The Arms Export Control Act requires that all manufacturers, exporters, temporary importers, and brokers of defense articles (including technical data) as defined on the United States Munitions List (ITAR part 121) and furnishers of defense services are required to register with the Directorate of Defense Trade Controls (DDTC) as described in ITAR part 122 (part 129 for brokers).
The JCP 2345 established in 1985 to allow United States (U.S.)/Canadian contractors to apply for access to Department of Defense/Department of National Defence (DOD/DND) unclassified export controlled technical data/critical technology on an equally favorable basis in accordance with DODI 5320.25 “Withholding of Unclassified Technical Data and Technology from Public Disclosure”, and Canadian Technical Data Control Regulations.
NIST SP800-171 or just 800-171 is a codification of the requirements that any non-Federal computer system must follow in order to store, process, or transmit Controlled Unclassified Information (CUI) or provide security protection for such systems..
SOC 2 is an auditing procedure that ensures service providers securely manage data to protect the interests of the organization and the privacy of its clients.