ITAR Compliance: How Does File Sharing Software Comply with Transmission of Data Standards?
ITAR (International Traffic in Arms Regulations) is a set of government regulations designed to control the export and import of defense-related articles and services. These regulations, which impact a wide range of companies, are in place to ensure that regulated technical data – both physical and digital – is only used by U.S. persons employed by the government or a government contractor. This protected data is outlined in the United States Munitions List (USML), and the goal is to keep these potentially dangerous products out of the hands of civilians, enemies of the government, or possible criminals.
If a company fails to comply with ITAR regulations, it could face serious civil and criminal penalties. In addition to these penalties, the company could lose thousands or even millions in fines. It could be debarred from future trade, and its violations would be included on a public list, potentially costing the company business. ITAR compliance is a serious matter, and failing to comply could put your business, and even lives, at risk.
When it comes to ITAR compliance, there are four main guidelines you’re required to follow:
- Access Controls
- System Management
- Transmission of Data
- Executable Software on Shared Systems
This article dives into the Transmission of Data, and the steps you can take to maintain ITAR compliance.
ITAR Requirements for Transmission of Data
Transmission of data refers to how you share ITAR-covered data, both internally and externally. Explore the following data transmission-related standards you should align with to maintain ITAR compliance, and learn how the right file sharing solution can help you in the process.
- What ITAR Requires: Controlled Information, or ITAR-covered information, should never be transmitted or emailed to another party unless it is encrypted. If encryption is unavailable, each piece of transferred data must be encrypted using at least application-provided mechanisms (e.g., password-based encryption available on Microsoft Office 2007 or newer).
- What Files Sharing Solutions Can Provide: With a top file sharing solution, you have the capability to encrypt all ITAR-related data. Site administrators can set controls prevent employees from transferring files over unencrypted channels.
Wireless Network Security
- What ITAR Requires: The wireless network used to accessed Controlled Information should be encrypted (e.g., WPA2 Enterprise wireless network encryption).
- What Files Sharing Solutions Can Provide: Wireless network encryption as related to ITAR compliance is the responsibility of the end-user. But, FTP Today ensures that no wireless networks at their facilities (albeit encrypted) cannot access the FTP Today network.
Network and Solution Access
- What ITAR Requires: Companies must monitor and control inbound and outbound network traffic, including unauthorized ingress and egress.
- What Files Sharing Solutions Can Provide: Using a top file sharing solution, you can monitor all access to your solution. Detailed activity logs can be viewed to determine who is accessing your solution and for what purpose.
In relation to network controls, you can also limit access based on geolocation. FTP Today offers country access restriction, so you can be sure that all who gain access to your solution are authorized users in the United States. You also have IP address restrictions, enabling you to restrict to an individual IP address or range, so you can permit only authorized users within your own company to access the solution.
Data Theft Protection
- What ITAR Requires: Systems and processes must be in place to detect exfiltration of data (i.e. firewalls, router policies, intrusion prevention and detection systems, or host-based security services).
- What Files Sharing Solutions Can Provide: With a top file sharing solution, you don’t have to worry about a data breach going unnoticed. FTP Today, for example, uses an automated, proprietary Intrusion Detection and Prevention System to identify and prevent potential breaches.
Customers of FTP Today also benefit from a system-wide hacker blacklist to ban all offending IP addresses. This list is updated within minutes of an attempted attack across the host’s entire network of servers.
- What ITAR Requires: Controlled Information should only be shared with subcontractors on a need-to-know basis, and subcontractors must adhere the same data protection standards outlined for ITAR-covered data.
- What Files Sharing Solutions Can Provide: It is up to the individual companies to maintain ITAR compliance in relation to subcontractors. However, top file sharing solutions do have measures in place to make data sharing more secure, like the ability to send expiring links.
How to Make Sure Your FTP Solution is ITAR Compliant
When it comes to staying ITAR compliant, especially as it relates to data transmission, the responsibility does fall on your shoulders. But, a top file sharing solution can support you in your efforts to stay in alignment with ITAR standards. As you search for file sharing solutions to make your transmission of data secure and compliant, keep the following tips in mind:
- Choose a vendor located in the United States. This may seem like an obvious ITAR-related point. However, many file sharing solution providers have headquarters in the U.S. but servers located outside the country. Make sure that your vendor and all its locations are within the U.S. You want to know that your data is being stored domestically at all times.
- Everyone employed by the vendor is a U.S. citizen. Other solution providers may have servers located in the U.S., but employ non-U.S. persons. Because ITAR specifically states that all persons who handle ITAR-covered data must be U.S. citizens, from a compliance standpoint, it’s imperative that your file sharing solution is managed by U.S. citizens. While your vendor’s employees shouldn’t be accessing your data, it’s still imperative that you comply with this ITAR standard.
- Don’t compromise on security. Failing to comply with ITAR standards is not a risk you want to take. So, make sure that the file sharing solution you choose offers the highest levels of security and can ensure that your data will be protected.
With the right file sharing solution, you can avoid the major risks of non-compliance with ITAR regulations. A file sharing solution like FTP Today can facilitate ITAR compliant data transmissions, so you’ll never worry about employees sending emails with secure information again. You'll protect your company and ITAR-covered sensitive data.
Are you in compliance with ITAR regulations? Download this free resource, Guidelines for ITAR Compliance and Sharing Your Technical Data to learn more.
About Martin Horan
Founder of FTP Today and an expert in secure file transfer and Internet protocols. A software and IT geek since a young age, Martin has successfully led his companies through the digital age by spotting market niches and filling them with quality IT services.