ITAR Training Schedule: Online Export Compliance

ITAR Training Schedule

CVG Strategy, a trusted name in ITAR and Export Compliance consulting and training announces its current ITAR Training Schedule.  CVG Strategy has been providing ITAR compliance training programs now for over a decade.  Our classes are informative, engaging, and provide time for your questions.

CVG Strategy  ITAR Compliance Training Webinars, presented by CVG Strategy’s Senior ITAR Training Manager, Kevin Gholston, provide comprehensive training in all sectors of export compliance including International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). 

Regular training is essential for companies dealing in defense articles or services and is required by both the Department of State Directorate of Defense Trade Controls (DDTC) and the Bureau of Industry and Security (BIS). 

ITAR Training Schedule for Fall 2020

October 15, 2020                                                                                     November 20, 2020

ITAR Training Schedule

Export Compliance Integration into Quality Management Principles

With ISO 9001:2015 and the new “Context of the Organization,” external regulatory requirements such as ITAR are becoming more prominent in a quality management system (QMS).  Combined with the Risk Based Thinking concept, organizations need to be aware of what auditors will be asking about ITAR/export compliance and how it affects their organization.  CVG Strategy can provide implementation, training and support for clients needing an export compliance program.

“We’ve had great success in helping companies with ITAR training and export compliance consulting,” said Cindy V. Gholston, President of CVG Strategy. “With the enhanced focus on external regulations in the new ISO 9001:2015 and AS9100D it’s important to incorporate export compliance as part of their QMS.”

Course Description

CVG Strategy’s ITAR and export compliance training conforms with the guidelines from the Department of State’s Guidelines and the Department of Commerce’s Elements.  CVG Strategy’s ITAR Training Program  keeps compliance professionals up to date on export control and export regulation developments.  This ensures that your company can avoid costly violations.

Course topics include:

  • The legal basis for ITAR and the USML (United States Munitions List)
  • EAR and CCL (Commerce Control List) as administered by the BIS
  • Technical data controls
  • Filing for Export licenses
  • Enforcement of export compliance regulations and penalties
  • How to engage in brokering activities
  • ITAR and EAR classification activities

Our Export Compliance Training Goals

Export compliance is an extremely complex subject.  While it is, without doubt, a subject of extreme importance, most training sessions available to the public are dull.  CVG Strategy encourages class participation and because we limit the size of our classes you have ample opportunity to get clarification on any questions you might have.  As a result students have a better retention of important information.

Our training provides an overview of the ITAR and EAR so that students can confidently approach the many pages of regulations they need to access in their daily functions as members of an export compliance team.

About CVG Strategy

CVG Strategy is a certified 8(a) minority woman-owned consultancy located on the Space Coast of Florida, just south of Cape Canaveral.  Areas of focus include ITAR, Product Qualification Testing, Business Operations and ISO 9001:2015 training and consulting services.  

CVG Strategy provides export consultant services, and online answers to your ITAR questions.  We also offer a wide array of signs, badges, and accessories on our ITAR Store to help keep your facility ITAR compliant.

Interim CMMC Version Released After Leadership Change

Interim CMMC Version Released
Interim CMMC Version Released

An Interim CMMC version was released on September 29, 2020 finishing off a tumultuous month at the organization.  On September 2, 2020 two members of the Cybersecurity Maturity Model Certification Accreditation Board were voted off in the midst of a conflict of interest controversy involving a pay to play strategy.  Karlton Johnson is now the chairman of the board.

DoD Interim Ruling

The interim ruling, DFARS 252.204-7012 Interim Rule, places immediate cybersecurity requirements on Department of Defense (DoD) supply chain contractors.  Among the changes is a requirement for vendors to complete security compliance with NIST SP 800-171 DoD assessment methodology. 

This assessment is to be completed by the contractor before DoD contracts can be awarded.  The DoD has encouraged contractors to respond immediately.

This assessment is based on a scoring methodology of security requirements.  The methodology is comprised of three levels (basic, medium and high).  The interim rule requires a basic level self-assessment to be completed by the contractor. 

Medium or high assessments must be completed by the government.  CMMC will not be required for for Commercially Available Off-the-Shelf (“COTS”) procurements at or below the micro-purchase threshold.

Self-attestation to NIST 800-171 is already a requirement under current regulations.  However the interim ruling allows the government to inspect compliance more carefully.

This new enforcement will become effective on November 30, 2020 and is a requirement for the award of government contracts.  This gives those affected little time to respond as the DoD is only receiving comments through November 22.

Supplier Performance Risk System (SPRS)

The SPRS is the DoD’s web-enabled enterprise application that gathers, processes, and displays data about the performance of suppliers.   DFARS clause 252.204-7012 will require contractors to have assessments completed.  After completion contractors will have an opportunity to access their SPRS score and rebut the findings.

Background on CMMC

CMMC was created  by the Office of the Under Secretary of Defense for Acquisition & Sustainment as an effective means of implementing risk based management approaches to cybersecurity.  It is a cooperative effort between the DoD and industry and is  coordinated by the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB).

The CMMC was enacted to place cybersecurity requirements on DoD contractors to achieve levels of cybersecurity maturity to protect Controlled Unclassified Information (CUI)  and Federal Contract Information (FCI) in the DoD supply chain. 

The CMMC (Cybersecurity Maturity Model Certification) Accreditation Body will approve Third Party Assessment Organizations (C3PAOs).  These Third party organizations, when accredited, will be authorized to conduct CMMC assessments and grant CMMC certifications.  The CMMC is still on target for full implementation in 2025.

Reactions to the CMMC Interim Ruling

There has been some disappointment voiced by federal contractors on the  immediacy of this change because the industry will, in effect, have limited ability to respond.  This is because this ruling was not published as a proposed draft. 

Additionally, many small business owners have expressed concerns about the increased cost involved in hiring third party cybersecurity assessors to verify compliance to the National Institute of Science and Technology standard.  To many the assessments seem redundant with final requirements of the CMMC.

The Importance of a Secure Supply Chain

The security of supply chain in the Defense Industrial Base is vital to the U.S.  There has been a broad recognition of the lack of sufficient security among suppliers to the DoD.  As with other industries,  defense contractors have been behind the curve on securing sensitive data.  Cyber supply chain risks include theft of information, tampering, and insertion of malicious software.

Hostile nation states including, China, Russia, Iran, and North Korea are actively involved in theft and sabotage of DoD information.  Because of the inherent complexities of managing a multi tiered interconnected supply chain it is essential to provide a uniform set of requirements for all members.  This latest revision to the CMMC is a stop gap measure to shore up vulnerabilities until its full implementation is complete.

CVG Strategy

The Interim CMMC Version released in October underlines the governments commitment to protecting the DoD from the very immediate and intrinsic threat of data breach.  In response to these developments CVG Strategy is providing consulting services to help your organization ramp up to compliance for DFARS 252.204-7012 and NIST 800-171

CVG Strategy, will also be providing pre-assessment training, implementation and subject matter support as final CMMC requirements roll out.

Trends in Quality Manufacturing – Innovation & Integration

Trends in Quality Manufacturing
Trends in Quality Manufacturing
Mechanics fixing the roto of a helicopter

Trends in quality manufacturing are emerging in reaction to Covid-19 and various international political issues.  Industries are having to rethink products, processes, markets, and strategies to remain competitive and viable.  Many analysts have suggested that at this time a fundamental paradigm shift is required for many businesses to achieve resiliency.  This view is echoed in the recently released 2020 Georgia Manufacturing Survey

Manufacturing Requirements and Challenges

Skilled Workforce

Many industries are noting a shortage of labor force with required skill sets.  This shortage pertains to basic skills required for job performance as well as technical acumen.  In some states, industry is teaming up with education to shore up this critical shortage.  Often businesses are offering education incentives to bolster their existing workforce capabilities. 

Many companies are reluctant to actively engage in external training.  Additionally many do not perform cross team training to ensure adequate staffing at all times.

Information Security

As is in all enterprises, manufacturing is experiencing increasing risk from data breaches.  Businesses in all sectors have been behind the curve in implementing effective cybersecurity strategies. 

Manufacturing facilities face increased vulnerabilities to cyber attacks due to the use of digital devices such as programmable controllers on industrial internet.  Often these devices are legacy devices that lack proper security.  Additionally, the rapid increase in Internet of Things (IoT) devices are often installed and operated without sufficient regard to security.

Secure Supply Chain

The global supply chain is having to be rethought of in light of recent events involving China and Covid-19.  A secure supply chain is essential for producing a quality product that meets customer requirements on schedule.  Many manufacturers are seeing value in diversifying their supply chains to mitigate risks.  This includes moving away from foreign sources for critical items.

Reconsideration of supply chain vulnerabilities is also including outsourcing.  Trends in quality manufacturing in 2020 are showing a rapid movement towards reshoring manufacturing back to the United States.  This growth in manufacturing in the United States is expected to continue in growth in coming years.

International Trade and Tariffs

Recent international political events have changed import and export laws.  This again is effecting the viability of supply chains.  It is however, also effecting the customer base because of changes in tariffs and export law.  Often this is driving manufacturers to compete with products that are innovative and of higher quality in lieu of competing in low priced goods.

New Directions in Manufacturing

Modernization

To remain competitive many manufacturers are modernizing their shop floors.  This digital transformation includes an integration of information across silos.  Manufacturing ERP (Enterprise Resource Planning) is allowing organizations to better collect, store, manage and analyze big data.  As a result organizations are better able to monitor the pulse of the business and make better informed decisions based on predictive analytics.

The implementation of robotics and advanced sensor technology, including RFID, is helping produce higher quality goods more efficiently.  Technology is assisting both manufacturing and quality management teams to improve the continuity of quality manufacturing through automation and better monitoring capabilities.  Often these technologies can be implemented with relatively low investments in capital.

Challenges for Quality Management

Trends in quality manufacturing are changing the nature of the industry at a rapid rate.  As a result Quality Management Systems (QMS) must adapt to a new dynamic.  Today quality systems must examine and mitigate supply chain risks, manage data security, while ensuring that quality products are consistently being produced that meet or exceed customer expectations.

To meet these challenges quality management systems must integrate information from more stakeholders.  QMS must analyze this information as well as data from automated systems to dynamically monitor business sectors and respond appropriately.  Because of this process improvement becomes a daily activity with results yielding almost instant data for analysis.

CVG Strategy Quality Management Consultant Services

CVG Strategy quality management experts can help you create and maintain a Quality Management System that is tailored to the unique requirements of your organization.  We have extensive experience in ISO 9001:2015, AS9100, and ISO 27001.  A properly developed QMS can mitigate risks and create continuous process improvement.  This is especially important at a time when manufacturing is undergoing such rapid change.

IoT Device Cybersecurity Guidance for Manufacturers

IoT Device Cybersecurity
IoT Device Cybersecurity

The National Institute of Standards and Technology (NIST) has released a baseline guidance for IoT device Cybersecurity. Internet of Things (IoT) refers to computing devices that integrate physical and/or sensing capabilities and network interface capabilities.  Providing security for these devices becomes more challenging as they become smaller, more prevalent, and capable.

The Growth of IoT

IoT devices can be found in every sector of society.  This is due to the fact that IoT solutions are cost effective means of achieving integration of connected devices.  IoT include smart home products, wearable technology, health monitoring devices, alarm systems, and transportation equipment.  They can also be found in industrial controls technology, agriculture, military, and infrastructure applications. 

IoT devices are functional, inexpensive, and easy to implement.  As a result there has been an amazing growth in this market.  Presently the global market value in the trillions of dollars.  It is estimated that 31 billion IoT devices will be installed around the world by the end of 2020.

IoT Device Core Baseline Cybersecurity

The NIST publication gives manufacturers recommendations for improving how securable the IoT devices they make are.   It provides six actionable items, four that should be conducted to assess pre-market impact, and two activities with primarily post-market impact.  Because these activities affect the process by which design specifications should be created, the document is primarily intended for the development of new devices.

Pre-Market Activities for Baseline IoT Security

IoT product manufacturers should consider the security of a product throughout its life cycle.  This includes an examination of integration into the customers probable usage and overall system requirements.  Because these factors will widely vary from product to product the following steps should be conducted:

  1. Identify expected customers and users, and define expected use cases.
  2. Research customer cybersecurity needs and goals.
  3. Determine how to address customer needs and goals.
  4. Plan for adequate support of customer needs and goals.

IoT Considerations After Product Release

It is important to define methods for communicating cybersecurity risks and recommended protocols.  These considerations should include a declaration of risk related assumptions.  It is important to remember that both the manufacturer and the consumer share a responsibility in implementing and maintaining security.

NIST has provided a list of six recommended security features that manufacturers should build into IoT devices.  These features should be considered when consumers are selecting a device.

  • Device Identification: The IoT device should have a unique identifier when connecting to networks. 
  • Device Configuration: An authorized user should be able to change the device’s configuration to manage security features.
  • Data Protection: Internally stored data should be protected by a device.  This can often be accomplished by using encryption.
  • Logical Access to Interfaces: The device should limit access to its local and network interfaces by using authentication of users attempting to access the device.
  • Software and Firmware Update: A device’s software and firmware should be updatable using secure protocols.
  • Cybersecurity Event Logging: IoT devices should log cybersecurity incidents and provide this information to the owner and manufacturer.

Additional Protective Steps

Because IoT devices often do not allow access to their built in management tools, implementing IoT devices can provide access points into networks that contain sensitive data.  Additionally, preventing access to devices from unauthorized persons can be a challenge in large industrial settings.  Therefore, segregation and isolation of these devices by using Virtual Local Area Networks (VLAN) should be considered when installing devices in a business setting.  

Cybersecurity of Increasing Concern for Businesses

Because many incidents go unreported, real losses to U.S. manufacturing from cybercrime are difficult to assess.  Even the most statistically reliable data is derived from a small survey of businesses conducted by the Bureau of Justice Statistics.   In a recent report from Douglas Thomas of NIST, estimated losses for all industries could be as high as between 0.9% and 4.1% of total U.S. gross domestic product (GDP), or between $167.9 billion and $770.0 billion.

CVG Strategy Cybersecurity

As IoT devices continue to proliferate they present challenges to even the smallest manufacturing concerns.  Most manufacturers implement many such devices to control processes and gather critical data.  Because of this the risk they present should be taken into consideration by an effective Information Security Management System (ISMS).  CVG Strategy can help your business implement ISO 27001 to exercise due diligence and compliance with contractual and regulatory data security.  Contact Us today to see how we can help.

Canada to Suspend Exports to Turkey

Canada suspends exports to Turkey
Canada suspends exports to Turkey

Foreign Affairs Minister Francois-Philippe Champagne has announced that Canada will suspend export of arms to Turkey over concerns of human right violations.  Champagne stated on October 5, 2020 that “Canada continues to be concerned by the ongoing conflict in Nagorno-Karabakh resulting in shelling of communities and civilian casualties.”  The suspension will allow Canada’s export regime to conduct an assessment of this situation.

Background on the Nagorno-Karabakh Conflict

The Nagorno-Karabakh region is composed primarily of ethnic Armenians, who have attempted to separate from Azerbaijan.  This has led to a war between Armenia and Azerbaijan in 1988 through 1994.  Although a cease fire has held between the two countries, no settlement has been reached over the Nagorno-Karabakh issue. 

Officially, no nation currently recognizes Nagorno-Karabakh as an independent state.  Recent resumptions of hostilities has raised concerns that a dramatic escalation of the conflict might ensue.  During the latest Azerbaijani offensive more that 220 people have been killed.

Canadian Concerns of Turkish Involvement

Canada is concerned that Turkey may be involved in backing Azerbaijan by supplying technology in the conflict.  Of special concern is the possible use of Canadian drone technology by Azerbaijani forces.  Project Ploughshares, a Canadian peace institute, claims in a recent report that UAVs with Canadian supplied  WESCAM EO/IR sensors were used in recent airstrikes.  Turkey may have also exported UAVs with these sensors to Libya.

Turkey has openly supported Azerbaijan in this conflict  It has however, denied accusations of involvement in recent events.  It has also claimed that Canada is employing double standards in its actions, siting Canada’s export of arms to countries with military involvement in Yemen.

Turkey has only recently imported Canadian military goods.  In 2019 Turkey purchased over $150 million of defense goods making it Canada’s third largest customer.

Canada’s Next Move

Following the announcement that Canada will suspend arm exports to Turkey Prime Minister Justin Trudeau has requested Champagne to work with European allies on the escalation of military action in the area.  It has called upon Armenia and Azerbaijan to negotiate through the Organization for Security and Co-operation in Europe. 

The export of defense goods and technology is a complex issue given the number of international conflicts and potential conflicts.  Canada has justifiable reasons for concern for its export policies regarding Turkey, though some might argue that this should have been conducted earlier.

Clearly Canada is not alone in its concern about the Nagorno-Karabakh conflict.  Russia, France, and the United States have called for cessation of hostilities in the region and have asked involved parties to resume negotiations.

CVG Strategy Export Compliance Consultants

Negotiating export of goods requires constant diligence of businesses in both Canada and the United States.  CVG Strategy has over a decade of experience assisting organizations develop and maintain effective export compliance programs.  Our experts can help you with both U.S. and Canadian export law. 

We provide export control classification, program audits, and export compliance team training.  We also offer a wide variety of ITAR signs, badges and accessories to defense goods suppliers that help ensure facility security.