What is ITAR?
The International Traffic in Arms Regulations (ITAR) controls the sale, manufacture, and distribution of space and defense-related services and products, as listed in the United States Munitions List (USML).
This comprehensive list includes any and all photos, diagrams, plots, graphs, or other information on materials required to build or assemble military-grade equipment. It is termed ‘Technical Data’.
What is ITAR compliance?
One of the most important mandates of ITAR is that access remains exclusive to US citizens alone. This is easy enough to follow with physical information or material, but with digital data- this control gets more complicated. This means that data on a particular network needs to comply with ITAR regulations.
This compliance is complicated for US companies because they are prohibited from sending any information to an employee hired locally unless they have authorization from the State Department. ITAR compliance must involve policies that monitor, track, and audit such technical data.
Who is required to follow ITAR compliance?
Any organization that designs, sells, manufactures, handles, or distributes any items listed in the USML must be ITAR compliant. The State Department’s Directorate of Defense Trade Controls (DDTC) holds a list of companies that are allowed to deal with USML products and services. Companies wishing to deal in USML-based products/services must register with the DDTC, which will then allow a unique code to them that may be used for a year, after which they must register again. Each organization, in turn, has to frame policies that comply with ITAR regulations.
You need to comply with ITAR if you are a:
- Contractor
- Distributor
- Wholesaler
- Computer hardware/software vendor
- Third-party supplier
It is important to remember the following example- if Company A sells a part/service to Company B, who then sells/sends it to some foreign organization- both Companies A and B are at fault and are not ITAR compliant.
Why is ITAR important?
ITAR affects sensitive data, which may be transferred by one organization to a foreign national or any data that is stored locally outside US soil so that business processes go on smoothly. Non-compliance brings hefty fines, significant damage to reputation, and a possible business loss to an ITAR-compliant competitor.
What are the recommendations for ITAR compliance?
- Test security systems and processes regularly
- Employ an information security policy
- Encrypt sensitive data
- Unique sign-in credentials for employees – managing access and controlling the same
- Monitor user behavior, information, and access activity- regular audits on event activity.
- Map vulnerabilities using a checklist
FileCloud has an intuitive and easy interface that is easy to use. Files are therefore protected from unauthorized access.
Learn more about secure and ITAR-compliant file sharing.