cvg strategy logo
ITAR Question?
Login

call: 321-253-9791

Rss Twitter Youtube Linkedin Pinterest
CART
cvg strategy logo
Login
ITAR Question?
View Cart
cvg strategy logo
View Cart
Login
ITAR Question?

James Hamilton

Secure Software Development Attestation Form Released

by
secure software development attestation
secure software development attestation
Photo by Startup Stock Photos

A secure software development attestation form has been approved by the Federal Government in an attempt to ensure that contracted developers of software assume responsibility for the security risks in the protection of federal information.  The form was released by the Cybersecurity and Infrastructure Security Agency (CISA) Office of Management and Budget (OMB) on April 1, 2024.  

This release follows Executive Order 14028 which the Biden administration enacted following the Sunburst supply chain attack of 2021 that effected government, telecom, consulting, and technology organizations world wide.  Following this Memo 22-18 stipulated that federal agencies must receive attestation from their software providers.  The term software includes firmware, operating systems, and applications.

Required Information in the Form

The Secure Software Development Attestation Form requires the producer to provide a description of the software and the organization.  This form must be signed by the CEO or their designee.  This signing attests that the software meets the requirements of M-22-18. 

The form must be submitted for any software developed or significantly upgraded after September 14, 2022.  Failure to provide information may result in loss of contract.  If an agency cannot obtain this attestation the agency may still use the software if producer identifies practices not in place and submits a Plan of Actions and Milestones (POA&M) to address these issues.

Extant Software Development Requirements

NIST SP 800-161 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, is a requirement for organizations involved in contracts with federal agencies to ensure that their supply chains adequately protect controlled information.  These requirements include secure coding and manufacturing practices. 

Additionally, the Department of Defense (DoD) is requiring all suppliers to perform a NIST SP 800-171, and ISMS implementation as a contractual requirement.  This will also include Cybersecurity Maturity Model Certification 2.0 (CMMC) which is expected to be a requirement by 2026.

CVG Strategy Information Security Management System Consultants

An increasing number of businesses are finding that they are required to meet challenging information security levels to meet the requirements of conducting business with governmental agencies.  To assist businesses to meet the challenges in adopting a variety of NIST and CMMC 2.0 requirements, CVG Strategy has developed an approach that combines the requirements of CMMC compliance with the ISO 27001 information security management system.  This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.

It involves processes, facility security, people, and IT systems to engage in best practices. It also involves a constant improvement approach so that threats can be continually assessed and addressed as they evolve. This business system can help your organization remain vigilant against economic espionage and cyberattacks conducted by China and other nation states.

We can help you meet your information security management system goals.  CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors.  We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more. 

Vibro-Acoustic/Temperature MIL-STD-810 Method 523

by
Vibro-Acoustic/Temperature MIL-STD-810
Vibro-Acoustic/Temperature MIL-STD-810
Photo By: Air Force Staff Sgt. Jessi Roth

Vibro-Acoustic/Temperature MIL-STD-810 Method 523.4 testing is performed to evaluate the effects of acoustic noise, vibration, and temperature on aircraft externally carried stores during flight.  Aircraft stores refer to devices that are mounted on aircraft suspension and release equipment such as missiles, rockets, or bombs.

This MIL-STD-810 testing method can be used to:

  • Reveal and correct design deficiencies 
  • Demonstrate reliability
  • Estimate Mean Time Between Failures (MTBF)
  • Determine relative reliability for source comparison

Method 523 an Exception in MIL-STD-810

Vibro-Acoustic/Temperature varies in purpose from most methods in this military standard.  The standard, in fact, clearly states that this testing is not intended for environmental design qualification.  Most methods in the standard are limited in purpose for Developmental Test and Evaluation of the effects of environmental conditions expected in the service life of a test item, but Method 523 includes MTBF, manufacturing testing, lot acceptance, and source comparison evaluation.  

This testing therefore is not intended to replace design qualification of other methods such as:

  • Test method 501.6 High Temperature;
  • Test Method 502.6 Low Temperature;
  • Test Method 503.6 Temperature Shock; 
  • Test Method 514.8 Vibration or,
  • Test Method 515.5 Acoustic Noise

Implementation of Additional Environmental Stresses

The utilization of stressors beyond Vibration, Acoustic Vibration, and Temperature is allowed in this method in cases where those stresses are expected to regularly occur.  These stressors include electrical supply variations such as low and high voltage, voltage spikes, and power ripple.  Relevant environmental stresses may include humidity, shock, and altitude.

Detailed Environmental Test Plan Templates

CVG Strategy offers EZ Test Plan Templates for MIL-STD environmental (climatic/dynamic) and EMI/EMC test documentation.  Our Detailed Environmental Test Plans (DETP)s are written as specified in Department of Defense standard MIL-STD-810 Task 405.  They are available for specific applications such as Ground Mobile, Ground Stationary, and Shipboard Controlled, Shipboard Uncontrolled, and Aircraft Military.

These DETPs include appropriate methods, (such as Vibro-Acoustic/Temperature MIL-STD-810 Method 523) addendums for product specific information, test labels for photo identification and data sheets for collection of required data. Profile (LCEP). 

Our Electromagnetic Interference Test Plans are written as specified in MIL-STD-461.  They contain the test methodology, addendums for product specific information, test labels for photo identification and data sheets.  These plans are available for procedures listed in MIL-STD-461 and are also available for MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300. 

Custom Test Plans are also available for applications not covered in the EZ Test Plan offerings.  These plans can be written for any number of applications and their relevant standards.

MIL-STD-810 Training Classes

CVG Strategy MIL-STD-810 classes will provide you with the ability to develop and conduct an environmental test program.  Our two-day course not only provides you with valuable information about climatic and dynamic test methods but also includes training in the methodology to correctly apply test tailoring relevant to the test item’s expected life cycle. 

This course is available online or onsite.  Ample time is available for questions and comments so that participants are encouraged to keep engaged.  Check here for our online Training Registration Schedule.

Ballistic Shock MIL-STD-810 Method 522

by
Ballistic Shock MIL-STD-8140 Method 522
Ballistic Shock MIL-STD-8140 Method 522
Photo By: Army Sgt. Joaquin Vasquez-Duran

Ballistic Shock MIL-STD-810 Method 522 evaluates equipment designed for armored combat vehicles’ ability to withstand the shock associated with non-perforating large caliber munition impact or blast.  This testing can be used to provide a degree of confidence in the the equipment’s ability to function after such a shock, or be used to evaluate shock mitigation designs and mounting configurations.

Ballistic Shock Characteristics

Ballistic shock characteristics include high acceleration from 300 to 1,000,000 g’s within a short duration time (generally under 180 msec).  These mechanical shocks have a very wide bandwidth extending from 10 Hz to 1 MHz and are highly random in nature.  It should be noted that effects of the shock are highly dependent on the distance from the actual impact as high frequencies will be filtered by the structure of the vehicle.

Ballistic shock can have a number of adverse effects on electrical, mechanical, and electronic devices.  Aside from complete mechanical failure of the test item, ballistic shock can cause integrated circuits failures, printed circuit card damage,  and electronic connector failures.  Failures can also occur due to fractures in crystals, ceramics, epoxies, or glass envelopes.  Additionally, intermittent, functional failures can also occur due to relay chatter and piezo electric effects of high frequency shock on electronics.  

Procedures for Shock Testing

There are six procedures available for Ballistic Shock testing:

  • Procedure I – Ballistic and Turret (BH&T), Full Spectrum Ballistic Shock Qualification incorporates the firing of projectiles on an armored hull or turret.  This test is very expensive and poses safety concerns.
  • Procedure II – Large Scale Ballistic Shock Simulator (LSBSS) uses a shock machine to produce a shock spectrum from 10 Hz to 100 kHz.  It can be used for items weighing up to 1,100 lbs. (500 kg).
  • Procedure III – Limited Spectrum, Light Weight Shock Machine (LWSM) is for components weighing less than 250 lb. (113.6 kg) and items that are shock mounted to filter frequencies above 3 kHz.
  • Procedure IV – Limited Spectrum, Mechanical Shock Simulator for components from 1 to 4 lb. (0.5 to 1.8 kg)  Machines for this testing can produce Shock Response Spectrums (SRS) up to 10 kHz.
  • Procedure V – Limited Spectrum, Medium Weight Shock Machine (MWSM)is available for components weighing less than 5,000 lb. (2273 kg) that are not sensitive to frequencies above 10 kHz.
  • Procedure VI – Drop Table testing is acceptable for the majority of ballistic shock qualification testing.  Although drop testing over-tests at low frequencies and under-tests at high frequency the reduction of cost in testing makes it an attractive alternative.

Detailed Environmental Test Plan Templates

CVG Strategy offers EZ Test Plan Templates for MIL-STD environmental (climatic/dynamic) and EMI/EMC test documentation.  Our Detailed Environmental Test Plans (DETP)s are written as specified in Department of Defense standard MIL-STD-810 Task 405.  They are available for specific applications such as Ground Mobile, Ground Stationary, and Shipboard Controlled, Shipboard Uncontrolled, and Aircraft Military.

These DETPs include appropriate methods, (such as Ballistic Shock MIL-STD-810 Method 522) addendums for product specific information, test labels for photo identification and data sheets for collection of required data. Profile (LCEP). 

Our Electromagnetic Interference Test Plans are written as specified in MIL-STD-461.  They contain the test methodology, addendums for product specific information, test labels for photo identification and data sheets.  These plans are available for procedures listed in MIL-STD-461 and are also available for MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300. 

Custom Test Plans are also available for applications not covered in the EZ Test Plan offerings.  These plans can be written for any number of applications and their relevant standards.

MIL-STD-810 Training Classes

CVG Strategy MIL-STD-810 classes will provide you with the ability to develop and conduct an environmental test program.  Our two-day course not only provides you with valuable information about climatic and dynamic test methods but also includes training in the methodology to correctly apply test tailoring relevant to the test item’s expected life cycle. 

This course is available online or onsite.  Ample time is available for questions and comments so that participants are encouraged to keep engaged.  Check here for our online Training Registration Schedule.

Put CVG Strategy’s Experience to Work for You

Companies of all sizes, from start up to established product developers, face challenges in product test and evaluation.  This can particularly be the case when a product is developed for a new market sector or expanding sales internationally.

Properly tested products prevent costly product recalls, product redesign, and product liability.  They maintain customer satisfaction and keep your company’s reputation in good standing.  Contact CVG Strategy to see how our services can assist your engineering team with Ballistic Shock MIL-STD-810 Method 522 or any other MIL-STD-810 test and evaluation concern.

Technical Assistance Agreement (TAA) and ITAR

by
Technical Assistance Agreement (TAA)
Technical Assistance Agreement (TAA)
Photo: cottonbro studio @ Pexels

A Technical Assistance Agreement (TAA) is a requirement under the International Traffic in Arms Regulations (ITAR) when an organization exports a defense service, technical data, or the assembly of a defense article.  A defense article is defined as an item or technical data that is enumerated in the United States Munitions List (USML)

Other important definitions surrounding this issue are as follows:

Export

    • The ITAR defines an export as a shipment or transmission out of the United States; 
    • A release or transfer of technical data
    • A transfer of registration, ownership, or control
    • A release or transfer of a defense article to an embassy or related agencies within the U.S.
    • Performance of a defense service
    • Release of previously encrypted technical data

Technical Data

Technical data refers to types of information required for design, development. modification, maintenance, production, manufacture, operation, assembly, testing, or repair of defense article.  This could include schematics, blueprints, instructions, or other such documentation.  It also includes software directly associated to a defense article, classified information, or any information covered by an invention secrecy order.

Defense Service

Defense services include instances where assistance is provided to foreign persons in the United States or abroad.  This could include training activities to foreign persons.  This assistance or training is applicable to the design, development. modification, maintenance, production, manufacture, operation, assembly, testing, or repair of defense article.

Defense services also include the furnishing of technical data to foreign persons in the U.S. or abroad.  Additionally, it includes the provision of training, education, advise, orientation, or transfer of information by media to foreign military forces.

U.S. Person

A U.S. person is defined as a lawful permanent resident of the United States or a protected individual as defined in 8 U.S.C. 1324(a)(3).  It also refers to business associations, organizations, entities, corporations, societies, trusts, or groups incorporated in the United States.

Situations Requiring a TAA

There are a number of situations where an organization would require a TAA.  The following list includes some of those situations:

  1. Supporting Direct Commercial Sales to Foreign Parties
  2. Providing Overseas Maintenance or Training Support
  3. Technical Studies, Evaluations, Demonstrations or Consultations with Foreign Parties
  4. Efforts to Import Technology from Abroad
  5. Supporting a Foreign Military Sales (FMS) Case
  6. Supporting U.S. government-Sponsored Foreign Contracts

TAA Submittal Process

The TAA is a legally binding document between an organization and the U.S. government.  The organization submitting the request must fall under the definition of a U.S. person and be registered with the DDTC.  The following outline some of the required information and requirements for obtaining an agreement.

TAA Transmittal Letter

The first step in the TAA process is the creation of a TAA Transmittal Letter.  This document states the general purpose of the requested TAA and lists any previous related agreements, licenses, and applicable Foreign Military Sales (FMS), as well as any previous communications with the DDTC.  The letter includes a summary of proposed transactions including specific defense articles, services, and involved parties.  

The Transmittal Letter must also include particular financial information, any classified information included in transfers, security clearance codes for U.S. parties involved in the agreement.  Pertinent legal statements are also required that delineate limitations, responsibilities, and further forms required for submittal.

Technical Assistance Agreement (TAA)

The TAA is the actual legal contract between the organization and the government.  This document is also used to obtain Manufacturing Licensing Agreements for organizations seeking to have controlled items manufactured abroad.  This lengthy document must be completed with all required information or it will be returned with no action taken.

Amendments must be submitted once an agreement has been obtained if any changes in the transaction are to occur.  This includes information specific to all signors to the agreement.

CVG Strategy Export Compliance Management Programs

Submission of a Technical Assistance Agreement (TAA) is a detailed process that must be performed properly in order to a license agreement from the Directorate of Defense Trade Controls (DDTC).   CVG Strategy ITAR consultants can create a Technical Assistance Agreement, prepared in accordance with the DDTC Guidelines. This will authorize your company to transmit or communicate technical data (provide a defense service) lawfully.  Our experience will help ensure that all required data is included to avoid unnecessary delays in the approval process.

Export Compliance is an important subject for businesses engaged in sales of items that are intended for international sales or could result in international sales.  Failure to comply with regulations can result in criminal prosecution including imprisonment and fines.  It can also result in civil penalties and disbarment from export activities. 

CVG Strategy can help you in understanding the ITAR and EAR, and help you establish a coherent and effective export compliance program.   We can perform export control classifications, perform audits, assist in filings for export licenses and educate your team.  Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.