No certification, no contract.
The cybersecurity baseline that CMMC builds on. 14 control families, 110 security requirements for protecting CUI.
DFARS cybersecurity clauses flow down through every subcontract tier. 252.204-7012 is the most-cited clause in defense procurement.
Controls defense article exports. Violations carry criminal penalties including imprisonment. AUKUS exemptions are narrow and specific.
Australia's Defence Trade Controls Act. DSGL goods and technology require permits. The AU counterpart to ITAR.
Identify every defense regulation that applies based on your contract tiers, export activities, and infrastructure classification. See the complete obligation landscape across CMMC, ITAR, DFARS, DTCA, and SOCI.
See how a single security control satisfies obligations across multiple frameworks simultaneously. One access control implementation can map to CMMC, NIST 800-171, DFARS, and DTCA.
Generate policies and procedures calibrated to defense requirements. System Security Plans, incident response procedures, export control manuals — every clause traced to specific regulatory text.
Pre-mapped evidence for CMMC assessors, ITAR auditors, and DISP reviewers. Know your readiness score across all six frameworks before the assessment begins.
SIEM logs, vulnerability scans, access control records, encryption configs, and MFA deployment records. AuditDSS maps your security controls to CMMC practices, NIST 800-171 requirements, and DFARS cybersecurity clauses simultaneously.
ITAR licences, DTCA permits, technology access agreements, deemed export records, and DSGL assessments. Direct evidence for ITAR and DTCA obligations — the exact documentation auditors require.
Security incident logs, risk assessments, POA&Ms, vulnerability remediation records, and business continuity documentation. Maps to SOCI reporting obligations, CMMC incident response practices, and NIST 800-171 audit requirements.
Subcontractor CMMC certifications, flow-down clause records, supplier security assessments, and SCRM documentation. Evidence for DFARS subcontractor requirements, CMMC supply chain practices, and AUKUS technology sharing conditions.
You don't need separate compliance programs for each framework. You need one platform that shows where CMMC, NIST 800-171, ITAR, DFARS, DTCA, and SOCI overlap — and where they don't. That's what AuditDSS does.
Most compliance platforms tell you what you must do to avoid penalties. AuditDSS also tells you what you gain by complying.
Cross-reference AU, US, and UK requirements. Know your gaps before the program office asks.
CMMC certification is mandatory for DoD contracts. Pre-mapped evidence accelerates certification.
One security control can satisfy 4+ frameworks. AuditDSS shows every overlap.
ITAR and DTCA violations carry criminal penalties. Map your controls before you transfer.
Demonstrate DFARS compliance to primes. Win subcontracts with evidence-backed readiness.
Pre-mapped evidence for CMMC C3PAOs, ITAR auditors, DISP reviewers, and SOCI regulators.
Map compliance across all six frameworks simultaneously. See which controls satisfy multiple frameworks and where unique requirements exist. One dashboard for AUKUS-wide compliance.
CMMC Level 2 is mandatory. DFARS 7012 flows down to your tier. AuditDSS shows exactly which of the 110 NIST practices you satisfy and which gaps remain — before the C3PAO arrives.
ITAR and DTCA mapped to specific evidence requirements. Generate export control procedures that satisfy both US and Australian regulators simultaneously.
See how your existing security controls map across CMMC, NIST 800-171, DFARS, and SOCI. Identify the minimum set of controls that satisfies all frameworks — no duplicate effort.
Answer a few questions, discover every defense regulation that applies to your contract tiers and export activities
Not just 'you need CMMC' but 9,961 specific obligations across 6 frameworks, scored by risk
See exactly where you're compliant and where you're exposed across CMMC, ITAR, DFARS, DTCA, and SOCI
Deterministic document generation for System Security Plans, export control manuals, and incident response procedures. Every clause traced to specific regulatory text.
Company Mode for your own compliance. Advisor Mode for consultants managing multiple defense clients.
Discover which frameworks apply to your business in minutes — or book a walkthrough to see AuditDSS in action.
Building defense technology? AuditDSS provides the compliance intelligence layer for cybersecurity, export control, supply chain assurance, and facility security platforms. Contact us about integration partnerships