[Verse 1] DFARS cascades down like dominoes in motion Canadian subs must catch what U.S. primes are throwing Seven-oh-twelve point two-five-two demands compliance Cross-border contracts need cyber defiance When Lockheed calls Toronto, rules don't disappear NIST eight hundred seventy-one becomes crystal clear [Chorus] SPRS is the score that opens the door Non-U.S. entities need one-ten or more CUI crossing borders where ITAR collides GCC-High equivalent keeps secrets inside Remember the acronyms, master the game CMMC compliance burns the same flame [Verse 2] System Security Plans need SAR approval first Canadian clouds must prove they quench the thirst For FedRAMP equivalent authorization paths Microsoft's northern servers do the math When export controls meet controlled unclassified Your cloud infrastructure cannot hide [Chorus] SPRS is the score that opens the door Non-U.S. entities need one-ten or more CUI crossing borders where ITAR collides GCC-High equivalent keeps secrets inside Remember the acronyms, master the game CMMC compliance burns the same flame [Bridge] EAR intersections complicate the maze CCCS approved solutions count these days From Waterloo to Vancouver's tech scene Cross-border data flows need squeaky clean Assessment scope determination maps the boundary lines Where U.S. requirements meet Canadian designs [Verse 3] Supplier Performance Risk System won't forget Your cybersecurity posture places the bet Medium level controls for sensitive info High level assurance for the classified flow Assess, develop, implement, manage the cycle Canadian contractors ride the same bicycle [Chorus] SPRS is the score that opens the door Non-U.S. entities need one-ten or more CUI crossing borders where ITAR collides GCC-High equivalent keeps secrets inside Remember the acronyms, master the game CMMC compliance burns the same flame [Outro] Defence industrial readiness knows no border When cyber meets maple leaf, maintain the order
← 1 CMMC Current State | 3 Building the Dual-Market Offering →