In 2026, organizations no longer need a physical shipment to trigger export-control risk. Data movement alone can be enough. I sat down with Steven Casazza, President of Defense Trade Solutions, to discuss the overlap between CUI, CMMC, and export controls.
Cloud collaboration platforms, remote workforces, international subsidiaries, and third-party vendors have made cross-border data access routine. This is often without organizations realizing when export-controlled and sensitive data is involved. For companies operating in or adjacent to the Defense Industrial Base (DIB), that creates a growing blind spot at the intersection of cybersecurity compliance (CMMC) and U.S. export control regulations.
Your people may never leave the U.S., but your data already has.
Watch Steven Casazza (Defense Trade Solutions) and myself explain where CUI, CMMC, and export controls intersect—and why many organizations underestimate the resulting risk.
Export control exposure is no longer limited to intentional transfers or physical shipments. In modern digital environments, routine business operations can create export compliance risk, including:
From an export control standpoint, the question is no longer whether data is moving, but who can access controlled data, from where, and under what legal authority.
Many organizations still treat CMMC compliance and export controls as separate workstreams. In reality, they overlap in several critical areas:
CMMC focuses on protecting sensitive information through defined cybersecurity controls. Export controls add a legal and regulatory layer to the mix. Specifically, who is legally permitted to access controlled technical data, where that data may reside, and from which countries it may be accessed .
CUI and ITAR are two different things… but ITAR can also fit under CMMC if it’s done under a federal contract.
Organizations most exposed to this risk often don’t see themselves as exporters at all, including:
Even CMMC-aware organizations remain exposed if they cannot confidently answer:
These are not hypothetical questions; they are the foundation for both cybersecurity compliance and export control defensibility.
Organizations getting ahead of this risk are taking a deliberate, export-aware approach to data governance and system design:
This isn’t about stopping collaboration. It’s about enabling global collaboration without creating hidden export-control violations.
This is not a problem one discipline can solve alone.
When these perspectives work together, organizations reduce risk without over-engineering systems or slowing the business.
Compliance failures often do not stem from bad intent. They stem from blind spots.
Understanding how your data moves, who can access it, and how that aligns with both cybersecurity and export-control requirements is no longer optional. In 2026, data awareness is a foundational compliance control.
Defense Trade Solutions (DTS) is a global trade compliance firm supporting small- and mid-sized aerospace and defense companies. DTS operates as a fractional trade compliance office, helping organizations navigate ITAR/EAR requirements, foreign military sales, technology security & foreign disclosure (TSFD), logistics & customs compliance, and international regulatory obligations, so compliance becomes a competitive advantage, not a barrier to international business.
Steven Casazza is President of Defense Trade Solutions. Steven brings two decades of experience shaping defense trade and export strategies. Today Steven helps aerospace and defense companies remove friction, navigate complex regulations, and accelerate approvals by translating policy into practical processes - aligning commercial growth with U.S. national security and foreign policy priorities while moving at the speed of business. He previously served as an ITAR Empowered Official, building global trade compliance programs at mid-tier defense firms, operationalizing Technology Security & Foreign Disclosure (TSFD) requirements to secure export policy approvals for critical technologies, and helped establish Foreign Military Sales (FMS) & Direct Commercial Sales (DCS) export policy and export-control reform requirements while supporting the Department of Defense. He is a serving member of the Department of State’s Defense Trade Advisory Group and Vice Chair of the National Defense Industrial Association International Division.