Blog

AI Governance for Defense Contractors: CMMC, DFARS, and Audit Readiness

CMMC AI compliance audit preparation for defense contractors: map AI controls to CMMC 2.0 domains, satisfy DFARS clauses, build audit trails, and close gaps before your C3PAO assessment.

12 min read

Defense contractors deploying AI tools face a compliance problem that most generic governance frameworks were not designed to solve. CMMC AI compliance audit preparation requires mapping AI system behaviors to specific CMMC 2.0 practice domains, satisfying DFARS clause obligations that predate modern AI tooling, and producing documented evidence that a Certified Third-Party Assessment Organization (C3PAO) can verify. Each of those requirements has distinct evidence expectations — and failing any one of them produces findings that delay or derail an assessment.


Why CMMC and DFARS Create Distinct AI Governance Obligations

DFARS AI compliance starts with two clauses that most defense contractors already live under: DFARS 252.204-7012 (Safeguarding Covered Defense Information) and DFARS 252.204-7021 (CMMC Requirements). Neither clause was written with large language models or AI-assisted decision tools in mind, but both apply to any system that processes, stores, or transmits Controlled Unclassified Information (CUI) — and AI systems routinely do all three. The practical consequence is that AI governance defense contractors must treat AI tools as in-scope systems under their existing DFARS obligations, not as separate software categories. An AI assistant that ingests contract documents, a code generation tool that touches source repositories containing export-controlled technical data, or an analytics platform that processes procurement records — each of these is a CUI-handling system the moment it touches covered data. Where AI compliance government contractors most often go wrong is assuming that a vendor’s SOC 2 report or ISO 27001 certification covers their DFARS obligations. It does not. DFARS 252.204-7012 requires contractors to implement NIST SP 800-171 controls on their own systems and to flow down requirements to subcontractors. If an AI vendor processes CUI on your behalf, you need a written agreement, evidence of their control implementation, and a mechanism to verify it — none of which a vendor certification automatically provides. CMMC 2.0 adds a third layer. Unlike the self-attestation model that existed under earlier DFARS guidance, CMMC Level 2 (which applies to most contractors handling CUI) requires a triennial C3PAO assessment against all 110 NIST SP 800-171 practices. AI systems that touch CUI are assessed alongside every other in-scope system. A governance program that treats AI as an exception will produce gaps that assessors will find.


Mapping AI Controls to CMMC 2.0 Practice Domains

The AI governance CISO defense contractor challenge is translating abstract AI governance principles into the specific evidence artifacts that CMMC assessors look for. These are the domains where AI systems most frequently create compliance exposure.

  • Access Control (AC) — CMMC practices 3.1.1 through 3.1.16 require that access to CUI be limited to authorized users and that access is controlled at the system and function level. For AI systems, this means role-based access controls on the AI platform itself, documented user provisioning and deprovisioning procedures, and evidence that AI-generated outputs containing CUI are not accessible to unauthorized parties. Assessors will ask for access control lists, provisioning logs, and configuration exports showing how the AI system enforces least privilege.
  • Audit and Accountability (AU) — This is where AI governance audit trail requirements become concrete. CMMC practices 3.3.1 through 3.3.5 require that systems generate audit logs of user activity, that those logs are protected from modification, and that the organization reviews logs for anomalous activity. AI systems must generate logs of who queried the system, what data was submitted, and what outputs were produced. Many AI platforms do not generate logs in a format that satisfies these requirements out of the box — this gap requires either platform configuration or a compensating control.
  • Configuration Management (CM)NIST SP 800-171 Rev. 2 practices 3.4.1 through 3.4.9 require that organizations establish and maintain baseline configurations and control changes to those baselines. For AI systems, this includes documenting the model version in use, the configuration of any fine-tuning or retrieval-augmented generation components, and the process for approving and testing changes before deployment. Model updates — even minor ones from a vendor — constitute configuration changes and must go through your change management process.
  • Identification and Authentication (IA) andSystem and Communications Protection (SC) round out the high-exposure domains. AI API integrations frequently use shared service accounts or API keys that do not satisfy multi-factor authentication requirements. Data in transit between your systems and AI platforms must be encrypted in accordance with SC practices, and you need documented evidence of the encryption standards in use.

For a broader view of how these controls fit into recognized governance frameworks, see AI Governance Frameworks Compared: ISO 42001, NIST AI RMF, and EU AI Act.


Building an Audit-Ready AI Governance Program for Defense Contractors

An AI compliance audit defense contractor program needs four structural components: a policy layer, a roles and responsibilities layer, a documentation layer, and an evidence management layer.

  • Policy layer — Your AI governance policy must explicitly address AI systems as in-scope under your cybersecurity program. It should define what constitutes an AI system, establish approval requirements before AI tools are deployed in CUI environments, and set requirements for vendor assessment. This policy should be version-controlled, reviewed annually, and signed by an executive with authority over the program.
  • Roles and responsibilities — AI governance defense contractors that pass assessments typically have a named AI system owner for each in-scope AI tool, a process for that owner to coordinate with the CISO and compliance function, and a documented escalation path for AI-related incidents. The AI system owner is responsible for maintaining the system security plan entry for their tool and for producing evidence during assessments. See Enterprise AI Governance: Roles, Committees, and Accountability Structures for a detailed treatment of how to structure these roles.
  • Documentation layer — Every in-scope AI system needs an entry in your System Security Plan (SSP) that describes the system boundary, the data it processes, the controls implemented, and any planned mitigations for gaps. The SSP entry should reference your AI-specific policies and link to configuration documentation. Assessors will read SSP entries carefully; vague descriptions of AI systems as "third-party tools" without specifics are a common finding.
  • Evidence management layer — AI governance audit trail requirements are not satisfied by logs that exist somewhere in a platform — they are satisfied by logs that are collected, retained, and reviewable in a format your team can produce during an assessment. Build a process for exporting and archiving AI system logs on a defined schedule, storing them in a protected location, and confirming retention periods align with your SSP commitments.

For a comprehensive checklist covering these and related requirements, see AI Audit Readiness: The Complete Checklist for Regulated Organizations.


Conducting a CMMC AI Readiness Assessment: Steps and Gap Analysis

A CMMC AI readiness assessment is a structured self-evaluation that maps your current AI control implementation against the 110 NIST SP 800-171 practices, identifies gaps specific to AI systems, and produces a prioritized remediation plan. Running this before a formal C3PAO assessment gives you time to close findings rather than receive them as deficiencies.

  • Step 1: Inventory AI systems in scope. List every AI tool that processes, stores, or transmits CUI — including AI features embedded in larger platforms and AI tools used by subcontractors who handle your CUI. Many contractors undercount here because AI features are bundled into software they already use.
  • Step 2: Map each system to CMMC practice domains and assess control implementation. For each AI system, identify which practice domains it touches, then determine whether each relevant control is fully implemented, partially implemented, or not implemented. Partial implementation is the most common finding — audit logging is enabled but logs are not reviewed on schedule, or access controls exist but API keys are not rotated. Document this mapping in a spreadsheet that links each system to the relevant practices and their implementation status.
  • Step 3: Score and prioritize gaps. CMMC 2.0 uses a scoring model where each of the 110 practices carries a point value. Practices that are not implemented result in score deductions; partial implementation may also result in deductions depending on the assessor’s judgment. Prioritize gaps in high-weight practices and in domains where AI systems create the most exposure — AU and AC are typically the highest priority.
  • Step 4: Build a Plan of Action and Milestones (POA&M). For each gap, document the remediation action, the responsible owner, and the target completion date. CMMC 2.0 allows limited use of POA&Ms for certain practices, but practices in the highest-weight categories must be fully implemented at assessment time. Do not rely on POA&Ms as a substitute for control implementation in AU, AC, or IA.

AI compliance government contractors who run this process six to twelve months before their assessment have enough time to implement technical controls, update documentation, and collect the evidence artifacts assessors will request. For detailed guidance on what regulators require from AI audit logs specifically, see AI Audit Trail Requirements: What Regulators Actually Expect.


Common Audit Failures and How to Fix Them Before Your Assessment

Assessors conducting AI compliance audits for defense contractors consistently flag the same categories of deficiency. Each one is addressable before your C3PAO assessment if you know where to look.

  • Undocumented AI systems in the SSP. The most common finding is an AI tool that is in use but not documented in the System Security Plan. Assessors conduct interviews and review system inventories; they will ask employees what tools they use to do their work. If an AI tool surfaces in an interview but is not in the SSP, the contractor has a documentation gap and potentially an unauthorized system finding. Fix: complete your AI system inventory before the assessment and update the SSP to include every in-scope tool.
  • Insufficient audit logging. DFARS AI compliance requires that CUI-handling systems generate and retain audit logs. Many AI platforms generate logs in proprietary formats that are not exported or archived. Assessors will ask to see logs and will ask how long they are retained. Fix: configure log export for every in-scope AI system, establish a retention schedule that matches your SSP commitments, and document the log review process.
  • API key and service account hygiene. AI integrations frequently use API keys that are shared across users, stored in plaintext in configuration files, or never rotated. This violates IA practices and creates an access control gap. Fix: audit all AI API keys, assign them to named service accounts with documented owners, implement rotation schedules, and store keys in a secrets management system.
  • Missing vendor agreements. If an AI vendor processes CUI on your behalf, you need a written agreement that establishes their security obligations, gives you the right to audit their controls, and specifies incident notification requirements. Many contractors use AI tools under standard commercial terms that do not include these provisions. Fix: review vendor agreements for every AI tool that touches CUI and execute a CUI protection agreement or equivalent before your assessment.
  • No change management process for AI systems. Model updates, configuration changes, and new AI feature rollouts must go through your change management process. Assessors will ask whether AI system changes are reviewed and approved before implementation. Fix: add AI systems to your existing change management workflow and document that AI model version changes are treated as configuration changes requiring review.

Pillar: AI Governance Audit Readiness — the complete framework for regulated organizations preparing for AI audits.


Ready to find your gaps before your assessor does?

Run your CMMC AI readiness assessment → See also: AI Audit Trail Requirements: What Regulators Actually Expect · Enterprise AI Governance: Roles, Committees, and Accountability Structures

Brine

Build, hire, and govern every AI system in your environment.

Describe a workflow in plain English and Brine builds it, runs it on your data, and governs every step — costing and attributing each action to its agent and model, with a pre-dispatch cap that holds a step before it overspends and a signed audit trail as standard.

Scope a pilot More resources