Controlled information handling ITAR · DFARS · CMMC L2
Sector / 06 · Defense

Manufacturing ERP for DoD-grade requirements.

ITAR export controls. DFARS clause flow-down. CMMC 2.0 cybersecurity. Counterfeit prevention. Cortrova ships these as native platform capabilities, not paid add-ons. The AI agents respect the same scope boundaries the rest of the system enforces, so controlled data does not leak through the analytics layer.

Control 01 ITAR Export 22 CFR 120-130 Controlled technical data
Control 02 DFARS Flow-Down 252.204-7012 + 7019/7020/7021 Prime to sub-tier mapping
Control 03 CMMC 2.0 Level 2 · 110 controls 14 domains for CUI
Control 04 Counterfeit AS6174 · AS5553 Quarantine workflow
Request Defense Demo → Review Security Posture
DFARS Flow-Down

Clauses cascade. Cortrova maps them.

DFARS clauses do not stop at your prime contract. They flow down through every sub-tier purchase order. Cortrova captures the inheritance at each tier, so your supplier compliance is verified before the PO is released, and your audit trail shows exactly which clauses applied to which order.

Render 057 · DFARS Clause Flow-Down Cascade
/defense/dfars-flow-down
Tier 00 Prime Contract · DoD program office 7 clauses originated
DFARS 252.204-7012Safeguarding Covered Defense Information
DFARS 252.204-7019NIST 800-171 DoD Assessment
DFARS 252.204-7020Assessment Methodology
DFARS 252.204-7021CMMC Requirements
DFARS 252.225-7048Export Controlled Items
DFARS 252.246-7007Counterfeit Electronic Part Detection
DFARS 252.246-7008Sources of Electronic Parts
Tier 01 Prime Contractor · you receive the CDI 7 inherited · SPRS score added
All 7 prime clauses inherited per 252.204-7012(m) flow-down
SPRS basic assessment posted before contract award
NIST 800-171 110 controls implemented and documented
System Security Plan maintained as living document
Tier 02 Sub-Tier Supplier · your suppliers 6 inherited · 1 dropped if no CDI
Cortrova auto-determines required clauses by part classification
PO release blocked until supplier compliance verified
Counterfeit prevention clauses always flow to electronic part suppliers
Export-controlled flag only flows when ITAR data is shared
Tier 03 Material and Component · raw and electronic parts 2 to 4 inherited · tier-appropriate
Counterfeit detection clauses required for electronic parts
Sources documentation retained per 252.246-7008
Material certs traced lot-to-PO end to end
Quarantine workflow triggers on suspect material
// 4 tiers · auto-mapped flow-down PO release blocked until verified Per DFARS 252.204-7012(m) //
CMMC 2.0 Level 2

Fourteen domains. One hundred ten controls.

CMMC 2.0 Level 2 codifies 110 controls across 14 domains for any contractor handling Controlled Unclassified Information. Cortrova maps each control to a system feature, an evidence artifact, and a responsible role, so the assessment is documentation review, not scramble.

Render 058 · CMMC 2.0 Domain Grid
/defense/cmmc-domains
Maturity Model Level 2 for Controlled Unclassified Information handlers
110 controls total
14 domains
AC Access Control 22 controls
AT Awareness and Training 3 controls
AU Audit and Accountability 9 controls
CM Configuration Mgmt 9 controls
IA Identification and Auth 11 controls
IR Incident Response 3 controls
MA Maintenance 6 controls
MP Media Protection 9 controls
PS Personnel Security 2 controls
PE Physical Protection 6 controls
RA Risk Assessment 3 controls
CA Security Assessment 4 controls
SC System and Comms Protect 16 controls
SI System and Info Integrity 7 controls
Technical Process People Physical
// 14 domains · 110 controls Each control · feature + evidence + role C3PAO assessment-ready //
Scope Registry

The AI agents respect the same boundaries.

Cortrova's Scope Registry assigns every record a classification scope. Every AI agent declares which scopes it may read and which it may write. The platform enforces both at runtime. Controlled data does not leak into a public dashboard, an export-controlled spec does not surface in a non-cleared engineer's query, and air-gap deployments stay air-gapped.

Render 059 · Scope Registry Access Matrix
/defense/scope-registry
Data Scope Quality
Agent Supplier
Agent Maintenance
Agent Mock
Auditor Cross-Domain
Analyzer
SCOPE-01 Public Marketing · published specs
SCOPE-02 Internal Employees · standard ops
SCOPE-03 CUI Controlled Unclassified Info
SCOPE-04 ITAR Controlled 22 CFR 120-130 · US persons
SCOPE-05 Air-Gap No internet egress · classified
Read and write Read only Blocked
// 5 scopes · 5 example agents Boundaries enforced at runtime Air-gap deployment supported //
cortrova-cli · secure session Authenticated
> request_demo --sector=defense --classification=CUI
> Validating credentials...
> [ AUTHORIZATION GRANTED ]

Defense-grade accountability. AI-powered intelligence.

Bring your facility security officer, your ITAR compliance lead, and your CMMC assessor. The team will tailor the demo to your prime contract, your scope boundaries, and the air-gap or commercial-cloud posture you need.

Request Defense Demo → Review Security
> Ready for input
Other Sectors

Same platform.
Tuned per industry.

Each sector page surfaces the same Cortrova platform with the compliance frameworks and capabilities most relevant to that vertical.

Render 060 · Sector Index
/sectors
Sector index 07 sectors active · same platform
01
Aerospace and Defense
AS9100 · ITAR · CMMC
FAI · Nadcap
Open
02
Automotive
IATF 16949 · PPAP
SPC · Tier 1 / 2
Open
03
Industrial
ISO 9001 · ISO 14001
Mid-market
Open
04
Energy and Utilities
OSHA PSM · EPA
Predictive Maint
Open
05
Food and Beverage
FDA 21 CFR · HACCP
SQF · FSMA
Open
06
Defense
DFARS · CMMC · ITAR
Air-gap aware
You are here
07
Government
FedRAMP · NIST 800-171
FISMA
Open
// 07 sectors One platform · tuned per vertical Same 205+ features //