October 24, 2018

    ITAR Compliance: File Sharing & Data Transmission Standards

    ITAR (International Traffic in Arms Regulations) is a set of government regulations designed to control the export and import of defense-related articles and services. These regulations, which impact a wide range of companies, are in place to ensure that regulated technical data – both physical and digital – is only used by U.S. persons employed by the government or a government contractor. This protected data is outlined in the United States Munitions List (USML), and the goal is to keep these potentially dangerous products out of the hands of civilians, enemies of the government, or possible criminals.

    If a company fails to comply with ITAR regulations, it could face serious civil and criminal penalties. In addition to these penalties, the company could lose thousands or even millions in fines. It could be debarred from future trade, and its violations would be included on a public list, potentially costing the company business. ITAR compliance is a serious matter, and failing to comply could put your business, and even lives, at risk.

    When it comes to ITAR compliance, there are four main guidelines you’re required to follow:

    • Access Controls
    • System Management
    • Transmission of Data
    • Executable Software on Shared Systems

    This article dives into the Transmission of Data, and the steps you can take to maintain ITAR compliance.

    ITAR Requirements for Transmission of Data

    Transmission of data refers to how you share ITAR-covered data, both internally and externally. Explore the following data transmission-related standards you should align with to maintain ITAR compliance, and learn how the right file sharing solution can help you in the process.

    Data Encryption

    • What ITAR Requires: Controlled Information, or ITAR-covered information, should never be transmitted or emailed to another party unless it is encrypted. If encryption is unavailable, each piece of transferred data must be encrypted using at least application-provided mechanisms (e.g., password-based encryption available on Microsoft Office 2007 or newer).
    • What Files Sharing Solutions Can Provide: With a top file sharing solution, you have the capability to encrypt all ITAR-related data. Site administrators can set controls prevent employees from transferring files over unencrypted channels.

    Wireless Network Security

    • What ITAR Requires: The wireless network used to accessed Controlled Information should be encrypted (e.g., WPA2 Enterprise wireless network encryption).
    • What Files Sharing Solutions Can Provide: Wireless network encryption as related to ITAR compliance is the responsibility of the end-user. But, Sharetru ensures that no wireless networks at their facilities (albeit encrypted) cannot access the Sharetru network.

    Network and Solution Access

    • What ITAR Requires: Companies must monitor and control inbound and outbound network traffic, including unauthorized ingress and egress.
    • What Files Sharing Solutions Can Provide: Using a top file sharing solution, you can monitor all access to your solution. Detailed activity logs can be viewed to determine who is accessing your solution and for what purpose.

    In relation to network controls, you can also limit access based on geolocation. Sharetru offers country access restriction, so you can be sure that all who gain access to your solution are authorized users in the United States. You also have IP address restrictions, enabling you to restrict to an individual IP address or range, so you can permit only authorized users within your own company to access the solution.

    Data Theft Protection

    • What ITAR Requires: Systems and processes must be in place to detect exfiltration of data (i.e. firewalls, router policies, intrusion prevention and detection systems, or host-based security services).
    • What Files Sharing Solutions Can Provide: With a top file sharing solution, you don’t have to worry about a data breach going unnoticed. Sharetru, for example, uses an automated, proprietary Intrusion Detection and Prevention System to identify and prevent potential breaches.

    Customers of Sharetru also benefit from a system-wide hacker blacklist to ban all offending IP addresses. This list is updated within minutes of an attempted attack across the host’s entire network of servers.

    Subcontractor Standards

    • What ITAR Requires: Controlled Information should only be shared with subcontractors on a need-to-know basis, and subcontractors must adhere the same data protection standards outlined for ITAR-covered data.
    • What Files Sharing Solutions Can Provide: It is up to the individual companies to maintain ITAR compliance in relation to subcontractors. However, top file sharing solutions do have measures in place to make data sharing more secure, like the ability to send expiring links.

    How to Make Sure Your FTP Solution is ITAR Compliant

    When it comes to staying ITAR compliant, especially as it relates to data transmission, the responsibility does fall on your shoulders. But, a top file sharing solution can support you in your efforts to stay in alignment with ITAR standards. As you search for file sharing solutions to make your transmission of data secure and compliant, keep the following tips in mind:

    • Choose a vendor located in the United States. This may seem like an obvious ITAR-related point. However, many file sharing solution providers have headquarters in the U.S. but servers located outside the country. Make sure that your vendor and all its locations are within the U.S. You want to know that your data is being stored domestically at all times.
    • Everyone employed by the vendor is a U.S. citizen. Other solution providers may have servers located in the U.S., but employ non-U.S. persons. Because ITAR specifically states that all persons who handle ITAR-covered data must be U.S. citizens, from a compliance standpoint, it’s imperative that your file sharing solution is managed by U.S. citizens. While your vendor’s employees shouldn’t be accessing your data, it’s still imperative that you comply with this ITAR standard.
    • Don’t compromise on security. Failing to comply with ITAR standards is not a risk you want to take. So, make sure that the file sharing solution you choose offers the highest levels of security and can ensure that your data will be protected.

    With the right file sharing solution, you can avoid the major risks of non-compliance with ITAR regulations. A file sharing solution like Sharetru can facilitate ITAR compliant data transmissions, so you’ll never worry about employees sending emails with secure information again. You'll protect your company and ITAR-covered sensitive data.

    Are you in compliance with ITAR regulations? Download this free resource, Guidelines for ITAR Compliance and Sharing Your Technical Data to learn more.

    Tag(s): Government

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts