Note 1 to paragraph (b): The exemption in paragraph (a) of this section does not remove other applicable U.S. statutory and regulatory requirements. For example, for U.S. authorized users, transfers of classified defense articles and defense services must still meet the requirements in 32 CFR part 117, National Industrial Security Program Operating Manual (NISPOM), in addition to all other applicable laws. Australian authorized users must, for example, meet the requirements in the Australian Protective Security Policy Framework, including appropriate security risk management for contracted providers. United Kingdom authorized users must, for example, meet the requirements in the Government Functional Standards GovS 007: Security.
22 C.F.R. §126.7