Improving ITAR compliance: Data loss, encryption
I’ve worked with quite a few customers over the past few years around International Traffic in Arms Regulation (ITAR) compliance and other similar foreign national compliance law here in the US. We’ve had customers implement Oracle IRM solutions primarily to address their concerns over ITAR regulation and IRM is a great way to really address some of the challenges around controlling who has access to what (preventative controls) and also being able to show that you are able to control this access and provide reports (monitoring controls). ITAR can be quite confusing and the areas of information it covers quite vast.
What is ITAR?
Wikipedia is always a good start…
“International Traffic in Arms Regulations (ITAR) is a set of United States government regulations that control the export and import of defense-related articles and services on the United States Munitions List (USML). These regulations implement the provisions of the Arms Export Control Act (AECA), and are described in Title 22 (Foreign Relations), Chapter I (Department of State), Subchapter M of the Code of Federal Regulations. The Department of State interprets and enforces ITAR. Its goal is to safeguard US national security and further US foreign policy objectives.”
Basically if your company creates any product or intellectual property that can be used to build a weapon then you need to ensure that information about your product is controlled and can only be accessed by “approved” persons. Essentially, the US government doesn’t want advanced weapons ending up in Iran, Syria and other embargoed countries.