Guidelines for ITAR Compliance and Sharing Your Technical Data
Help ensure your company's information is ITAR compliant!
AMRDEC SAFE is Down: What You Should Know About Secure File Sharing
The United States government has shut down AMRDEC SAFE (Army Aviation and Missile Research, Development, and Engineering Center - Safe Access File Exchange) due to major security concerns with the service. SAFE enabled government agencies and contractors to securely share large files with approved parties. However, outside organizations identified major security risks with the service, and it is currently unclear if SAFE will be reinstated.
Now that AMRDEC SAFE is down, it’s crucial that you select an alternative to keep your files protected. You have three options when it comes to AMRDEC SAFE alternatives:
Free Cloud Solutions - Solutions like Dropbox or Google Drive have an appealing price point, but these free solutions typically lack the safeguards you need to adequately protect data and stay compliant.
Building Your Own File Sharing Server - Building and controlling your own file sharing solution might sound like a good idea in theory, but this generally comes with large time and monetary investments. Unlike a hosted solution, the responsibly of keeping data secure falls entirely on your shoulders.
Hosted File Sharing Solutions - File sharing hosts provide secure solutions that are quickly ready for use. You can find a number of file sharing options with built-in security and compliance features.
If your organization relied on AMRDEC SAFE to securely share files containing Covered Unclassified Information (CUI), it’s time to find another way to do so, and choosing a hosted option provides the fastest deployment and the most secure solution. As you’re searching for AMRDEC SAFE alternatives, look for platform compliance.
NIST SP 800-53 and SP 800-171 (DFARS) controls
AMRDEC SAFE was run within the physical and technical boundaries under the direct control of the U.S. Military. When looking for a safe alternative, you will be looking at Cloud Service Providers (CSP). CSPs have specific requirements for technical and physical controls over CUI. There are very few CSPs that meet these requirements; they must be FedRAMP authorized and all CSP employees must be U.S. Persons.
With the AMRDEC SAFE site not working, you’re now in need of a solution that protects data in transit and at rest to FIPS 140-2 standards. Sending files via email (even encrypted email) is not an option, since sharing files this way makes your data vulnerable. Using a top AMRDEC SAFE alternative like FTP Today, your data is protected both in-transit to other parties and when it’s at rest, stored in your solution.
To ensure file sharing is secure, you want to be positive that parties sharing files really are who they claim to be. Look for an AMRDEC SAFE alternative that uses multiple authentication methods and multi-factor authentication. Multi-factor authentication requires additional One Time Passcodes (OTP) in addition to a username and password.
Multi-factor authentication takes another approach to verifying a user’s identity. When a login attempt is made, a one-time code is displayed on a special app on the user’s mobile device. The code changes every 60 seconds, too. That code is used with the login credentials to gain access to the solution.
Look for an AMRDEC SAFE alternative that offers two key access restrictions that the AMRDEC system itself did not have – country access restrictions and user IP address restrictions. As a U.S. government agency or contractor, you’re likely only sharing files with domestic recipients, or you have a list of approved international recipients. Using country access restrictions, you can limit solution access by the country in which the user is located.
User IP access controls give you an even more comprehensive level of control. You can identify IP addresses that have approved access to your solution tied directly to their username, and other access attempts from the wrong IP address will be denied. For example, if an employee attempts to log into their account on a non-secure, non-approved mobile device or from their home residential location, access will not be granted.
Expiring Links and File Retention
With AMRDEC SAFE down, you’re in need of a way to share large files, both internally and externally. Look for an AMRDEC SAFE alternative that allows you to send files using expiring links, only providing access to the file for a specific amount of time. This protects files in case the sender or recipient’s devices are compromised in the future. Also, like AMRDEC SAFE, you can be assured that files will be purged from the CSP storage system in 14 days or less.
Though the AMRDEC SAFE site is not working, your organization can’t afford to stop work, too. When you adopt a hosted file sharing solution, you can continue to securely share files and maintain alignment with government compliance regulations.
Learn more about secure file sharing alternatives to AMRDEC SAFE in this free guide.
About Martin Horan
Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.