CMMC, ITAR, DFARS, DTCA, DISP, NIST 800-171 — AuditDSS maps the full defense compliance landscape across AUKUS partners and tells you exactly where you stand.
320+
Regulatory frameworks
146,445+
Scored obligations
21+
Jurisdictions
25
Industries covered
The AUKUS partnership has fundamentally changed defense compliance for Australian, US, and UK companies. Australian defence contractors must now demonstrate compliance with US CMMC and ITAR requirements to participate in AUKUS programs. DFARS cybersecurity clauses flow down through every subcontract tier. Australia's own DTCA controls defence exports, while the Defence Industry Security Program (DISP) governs facility clearances. NIST 800-171 sets the cybersecurity baseline that CMMC builds on. And the Security of Critical Infrastructure Act (SOCI) captures defence-adjacent assets.
Most defence SMEs discover they're non-compliant when they lose a contract they thought they'd win. AuditDSS maps every obligation before the tender closes.
That's what AuditDSS does.
10,473+ defense compliance obligations scored and ready.
Cybersecurity Maturity Model Certification — required for all DoD contracts.
International Traffic in Arms Regulations — controls defence article exports.
Australian Defence Trade Controls — DSGL goods and technology export permits.
NIST SP 800-171 — CUI protection baseline. Foundation for CMMC.
DFARS cybersecurity clauses — flow down to every subcontract tier.
Critical infrastructure protection — defence assets are covered entities.
Answer a short questionnaire about your business — what you produce, where you operate, which programs you target. AuditDSS identifies exactly which regulations and obligations apply to you.
See your compliance posture scored across every applicable regulation. Understand where you're covered, where gaps exist, and which gaps carry the highest risk.
Get tailored compliance policies, procedures, and documentation generated for your specific business. Not templates — documents calibrated to your size, operations, and risk profile.
Map your existing evidence — cybersecurity controls, export control records, facility security documentation, supply chain assurance — to specific obligations.
SIEM logs, vulnerability scan results, access control records, and incident response documentation. AuditDSS maps your security controls to CMMC practices, NIST 800-171 requirements, and DFARS cybersecurity clauses — the exact evidence assessors need.
ITAR licences, DTCA permits, technology access records, and deemed export controls. Direct evidence for ITAR compliance, DTCA obligations, and AUKUS technology sharing requirements.
Security clearance records, facility access logs, visitor management, and physical security assessments. Maps to DISP requirements, NIST 800-171 physical protection controls, and SOCI obligations.
Supplier assessments, flow-down compliance records, subcontractor certifications, and SCRM documentation. Evidence for DFARS supply chain requirements, CMMC subcontractor obligations, and Modern Slavery reporting.
You don't need a new GRC platform for each framework. You need one platform that maps your existing security evidence to obligations across CMMC, ITAR, DFARS, DTCA, and NIST simultaneously. That's what AuditDSS does.
Most compliance platforms tell you what you must do to avoid penalties. AuditDSS also tells you what you gain by complying.
CMMC certification is mandatory for DoD contracts — no certification, no contract
Cross-reference AU, US, and UK defence requirements for AUKUS program eligibility
ITAR and DTCA violations carry criminal penalties including imprisonment
Demonstrate DFARS compliance to prime contractors and win subcontracts
Documented security programs support DISP membership applications
Pre-mapped evidence for CMMC assessors, ITAR auditors, and DISP reviewers
Map compliance across CMMC, ITAR, DFARS, and DTCA simultaneously. See which obligations overlap and where gaps exist across AUKUS partner requirements.
Understand exactly which DFARS clauses flow down to your subcontract tier. CMMC Level 2 certification is mandatory — know your gap before the assessment.
Manage DISP membership, facility clearances, and personnel security obligations. AuditDSS shows which security controls satisfy multiple frameworks simultaneously.
ITAR and DTCA obligations mapped to specific evidence requirements. Generate export compliance policies that satisfy both US and Australian regulators.
Answer a few questions, discover every defence regulation that applies to your business
Not just "you need CMMC compliance" but the 584 specific obligations within CMMC, scored by risk
See exactly where you're compliant and where you're exposed across AUKUS partner requirements
Deterministic document generation calibrated to your business. Every clause traced to regulatory text.
Company Mode for your own compliance. Advisor Mode for consultants managing multiple defence clients.
Discover which regulations apply to your business in minutes — or book a walkthrough to see AuditDSS in action.
Building defense technology? AuditDSS provides the compliance intelligence layer for cybersecurity, export control, supply chain assurance, and facility security platforms. Contact us about integration partnerships