The companies have teamed to assist small and medium-sized client business DOD contractors that have obligations to comply with the ITAR and EAR for export and domestic manufacturing obligations and DFARS Cybersecurity clauses/NIST 800-171 and future CMMC auditing to be a viable DOD contractor
FD Associates, an advisory company on export matters and advises clients on the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) export and compliance, and CyberNINES LLC, a Cybersecurity Maturity Model Certification (CMMC) & NIST SP 800-171 compliance management company, announce a strategic partnership to support small to medium-sized clients within the Department of Defense (DoD) supply chain as it pertains to these important governmental regulations that deal with export and cybersecurity compliance.
Protecting the DoD’s technical data is critical to the security of the United States. Called Controlled Unclassified Information (CUI) includes ITAR & EAR designated information and this information must always be protected both in digital and physical form. Companies (DoD suppliers) are required to be aware of where such CUI data is stored and who has both physical and electronic access to it. Often smaller companies are not aware they have exported controlled technical data because it has taken place in the U.S. (a Deemed Export).
FD Associates has partnered with CyberNINES to offer clients a resource that can evaluate their companies’ network infrastructure security practices, protection, and CMMC adherence to the practices enumerated in the DFARS Cybersecurity clauses and the NIST 800-171 standard,” says Jenny Hahn, FD Associates President. “It’s critically important that clients understand their risk posture to avoid export control issues.”
The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. Many of these compromises have been caused by small to medium sized businesses that did not have the technical resources to address the complexities of cybersecurity compliance.
“Many small companies can quickly become overwhelmed with CMMC requirements,” says Scott Singer, President of CyberNINES and a retired Navy Captain. “Whether a company wants to hire a foreign national or make changes to its network using foreign persons, regulations governing export control will be invoked and can be complicated. Having this partnership ensures our clients are going to get the expert advice they need to ensure they remain compliant to US export control laws and to DFARS Cybersecurity requirements.”
FD Associates & CyberNINES partnership offers more support to clients’ cybersecurity compliance from risk assessment and remediation to adhering to complex export requirements and licensing. Clients of both companies will benefit from this partnership as they will have greater access to the expertise needed to maintain DoD contracts into the future.
About FD Associates
Since 1990, FD Associates has provided expert guidance to companies exporting commodities and services controlled for export under the International Traffic in Arms Regulations (ITAR), the Export Administration Regulations (EAR) and the Foreign Trade Regulations (FTR). Clients are from a wide range of industries, including aerospace, defense, high technology sectors, software, commercial encryption, and medical technologies.
CyberNINES is a Service-Disabled Veteran-Owned Small Business focused on cybersecurity services that provide high value and affordable CMMC & NIST SP 800-171 assessments, audits, and compliance management to small and medium-size businesses within the DOD Supply Chain. Services include Government Cloud solutions for Controlled Unclassified Information (ITAR and 600 Series) to meet DFAR 252.204-7012, 7019, and 7020 regulations and virtual CISO services to limit the cybersecurity security risk posture of suppliers and primes.