Defense Compliance

IL4/IL5/IL6 impact levels, CMMC framework, ITAR controls, and cleared personnel cost governance.

DoD Impact Levels

IL2

Non-Controlled Unclassified

Low confidentiality requirements. Public cloud services authorized for non-sensitive government data.

125 security controls

IL4

GovCloud Required

Controlled Unclassified Information

CUI and mission critical data. DoD-authorized cloud environments required. Supports up to SECRET processing.

421 security controls

IL5

GovCloud Required

Controlled Unclassified High Value

Higher sensitivity CUI and NSS. DoD-dedicated cloud infrastructure with enhanced security controls.

612 security controls

IL6

GovCloud Required

Classified National Security Information

SECRET and CONFIDENTIAL data. Dedicated Secret cloud infrastructure required. Strict isolation mandates.

847 security controls

CMMC 2.0 Framework

Level 1: Foundational

Basic cyber hygiene for Federal Contract Information (FCI) protection.

17 practices

Level 2: Advanced

Advanced practices for Controlled Unclassified Information (CUI) protection.

110 practices

Level 3: Expert

Expert-level practices to protect against APTs. Triennial government-led assessments.

134 practices

ITAR Controls

The International Traffic in Arms Regulations (ITAR) controls the export and import of defense-related articles and services. Cloud cost data involving ITAR-controlled items requires specific handling procedures.

✓ Data Residency Requirements

✓ Personnel Clearance Tracking

✓ Access Control Logging

✓ Export License Management

✓ Audit Trail Requirements

✓ Third-Party Restrictions

DoD Impact Levels

IL2

Non-Controlled Unclassified

Low confidentiality requirements. Public cloud services authorized for non-sensitive government data.

125 security controls

IL4

GovCloud Required

Controlled Unclassified Information

CUI and mission critical data. DoD-authorized cloud environments required. Supports up to SECRET processing.

421 security controls

IL5

GovCloud Required

Controlled Unclassified High Value

Higher sensitivity CUI and NSS. DoD-dedicated cloud infrastructure with enhanced security controls.

612 security controls

IL6

GovCloud Required

Classified National Security Information

SECRET and CONFIDENTIAL data. Dedicated Secret cloud infrastructure required. Strict isolation mandates.

847 security controls

CMMC 2.0 Framework

Level 1: Foundational

Basic cyber hygiene for Federal Contract Information (FCI) protection.

17 practices

Level 2: Advanced

Advanced practices for Controlled Unclassified Information (CUI) protection.

110 practices

Level 3: Expert

Expert-level practices to protect against APTs. Triennial government-led assessments.

134 practices

ITAR Controls

✓ Data Residency Requirements

✓ Personnel Clearance Tracking

✓ Access Control Logging

✓ Export License Management

✓ Audit Trail Requirements

✓ Third-Party Restrictions