FTP Today is uniquely positioned to protect data subject to ITAR by providing you the infrastructure, the platform and the software to meet all ITAR requirements for handing technical data.
ITAR is the International Traffic in Arms Regulations, which is a set of United States government regulations that control the export and import of defense-related articles and services on the United States Munitions List (USML) and related technical data. ITAR requires, in relevant part, that covered material (items listed on the USML) only be shared with U.S. citizens absent special authorization or exemption.
A protected article under ITAR is any technical data stored in any form (e.g. a document or other digital file) that contains information related to items or services designated in the USML. ITAR compliance is focused on ensuring this technical data is not inadvertently distributed to foreign persons or foreign nations.
ITAR and DFARS go hand in hand
The ITAR itself only discusses the export of information related to the U.S. Munitions List. However, it is safe to conclude that nearly all ITAR and EAR data is also considered Controlled Unclassified Information (CUI). The protection of CUI is controlled by the Defense Federal Acquisition Regulation Supplement (DFARS).
In regard to technical data, DFARS states:
“The Contractor shall implement NIST SP 800-171, as soon as practical, but not later than December 31, 2017.”
NIST 800-171 states:
“Employ cryptographic mechanisms to protect the confidentiality of remote access sessions” (i.e. data in transit)
and, NIST 800-171 also requires contractors to protect the confidentiality of data at rest by employing FIPS-validated cryptography.
In addition, DFARS 252.204-7012 states:
“the Contractor shall require and ensure that the cloud service provider meets security requirements equivalent to those established by the Government for the Federal Risk and Authorization Management Program (FedRAMP) Moderate baseline and that the cloud service provider complies with requirements in paragraphs (c) through (g) of this clause for cyber incident reporting, malicious software, media preservation and protection, access to additional information and equipment necessary for forensic analysis, and cyber incident damage assessment.”
FTP Today launched The GOVFTP Cloud™ in November 2018, built for government agencies, their contractors and sub-contractors to share sensitive data with the most stringent U.S. Government security and compliance requirements, including ITAR, CJIS and DoD IL2 workloads. By partnering with Rackspace Government Solutions, The GOVFTP Cloud™ implements mandatory security controls including NIST SP 800-53 and 800-171 to meet FISMA, FedRAMP and DFARS guidelines.
As a SaaS FTP provider, FTP Today only employs U.S. citizens, and enables customers to architect solutions on the GOVFTP platform involving ITAR data (with due consideration to the customer’s shared responsibility for export-control compliance). FTP Today facilitates government contractors and subcontractors with their ITAR compliance requirements not only by providing an infrastructure and the platform that is compliant, but also by providing many software controls to enhance compliance. Learn more
For example, FTP Today provides customers with Country Blocker to prevent data from being transmitted outside the United States. This facilitates a customer’s management of their own compliance obligations while processing and storing data on FTP Today servers.
Can you confidently say your current file sharing process is ITAR safeguards compliant?
Learn more by reading our guide on “Guidelines for ITAR Compliance and Sharing Your Technical Data”