Industry TemplateIndustry-Specific

Defense (US)

US defense governance starter for AI systems that may handle CUI or export-controlled data. It provides configurable ITAR/EAR detection, screening inputs, access-control mappings, human-review rules, and retention settings for operators to validate in eligible air-gapped or high-assurance environments.

This template is a configurable starting point and control mapping. It is not certification, legal advice, or a guarantee of compliance; validate it against your obligations and environment before use.

Regions

US

References

8 references

Mapped Control Domains

5 mapped domains

Deployment

Fully Air-gapped, Sovereign Region

Referenced Frameworks, Standards & Obligations

ITAR (22 CFR 120-130)EAR (15 CFR 730-774)NIST SP 800-53 Rev. 5DoD Directive 3000.09, Autonomy in Weapon Systems (2023)DoD AI Ethical PrinciplesFedRAMP HighDFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting)DFARS 252.204-7021 (Cybersecurity Maturity Model Certification Level Requirements)

Mapped Control Domains

Access Control
Data Encryption
Audit Logging
Export Control
Human Oversight

Deployment profiles

Fully Air-gapped
Sovereign Region

Get started in 3 steps

1

Open the template

Open the catalog entry in the Keeptrusts console and review its included controls, references, and deployment metadata.

2

Adapt the configuration

Use the template as a starting point, then adjust relevant policies, thresholds, routing, and review settings for your requirements.

3

Validate before rollout

Test every outcome you configure—such as allow, redact, block, or operator review—before deploying through a supported gateway workflow.