Guide to ITAR Rules in the Compliance Center
This table defines the ITAR rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.
| Rule (click to see text) | Description | Steps for complying | Validation |
|---|---|---|---|
| 120.6 | Identify which documents are defense articles. | In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies defense articles. | If the metadata set exists and is enabled, status is OK; if not, status is Issues. |
| 120.10 | Identify which files contain technical data. | In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies technical data. (To carry out compliance, you must use smart classification to apply the metadata tag to technical data.) | If the metadata set exists and is enabled, status is OK; If not, status is Issues. |
| 120.13 | Only allow access to the system from within the US. | In the Compliance Center, click the Edit button for the rule, and select a DLP rule that blocks users from logging in from outside locations. Only DLP rules for the LOGIN action are available for selection. | If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from outside the US, status is Issues. |
| 120.15 | Only allow US residents to access the system. | Enabling the rule to confirm that your system checks if all users are US residents is all that is necessary to pass the compliance check. | None |
| 120.17 | Do not permit public sharing. |
| If the DLP rule exists and is enabled and there are no existing public shares, status is OK; if not, or if modifications to the rule allow public shares, status is Issues. |
| 120.25 | Allow at least one user access to the Compliance system. | To enable at least one user to manage the Compliance Center:
| If one or more Admin users have access to the Compliance Center, status is OK; if not, status is Issues. |
| 120.50 | Prevent unauthorized access to data by non-US residents. | Install FileCloud with an enterprise license or a license that includes a Digital Rights Management (DRM) component. | If a proper license is installed, status is OK; if not, status is Issues. |
| 120.54(2)(3) | Prevent data from being shared with non-US entities. | Remove any existing public shares or change them to private. | If any public shares exist, status is Issues. |
| 120.54(5) | Confirm that data is only transferred between US entities. |
| If HTTPS is not used, storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues. |
| 120.55 | Keep decryption methods secure. | Enabling the rule to confirm that decryption keys are kept confidential in your system is all that is necessary to pass the compliance check. | None. |
| 123.1 | Ensure that proper permission is given if data is shared with non-US entities |
| If Set Share Mode is Allow All Shares or any public shares exist, status is Issues. |
| 123.26 | Maintain records of all data shared with non-US entities | In the Admin portal, go to Settings > Admin and set the Audit Logging Level to FULL. | If Audit Logging Level is set to OFF or REQUEST, status is Issues. |
| 126.1 | Deny access to the system by prohibited countries | In the row for the rule in the Compliance Center, click the Edit button and select a DLP rule that blocks users from logging in from those countries. Only DLP rules for the LOGIN action are available for selection. | If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from those countries, status is Issues. |
| 127.1 | Confirm that reports of violations of compliance rules can be exported. | Enabling the rule to confirm that there is functionality to export reports of compliance rule violations from this page is all that is necessary to pass the compliance check. | None |