What is ITAR?
International Traffic in Arms Regulations (ITAR) is a set of U.S. government regulations administered by the Department of State’s Directorate of Defence Trade Controls (DDTC). ITAR primarily focuses on controlling the export and import of defence-related articles, services, and technical data. The key objective of ITAR is to safeguard national security by preventing the unauthorized transfer of defence technology and knowledge to foreign entities or individuals.
What is EAR?
Unlike ITAR, Export Administration Regulations (EAR) is administered by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS). EAR regulations primarily focus on controlling the export, re-export, and transfer of commercial items, dual-use technology, software, and certain types of technical data that have both civilian and military applications.
Read more on the different aspects of ITAR and EAR here: https://www.nextlabs.com/export-controls/
Control and Audit for Export Compliance
A&D, high tech, and industrial manufacturing companies face a set of unique information security challenges in order to comply with export regulations such as The International Traffic in Arms Regulations (ITAR), Encryption and Export Administration Regulations (EAR), German BAFA regulations, and the UK Export Control Act. These regulations impose severe fines and penalties for inappropriate Deemed Export of Technical Data. Demonstrating proper controls to support these regulations is a major challenge for these firms, especially since guidelines or standards are loosely defined.
Different industries can face vastly different export restrictions, and be governed by different regulatory bodies. The civilian nuclear power industry, for example, is heavily regulated by the Nuclear Regulatory Commission (see the NRC’s documentation on import and export restrictions for nuclear material). Companies in the Life Sciences and Pharmaceutical industry, on the other hand, are also subject to export restrictions although the distinction of what is restricted for export can be complex, as you can see in the published guidance from the Department of Commerce’s Bureau of Industry and Security on export restrictions for biological items. This makes it important for organizations to have a solution that allows them to automatically apply fine-grained access controls for data subject to export restrictions.
Traditionally, companies were faced with two very expensive options to address compliance: isolate export-controlled data on separate physical networks or patch together a loose set of access controls that do little to minimize compliance risk or satisfy auditors. The first option limited business productivity by cutting off global supply chains, the Internet, and a mobile workforce, and introduced tremendous costs of maintaining duplicate infrastructures and multiple instances of critical business applications. The second option left companies exposed to severe regulatory fines and penalties.
Export Compliance Applications
NextLabs’ solution is a set of applications which include a comprehensive set of best practice policy libraries and reports required to support compliance with export regulations such as ITAR and EAR. Policy sets can be easily customized to the environment or used as templates to create new policies.
The solution allows companies to control and audit Deemed Export of Technical Data by applying policy across the servers, applications, and workstations where technical data is managed and stored. Export Control for Technical Data safeguards information within the enterprise ensures proper handling of technical data export to satisfy regulatory requirements.
The solution addresses technical data export requirements by enabling project teams to:
- Control access to technical data based on user citizenship, certification training, computer system, and physical location.
- Track and apply policy-based controls to control duplication, storage, copy/paste, printing, removable media, e-mail, IM, Web uploads, FTP, and web conferencing.
- Prevent leakage of technical data beyond certified systems and users.
- Automatically match technical data export to Export Licenses or Technical Assistance Agreements (TAA).
- Apply policy universally across data repositories and endpoints including file servers, document management, PDM/PLM applications.
- Create Information Barriers around projects, applications, and systems to prevent leakage of export-controlled technical data into uncertified systems or applications.
- Detect user activity that constitutes Deemed Export and automate the process of export license determination and/or manager approval.
- Provide a full audit trail detailing technical data access and usage to satisfy regulatory compliance audit requirements.
- Leverage best-practice policies and reports for easy and rapid deployment.
The solution actively enforces export controls by understanding the complex, business context for appropriate technical data handling and disclosure. Collaboration inside and outside the enterprise, including supply chain partners and a mobile workforce, can now be governed to demonstrate compliance with export regulations such as ITAR and EAR.
The NextLabs Export Control for Technical Data solution enables businesses to:
- Control access to technical data based on user citizenship, certification training, computer system, and physical location.
- Track and apply policy-based controls on technical data to control duplication, storage, copy/paste, printing, removable media, e-mail, IM, Web uploads, FTP, and web conferencing.
- Prevent the leakage of technical data beyond certified systems and users.
- Automatically match technical data exports to the corresponding Export Licenses or Technical Assistance Agreements (TAA).
- Detect and track user activity that may qualify as a “Deemed Export,” as well as automate the process of export license determination and/or manager approval.
To learn more, read our What are Export Controls or Technical Data Export Control blog.
