Control Plane DPE
The Data Policy Engine is the enforcement layer of the Kiteworks secure data exchange platform. It ensures that every piece of sensitive data moving into, out of, or through your organization — whether accessed...
CPCSC Certification: Are Canadian Defence Suppliers Ready for 2026?
On April 14, 2026, the Government of Canada officially introduced Level 1 of the Canadian Program for Cyber Security Certification (CPCSC), the country’s first mandatory cyber security certification for defence...
Achieve CPCSC Compliance: Certify Your Defence Supply Chain Without the Complexity
CPCSC is Canada's mandatory cyber security certification for defence suppliers handling sensitive unclassified government information. Managed by Public Services and Procurement Canada, the program requires certification across three levels: Level 1 (13...
How Israeli Government Agencies Maintain Data Processing Records Under Amendment 13
Israeli government agencies face stringent obligations under Amendment 13 to the Protection of Privacy Law, which establishes explicit requirements for documenting data processing activities. These records serve as the foundation...
How Government-Adjacent Organisations Meet Amendment 13 Public Body Requirements
Government-adjacent organisations occupy a unique regulatory position. They perform public functions, manage citizen data, and deliver services with public sector characteristics, yet often operate outside traditional civil service frameworks. Amendment...
AI Compliance Requirements for State and Local Government: What You Need to Know
State and local government agencies are deploying AI across citizen services, public safety, benefits administration, tax enforcement, and court systems at a pace that has outrun the governance frameworks most...
AI Compliance Requirements for Federal Contractors: What You Need to Know
Federal contractors occupy one of the most demanding AI compliance environments in the enterprise market. The regulatory stack they operate under — CMMC 2.0, NIST 800-171, FedRAMP, ITAR, FISMA, and...
CMMC 2.0 and AI Agents: What “Authorized Access” Means for CUI-Touching Workflows
Defense contractors are deploying AI agents across proposal development, program documentation, supply chain management, and technical data workflows. Many of these workflows touch controlled unclassified information. That puts them squarely...
NIST 800-171, CUI, and AI: What Your System Security Plan Is Missing
Thousands of organizations handle controlled unclassified information under government contracts without being in the CMMC certification pipeline. Federal contractors, research universities, state agencies, technology suppliers, and professional services firms that...
Canada ITSG-33 and AI: Meeting CSE’s Security Control Framework in Agentic Environments
Canadian federal agencies, their contractors, and private sector organizations that handle government-classified information are deploying AI agents across document processing, citizen service workflows, regulatory review, and program administration. Many of...
ITAR, AI Agents, and Controlled Technical Data: The Export Control Compliance Gap
Defense contractors and aerospace manufacturers are deploying AI agents across proposal development, engineering documentation, technical data package management, and supply chain workflows. Many of these workflows touch controlled technical data...
Why FIPS 140-3 Encryption Matters for AI Agent Data Access
Most organizations deploying AI agents against regulated data believe they have encryption covered. The API calls use TLS. The data at rest is AES-256. The model hosting provider has a...
The Federal Government Just Told You Its Cloud Security Process Is Broken
On March 18, 2026, ProPublica published an investigation that should alarm every organization that relies on FedRAMP authorization as a trust signal for cloud security. The story is straightforward: Federal...
CMMC 2.0 Levels Explained: Advanced and Expert Cybersecurity Guide
MMC 2.0 Level 2 (Advanced) Level 2 (Advanced) is the second level of the CMMC 2.0 framework. It is an intermediate level that requires companies to implement more specific practices...
Only 48 Cloud Services Hold FedRAMP High authorization — and Agencies Are Feeling the Squeeze
The scarcity of FedRAMP High authorized cloud services is not an abstract compliance concern. It is a procurement bottleneck that forces federal agencies to make security tradeoffs with their most...