Contact us

How do I get a clearance to access unclassified military technical data for U.S. DoW work?

Unclassified military technical data may sound harmless—but it’s highly sensitive information that can reveal key capabilities or vulnerabilities of military and space systems. While not formally classified, this data falls under the United States Department of War’s (U.S. DoW) Controlled Unclassified Information (CUI) program and requires strict handling to prevent unauthorized access.

If your organization plans to work on U.S. DoW contracts or research involving this data, understanding the rules—and securing the right certifications—is essential to protect national security and maintain compliance.

What is unclassified military technical data?

U.S. DoW unclassified military technical data and related technology” refers to information that describes the design, development, production, operation, or maintenance of military or space systems, but that has not been formally classified as Confidential, Secret, or Top Secret. In other words, it is not part of the national security classification system, but it can still be sensitive.

Even when this information is unclassified, it can reveal critical capabilities or vulnerabilities, which is why U.S. DoW often places control on how it is distributed and shared. The broader framework for withholding and controlling such data is found in 32 C.F.R. Part 250, which authorizes the U.S. DoW to protect unclassified technical information that has military or space applications.

The control of unclassified military technical data is also embedded in procurement regulation DFARS 252.204-7012, which requires U.S. DoW contractors to safeguard “covered defense information” by implementing cybersecurity controls and reporting cyber incidents.

Much of this information falls under the U.S. government’s Controlled Unclassified Information (CUI) program, which fall into Level 2 of the CMMC.

Get certified for unclassified military data access

The mandate of the Canada-U.S. Joint Certification Program (JCP) is to certify U.S. and Canadian businesses who require access to unclassified military technical data that is controlled for national security reasons. The JCP ensures that only businesses with a legitimate need and proper security measures can access this information.

The JCP is administered by Public Services and Procurement Canada (PSPC) for Canada and the Defense Logistics Agency (DLA) for the U.S. Department of War.

What JCP covers and what it doesn’t

What JCP Covers

  • Certification for Access: Verifies your eligibility to receive unclassified military technical data controlled under U.S. and Canadian regulations.
  • Baseline Security Requirements: Requires a signed DD2345 agreement and a cybersecurity self-assessment aligned with NIST SP 800-171.
  • Legitimate Need Verification: Confirms your organization has a valid reason to access controlled technical information.

What JCP Does NOT Cover

  • Full Compliance Guidance: JCP does not provide detailed instructions for implementing NIST 800-171 controls or meeting DFARS cybersecurity requirements.
  • Ongoing Oversight: It does not monitor your security posture after certification.
  • Export Control Training: Businesses must seek additional resources for ITAR/EAR compliance and proper handling of Controlled Unclassified Information (CUI).

Guidance for compliance and ongoing oversight

Here are some resources to guide you once you’ve received your JCP certification.

U.S. DoW CIO CMMC Resources & Documentation

Includes scoping guides, assessment guides, and alignment to NIST standards for CMMC compliance. Explore resources here.

Cybersecurity Maturity Model Certification (CMMC)

The CMMC Program verifies that contractors implement and maintain cybersecurity measures throughout the contract period. It includes pre-award assessments and ongoing compliance checks for safeguarding Controlled Unclassified Information.
U.S. DoW CMMC Overview.

NIST Guidance

NIST SP 800-171 & SP 800-171A provide requirements and assessment methods for protecting CUI. Contractors are expected to continuously monitor and update their security posture based on these standards. NIST Contractor Guidance

Directorate of Defense Trade Controls (DDTC) – U.S. Department of State

The DDTC administers ITAR and provides compliance resources, risk matrices, and program guidelines for exporters, manufacturers, and brokers of defense articles and services. DDTC ITAR Compliance Portal.

CUI Guidance Portal

Offers detailed instructions on handling CUI, including marking requirements, waivers, and security assessments for non-federal systems using NIST SP 800-171.
Visit the CUI Guidance Portal

How to get my business ready for the U.S. DoW market?

How do I setup my business plan & resources for the U.S. DoW market?

How do I select and build relationships with my target U.S. DoW customers?
How do I select a U.S. DoW market entry approach?
How do I budget for U.S. DoW business development?
How do I conduct competitor analysis for U.S. DoW providers?
How do I build effective pitch materials for U.S. DoW contracts?
How do I prepare my team for government proposal writing?

How do I get compliant to do business with U.S. DoW?

What are DFARS and what they mean for Canadians selling to U.S. DoW?
How do I meet U.S. DoW’s cyber security requirements?
What is CMMC?
How do I get an industrial security clearance for my company?
How do I get security clearances for my employees?
How do I get a clearance to access unclassified military technical data for U.S. DoW work?
How do I get a security clearance to examine, possess, or transfer controlled goods?
How do I get ITAR compliant?
How do I set up for FAR and DFARS compliance?
CCC uses cookies and other tracking tools to offer you a better experience when you visit our site. Visit our Cookie Policy page to learn more or to change your preferences. By continuing to use our site, you consent to cookie use.
Accept