Government Compliance

• Data we handle: Controlled Unclassified Information (CUI), export-controlled technical data, Facility-Related Control Systems (FRCS) drawings/configuration files, and Risk Management Framework (RMF) artifacts supporting DoD projects.
• Regulatory drivers: DFARS 252.204-7012, DFARS 252.204-7021, NIST SP 800-171, and applicable DoD Cloud Computing SRG (DoD CC SRG) guidance drive our use of U.S.-sovereign cloud environments authorized at FedRAMP High. CDS leverages Microsoft 365 Government GCC High and Azure Government services to support secure handling of CUI and DoD-related workloads within a controlled enclave architecture. For projects requiring IL5 environments, CDS performs work within Government-furnished or client-provided IL5-authorized environments as required by contract.
• Current status: CDS (Control Defense Systems) operates a dedicated Microsoft 365 GCC High tenant and Azure Government subscription supporting secure collaboration, RMF activities, engineering documentation, and controlled DoD-related workloads within a U.S.-sovereign enclave. These environments support CDS cybersecurity and compliance activities aligned with DFARS 252.204-7012, DFARS 252.204-7021, and NIST SP 800-171 requirements. CDS has completed a CMMC Level 1 Self-Assessment with active assessment status recorded in SPRS and maintains a current NIST SP 800-171 Basic Assessment in SPRS. These environments are fully operational and in active daily use supporting internal operations and customer engagements.
• Operating model: All CUI email, file storage, collaboration, RMF artifacts, security assessment outputs, and configuration repositories are processed exclusively within the CDS GCC High and Azure Government enclave. Access is restricted to authorized U.S. persons based on role and contractual requirements. Multi-factor authentication (MFA), logging, auditing, conditional access, mobile device management, and Data Loss Prevention (DLP) controls are enforced within the enclave.
• Outcome: Our enclave architecture supports FRCS engineering, RMF activities, and secure handling of CUI aligned with IL4 workload requirements. When contracts mandate IL5 processing, CDS performs within approved Government or client-furnished IL5 environments as required.