RuleSync
Enterprise

AI Governance for Defense Contractors

Defense software handles classified data, operates under ITAR/EAR export controls, and must meet CMMC cybersecurity maturity requirements. AI rules must encode classification handling, export control, and supply chain security.

7 min read·July 5, 2025

Defense software handles classified data under ITAR, CMMC, and NIST 800-171. AI rules are security controls, not suggestions.

CMMC controls, ITAR export compliance, classification boundaries, supply chain security, and air-gapped operation

Defense Software: The Highest Compliance Bar

Defense contractor software operates under the most stringent compliance requirements in any industry. CMMC (Cybersecurity Maturity Model Certification): required for all DoD contractors. Levels 1-3 with increasing security requirements. CMMC Level 2: implements all 110 controls from NIST 800-171. ITAR (International Traffic in Arms Regulations): controls export of defense articles and technical data. EAR (Export Administration Regulations): controls export of dual-use items. Violations can result in criminal penalties, debarment from government contracts, and national security harm.

The AI governance challenge: defense software may handle CUI (Controlled Unclassified Information), FOUO (For Official Use Only), or classified information at various levels. The AI generating code must: never store or process data above its system's classification level, enforce access controls based on clearance and need-to-know, maintain an unbroken audit trail, and ensure no controlled technical data leaves authorized boundaries.

Supply chain security: defense software must account for supply chain risks. Every dependency (npm package, Docker image, library) is a potential vector for supply chain attacks. NIST 800-161 (Supply Chain Risk Management): requires vetting and monitoring of all software components. AI rule: 'Every new dependency the AI introduces must be vetted against approved software lists. Prefer dependencies from known publishers. Pin exact versions. Generate SBOM (Software Bill of Materials) for all deployments.'

CMMC and NIST 800-171 Controls

CMMC Level 2 requires implementing all 110 security requirements from NIST 800-171. Key control families for AI-generated code: Access Control (3.1): limit system access to authorized users, limit access to the types of transactions and functions authorized users are permitted to execute. Identification and Authentication (3.5): identify and authenticate users, devices, and processes. Audit and Accountability (3.3): create and retain system audit logs, ensure actions can be traced to individual users.

Media Protection (3.8): protect CUI on digital media during transport and at rest. System and Communications Protection (3.13): monitor and control communications at system boundaries, employ cryptographic mechanisms to protect CUI in transit. AI rule: 'All network communications: encrypted (TLS 1.2+ minimum, prefer TLS 1.3). CUI at rest: AES-256 encryption. System boundaries: network segmentation with monitoring. The AI must generate encrypted communications by default — unencrypted channels are never acceptable in defense systems.'

Configuration Management (3.4): establish and maintain baseline configurations, track and report configuration changes. AI rule: 'All system configurations: stored as code (Infrastructure as Code), version-controlled, and tracked. The AI should generate configurations that can be audited and compared against baselines. No manual configuration changes — everything through the change management process.'

⚠️ Unencrypted Channels = NIST 800-171 Failure

NIST 800-171 3.13.8 requires cryptographic mechanisms to protect CUI in transit. An unencrypted API call carrying CUI violates this control. The AI must never generate HTTP (only HTTPS), unencrypted database connections, or unencrypted inter-service communication. TLS 1.2 is the minimum; TLS 1.3 is preferred. This is not a best practice — it is a mandatory control that determines CMMC certification.

ITAR/EAR Export Control Compliance

ITAR controls: technical data related to defense articles (weapons systems, military equipment, space technology) cannot be shared with foreign persons without a license. This applies to: source code, design documents, algorithms, test data, and manufacturing processes. AI rule: 'ITAR-controlled projects: the AI must not suggest sharing code or technical data with foreign nationals, hosting on servers outside the US, or using cloud services without proper ITAR compliance (not all cloud regions are ITAR-compliant). All development must occur within US boundaries by authorized personnel.'

EAR controls: similar to ITAR but for dual-use items (technology with both civilian and military applications). Encryption software above certain key lengths is EAR-controlled. AI rule: 'Encryption implementation: verify EAR classification. Strong encryption (AES-256, RSA-2048+) may require EAR compliance documentation when exported. The AI should note when generated code includes controlled encryption technology.'

Practical AI rules for export control: no foreign nationals on the development team without proper licensing (TAA or DSP-5). No uploading source code to public repositories (ITAR violation). No discussing technical details on public forums or with AI services that may store data outside US boundaries. AI rule: 'ITAR project: verify that all development tools, cloud services, and AI assistants store data within US boundaries and are operated by US persons. Public code repositories, SaaS tools, and offshore development: prohibited without proper export licenses.'

ℹ️ ITAR Applies to Source Code

Source code for defense articles is ITAR-controlled technical data. Uploading ITAR-controlled source code to GitHub (even a private repo, if GitHub stores data on servers accessible to non-US persons) can constitute an unauthorized export. Defense projects must use: on-premises Git servers, FedRAMP High authorized cloud Git services, or ITAR-compliant hosted repositories. The AI should never suggest public hosting for defense code.

Classification Levels and System Boundaries

Defense systems operate at specific classification levels: Unclassified (public), CUI/FOUO (controlled but not classified), Confidential, Secret, Top Secret, and compartmented programs (TS/SCI). Each level has specific handling requirements. AI rule: 'The AI must know the system's classification level. Code generated for a CUI system must not assume it can access Secret data. Cross-boundary data transfers require formal authorization and cryptographic protection.'

Air-gapped systems: classified systems (Secret and above) operate on air-gapped networks with no internet connectivity. AI rule: 'For classified systems: no external API calls, no package downloads at runtime, no telemetry or analytics that phone home. All dependencies must be pre-loaded. The AI should generate self-contained code that operates without external connectivity.'

Cross-domain solutions: when data must flow between classification levels, it passes through a Cross-Domain Solution (CDS) with content inspection, filtering, and audit. AI rule: 'Data crossing classification boundaries: implement the approved CDS interface. Format data according to the CDS specification. Include metadata for classification marking. The AI should never generate direct connections between systems at different classification levels.'

💡 Air-Gapped = Self-Contained by Design

For classified systems on air-gapped networks: every dependency must be vendored (checked into the repo or loaded from an approved internal registry). No npm install from the internet. No Docker pulls from Docker Hub. No API calls to external services. The AI generating code for classified systems should assume zero internet connectivity and generate fully self-contained applications with all dependencies included.

Defense AI Governance Summary

Summary of AI governance rules for defense contractor software development teams.

  • CMMC: implement all 110 NIST 800-171 controls. Level 2 required for CUI handling
  • Encryption: TLS 1.3 in transit, AES-256 at rest. Unencrypted channels never acceptable
  • ITAR: no foreign persons access without license. No public repos. US boundaries only
  • EAR: encryption may be export-controlled. Document classification of encryption technology
  • Supply chain: vet all dependencies. Pin versions. Generate SBOM. Approved software lists
  • Classification: know the system level. No cross-level access without CDS authorization
  • Air-gapped: no external connectivity. All dependencies pre-loaded. No runtime downloads
  • Configuration: Infrastructure as Code, version-controlled, auditable against baselines

Related articles

Case Study: Government ContractorAI Governance for GovernmentAI Rules for FedRAMPEnterprise AI Governance Rules