ITAR and Export Controls

Export Compliance in a Modern World

Businesses subject to International Traffic in Arms Regulations (ITAR) and export controls (including US EAR, German BAFA regulations, and the UK Export Control Act) have unique challenges as it relates to compliance and the adoption of Cloud platforms. In order to comply with the access control restrictions found in ITAR and other export control laws, it is necessary to determine where export-controlled information resides in your collaboration systems, encrypt it, control access to it, and then audit and report on access to that information. Repositories of unstructured data such as SharePoint, file servers, SharePoint Online, Office 365, and OneDrive for Business tend to accumulate technical information requiring the rigorous set of security controls that are suggested for EAR and ITAR compliance.

Demonstrating compliance with ITAR, EAR, and similar export control laws in other countries is imperative for manufacturers of export-controlled products and technologies. Achieving compliance is especially important for organizations moving to the Cloud. Recent changes to 15 CFR 734.18 of the EAR legislation were specifically intended to allow organizations to encrypt export controlled data and store it in the Cloud, or transmit it across national boundaries, provided that no unauthorized person can view the encrypted data in the clear. These changes make it possible for organizations to stored EAR regulated data in private or public Clouds as long as the necessary “end-to-end encryption”, as defined in the regulation, is in use.

Note that ITAR still does not include any encryption “Safe Harbor.”

The Covata Solution for Export Control Compliance

The Covata solution for ITAR and export controlled information helps customers comply with the end-to-end encryption requirements and leverage private and public Clouds for ITAR regulated business processes. Further, the advanced access control capabilities of the Covata solutions make it far easier to enforce and accredit “need to know” as compared to other solutions.

Features and Advantages

  • Locate ITAR and export controlled information to understand where ITAR and EAR compliance exposures exist
  • FIPS 140-2 validated AES-256 data encryption to meet end-to-end encryption requirements of EAR
  • Centralised Role- and Attribute-Based Access Controls ensure encrypted data is only decrypted for authorized users
  • Granular logging of all permitted and denied access requests to export controlled information

Resources & Products

ITAR Compliance

Get an in-depth look at how Covata can help with ITAR compiance.

Covata Whitepapers

Check out our solution briefs for ITAR and other common use cases.

Request a free trial

Sign up for a free trial of one or more Covata products.