The Bureau of Industry and Security (BIS) is Assessing the Civil Space Industrial Base in the United States in partnership with the National Oceanic and Atmospheric Administration (NOAA) and the National Aeronautics and Space Administration (NASA) to better understand this important supply chain network. This study will use surveys to collect data from U.S. organizations involved in the research, design, and manufacture of space related products and services. It will involve research centers, commercial entities, universities, and laboratories.
Reasons for CSIB Assessment
The BIS, under the auspices of the Department of Commerce, and the Office of Technology Evaluation (OTE) are evaluating the U.S. Civil Space Industrial Base (CSIB) by means of the authority of Section 705 of the Defense Production Act and Executive Order 13603. The intent is to gather information that will provide guidance for the formation of governmental policies and proposals.
These policies are generated in an effort to protect and advance U.S., national security, foreign policy concerns, and economic base. The assessment was requested jointly by NASA, NOAA, The NOAA Office of Space Commerce (OSC), and the National Environmental Satellite, Data, and Information Services (NEDIS). Members of the commercial space sector that are chosen for involvement in this study will be required to participate. Although this assessment is a one-time event the possibility for further studies is possible.
The Complexities of Export Compliance
The BIS has been changing its scope and enforcement policies in recent years to address the increased complexities of the international political arena. Export Administration Regulations have continually been changing as more items are being added to the Commerce Control List (CCL). Additionally, the agency has increased its focus on the use of sanctions and denied parties lists to protect these sensitive technologies.
As the BIS places controls on a growing number of technologies, it poses challenges for organizations involved in export transactions. If a business produces or provides military articles or services, there is at the very least an understanding that ITAR export controls will probably be in place. For those involved in dual-use items however, the requirements for export compliance are much less clear.
CVG Strategy Export Compliance Expertise
The BIS Assessing Civil Space Industrial Base is just one example of the U.S. government’s and its international partner’s concern for developing controls that will ensure that potentially threatening technologies are not exported to hostile entities. In the past several years, the BIS, along with its international partners have greatly increased their activities in the generation and enforcement of regulations.
If you are part of a large corporation or a small company with a part-time compliance person, CVG Strategy has the compliance and training programs to help you meet International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) rules and requirements. As the BIS place controls on a growing number of technologies it becomes increasing difficult for smaller businesses to stay abreast of regulatory developments. Because of this, we provide Export Compliance Management Programs (ECMP) for businesses of all sizes.
MIL-STD-810 Temperature Shock testing (Method 503) is used to evaluate equipment’s ability to withstand sudden changes in temperature. This laboratory test method is conducted in environmental test chambers and can be tailored to replicate the anticipated thermal profiles during storage, transit, and operation. Such shock could be experienced when a jet fighter on a tarmac in the desert rapidly climbs to high altitudes or conversely an article being air delivered by means of parachute to a high temperature environment.
Rapid change in temperature per this standard is defined as a change greater than 18 °F (10°C) per minute. Exposure to these environmental stresses can cause failures due to differential expansion and contraction of dissimilar materials. It can cause failures in electronics due to changes in components due to temperature changes. It can also cause failures in equipment due to the formation of frost.
Procedure Selection
The military standard MIL-STD-810 provides four test procedures for Temperature Shock:
Procedure I-A: One-way Shock(s) from constant extreme temperature This procedure is appropriate for equipment that will be not regularly exposed to thermal shock and when those shocks will occur only in one direction. Equipment air dropped from aircraft would be an example.
Procedure I-B: Single Cycle Shock from constant extreme temperature This is intended for equipment that is expected to be exposed to a single shock in each direction.
Procedure I-C: Multi-cycle shocks from constant extreme temperature An example of this would be a jet fighter taking off from a desert location and then landing at the same location.
Procedure I-D: Shocks to or from controlled ambient temperatures This would be applicable to equipment that is stored in environmentally controlled structures that must work in extreme hot or cold environments.
Determining Appropriate Test Values
It is necessary to tailor appropriate test temperature cycle and temperature range values from requirements, measurements, and those derived from the Life Cycle Environmental Profile (LCEP). Geographic climatic information is available in Part 3 of the standard to assist in value determinations. As with most MIL-STD-810 methods, measured data when available is preferred for determining test values. This is particularly the case in situations in which solar radiation may be a factor in determining maximum temperatures.
Generally, humidity is not a factor in Temperature Shock testing, but when required appropriate values should be determined based on expected areas of use. For testing of Air delivery the standard recommends a starting temperature equivalent to that found at 26,000 ft (8 km). These environmental conditions can be found in Method 520 Combined Environments.
Considerations During Testing
Temperature chambers specifically designed for thermal shock testing incorporate dual chambers side by side or on top of each other that allow a rapid transfer between the two test temperatures. Generally, availability of these chambers at test facilities is limited. When these chambers are not available the Unit Under Test (UUT) must be transferred between two separate chambers as quickly as possible.
Transfer time should be recorded during testing and be included in any required post test reporting. MIL-STD-810 encourages transfers between chambers to one minute or less. This can be challenging when the item is being tested in an operational mode or where the test item is large. When this is the case, justification for longer periods of transfer should be documented.
These DETPs include appropriate test methods, (such as MIL-STD-810 Temperature Shock) addendums for product specific information, test labels for photo identification and data sheets for collection of required data. Profile (LCEP).
Our Electromagnetic Interference Test Plans are written as specified by the Department of Defense. They contain the test methodology, addendums for product specific information, test labels for photo identification and data sheets. These plans are available for procedures listed in MIL-STD-461 and are also available for MIL-STD-1275, MIL-STD-704, and MIL-STD-1399-300.
Custom Test Plans are also available for applications not covered in the EZ-Test Plan offerings. These plans can be written for any number of applications and their relevant standards.
Put CVG Strategy’s Experience to Work for You
Companies of all sizes, from start up to established product developers, face challenges in product test and evaluation. This can particularly be the case when a product is developed for a new market sector or expanding sales internationally.
Properly tested products prevent costly product recalls, product redesign, and product liability. They maintain customer satisfaction and keep your company’s reputation in good standing. Contact CVG Strategy to see how our testing services can assist your engineering team with MIL-STD-810 Low Temperature Testing or any other test and evaluation concern.
The Department of Commerce has initiated the Disruptive Technology Strike Force which will partner the Bureau of Industry and Security (BIS) with the Department of Justice (DoJ) in the enforcement of the Export Administration Regulations (EAR). Export Administration Regulations (EAR) control the export of commodities determined to be dual-use. Dual-use items refer to commodities and technologies that normally are used for civilian purposes but may also be used for military purposes. The specific regulations can be found in 15 CFR §730.
Agencies now included in this enforcement will include the FBI and Homeland Security Investigations (HFI). This ongoing enforcement will include fourteen different U.S. Attorney’s Offices centered in twelve metropolitan regions. These regions include Boston, Atlanta, Chicago, Dallas, Houston, Los Angeles, Miami, New York City, San Jose, Phoenix, Portland and Washington D.C.
Actions to Protect Sensitive Technologies
These joint actions are being taken to target illicit actors attempting to acquire and export sensitive technologies from the United States to Russia, North Korea, Iran, and China. These states are using these technologies to enhance their military capabilities which, aside from posing a threat to U.S. national security can also be used to enable actions against human rights. Additionally these violations of export controls threaten economic security by threatening business that create these advanced technologies.
Pulling Out All the Stops
In enacting this enforcement U.S. enforcement agencies will use use advanced data analytics, and enhanced intelligence to coordinate actions. They will be performing more training of field agents and furthering coordination between agencies in the Intelligence Community. Furthermore there will be efforts to enhance partnerships in the private sector as well as with international partners.
The strike force will fall under the joint leadership of Assistant Attorney General Matthew G. Olsen from the National Security Division of the Justice Department and Matthew Axelrod who serves as Assistant Secretary for Export Enforcement from the Bureau of Industry and Security.
Semiconductors a Focus
The BIS has been specifically focusing on the export of semiconductors and technologies involved with the design an manufacture of semiconductors. In May of 2022, the BIS added export controls pursuant to Section 1758 on two substrates of ultra-wide bandgap semiconductors and Electrical Computer Aided Design (ECAD) tools. These actions are being taken because these types of devices have significant potential for use in military applications. Effected ECCN classifications are listed in Document Number 2022-17125.
A Call to Actions for Businesses Involved in Export
The announcement of the Disruptive Technology Strike Force shows the Department of Commerce’s commitment to continue ramping up enforcement of Export Administration Regulations. This action is the latest in a series of steps that show how serious the U.S. government is in protection of dual use items. Additionally, partners of the U.S. are coordinating efforts to enforce export control laws. Aside from enforcement, penalties both civil and criminal are increasing.
Businesses must ensure that they do not violate export regulations by enacting viable Export Compliance Management Programs (ECMP). These programs are a requirement for both the Export Administration Regulations and the International Traffic in Arms Regulations (ITAR). While businesses involved with the ITAR have been proactive in compliance, many involved with the export of dual-use goods enumerated in the EAR have been less diligent.
Export Compliance Management Programs establish clearly defined policies and procedures for all departments within an organization. They ensure that registration, item classifications, license applications, denied part screening, and security measures are taken that will prevent violation. They also ensure that training, auditing, and record keeping are maintained according to requirements.
Export Compliance is an important subject for businesses engaged in sales of items that are intended for international sales or could result in international sales. Failure to comply with regulations can result in criminal prosecution including imprisonment and fines. It can also result in civil penalties and disbarment from export activities.
CVG Strategy can help you in understanding Export Administration Regulations and establishing a coherent and effective export compliance system. We can perform export control classifications, perform audits, and educate your team. Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help. Contact Us with you export regulation questions.
As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule. These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses. Because the rule is in proposed status, it is still open for public comment. In the past this feedback has led to major changes in CMCC that led to the release of CMMC 2.0.
Cybersecurity Maturity Model Certification
In 2013 the Defense Federal Acquisition Regulation Supplemental (DFARS) 252-204-7000 went into effect in an effort to establish requirements for safeguarding Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) held by DoD contractors in the Defense Industrial base. This was followed by the DFARS clause 7012 in 2016, which established NIST-SP-800-171 as the mechanism for providing this desired protection.
In 2019 the Department of Defense (DoD) announced the Cybersecurity Maturity Model Certification (CMMC) to provide an external mechanism for certifying levels of cyber hygiene of an organization. Following industry professionals’ concerns for the complexity, cost, and proposed timeline, the DoD released CMMC 2.0 in 2021. Among other changes, the levels for compliance were reduced from five to three.
Currently CMMC 2.0 requirements are divided into three levels of compliance:
CMMC Level 1 – Foundational is comprised of the 17 practices described in FAR 52.204-21 and requires an annual self-assessment.
CMMC Level 2 – Advanced is comprised of 110 practices which are aligned with the NIST SP 800-171 Revision 2 This is a set of security practices and security standards for non-governmental organizations that handle CUI. It requires that a third-party assessment by conducted every three years for information deemed critical for national security. It also requires an annual internal assessment.
CMMC Level 3 – Expert includes over 110 practices based on the NIST SP 800-17 cybersecurity standard and includes further controls. There is also a requirement for triennial assessments conducted by government representatives.
Establishment of a Certification Body
The Cyber AB was established as a non-governmental agency as the official accreditation body for CMMC. Its primary mission is to accredit organizations that will be responsible for conducting third party assessments. These organizations when accredited become part of the CMMC Third-Party Assessment Organizations (C3PAO).
While there has been progress in accrediting these organizations, concerns have been raised that there are still not enough accredited personnel to service the number of non-governmental organizations that require certification. Additionally, there have been several mishaps in the formation of the Cyber AB that have hampered its ability to function optimally.
CMMC Requirements Are Here to Stay
While delays in CMMC 2.0 roll out continue, the requirements will remain. Non-governmental organizations in possession of CUI and FCI will have to receive certification sooner or later. Establishing and implementing a CMMC program within an organization requires time and effort. Once the requirements have been met these systems must be integrated into the day-to-day operations of the organization.
While NIST SP 800-17 does contain a number of requirements for establishing and maintaining a cybersecurity program, it often comes up short in detailed descriptions on how non-IT functions are to be executed. This is particularly the case for critical functions such as auditing and management review. These functions must be performed regularly to ensure that the cybersecurity program is effectively addressing cyber risks.
CVG Strategy Information Security Management System Consultants
To assist businesses to meet the challenges in adopting CMMC 2.0 standards, CVG Strategy has developed an approach that combines the requirements of CMMC compliance with the ISO 27001 information security management system. This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.
We can help you meet your information security management system goals. CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors. We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more.
The Directorate of Defense Trade Control (DDTC) has released Export Compliance Program Guidelines to provide businesses with an overview of best practices for complying with the International Traffic in Arms Regulations (ITAR). These guidelines encourage organizations to adopt robust policies and procedures to ensure that compliance with export controls for items enumerated in the United States Munitions List (USML) is maintained.
Management Commitment
As with any effective business undertaking, top management must show commitment to export compliance by creating a culture of compliance. This culture can be created by management at all levels through words and actions that place a priority on avoiding export violations. These priorities should be regularly communicated to all employees, contractors, suppliers, and customers.
All employees should understand that export compliance is an expected responsibility. This should be communicated in an Export Compliance Manual that sets forth all policies and procedures. They should be encouraged to recommend methods for improving compliance and reducing risk. Additionally, all employees should be made aware of disciplinary actions for non-compliance.
Creating a Compliance Program
When creating an export compliance service it is important to tailor the program to identify and address the specific risks that could lead to violations. Policies and Procedures can then be created to address these risks. This should include a management commitment statement that underscores the organization’s commitment to export compliance.
These policies and procedures must receive adequate resources and be regularly reviewed by top management to assess their performance. Resources required for a program should include training, funding, adequate personnel, information security management, and organizational management. The adequacy of these resources should be continually reviewed throughout an organization’s evolution.
Responsibilities, authorities, and points of contact should be clearly defined and communicated within the organization. Export Compliance Officers (ECO) and Empowered Officials (EO) should overseeing and implementing functions of the compliance program and for investigating, identifying, and correcting causes for any ITAR violations.
Activities Associated with Export Compliance
Classification
Export Control Classification is required of businesses selling products that fall under the jurisdiction of any federal regulations. An export can include sale of goods within the United States to a person or entity that is not a U.S. person. A transfer of technical data can also be considered an export which can be conducted by means of a phone call or email.
Export Control Classification begins with the defining the technical specifications for the item to be transferred. This applies to actual shipments as well as transfers of technical data. It is important to note that a given product may fall under numerous classifications based on how regulations are interpreted.
It is essential to ensure that a thorough analysis be conducted to ensure that due diligence for compliance has been met. Therefore it is not prudent to rely on a customer’s or supplier’s classification as there are severe consequences for non-compliance.
Registration
The DDTC Export Compliance Program Guidelines outline the many activities that are part of a compliance program. These of course begin with registration with the the DDTC, which is a requirement for any manufacturer, exporter, or broker of defense products or services. The agency also details types of registration and requirements for registration changes.
Licensing, Agreements and Approvals
Other activities include applying for licenses, agreements, or other approvals from the DDTC for export, reexport, retransfers or temporary import of controlled goods and services. The activities include Manufacturing Licensing Agreements (MLA), Technical Assistance Agreements (TAA), and Distribution Agreements.
Restricted Party Screening.
Significant emphasis was given in the guidance to the performance of restricted party screening for all parties involved in a transaction. This activity is often overlooked or performed with insufficient care in many organizations. Restricted Party Screening should also be performed on all personnel and any other parties who may come in contact with controlled items or data thereof.
Cybersecurity
Although the ITAR does not include specific cybersecurity requirements, there are regulatory requirements to protect information and data of controlled items. CMMC is a requirement for organizations contracting with the Department of Defense (DoD) that handle Controlled Unclassified Information (CUI).
The guidance suggests the use of cybersecurity protocols and encryption to protect this sensitive data. It also recommends the establishment of policies and procedures for employees traveling with mobile devices.
Recordkeeping
It is a requirement of ITAR to maintain records pertaining to the manufacture, acquisition, and disposition of defense articles. These records must be maintained for a minimum of five years. They should include licenses, exemptions, technical data exports, brokering activities, and any political contributions, fees, and commissions. The DDTC again calls for documented policies and procedures that define what activities must be documented and allocate specific responsibilities for the creation and maintenance of those records.
Detecting, Reporting, and Disclosure of Violations
The DDTC understands that violations of export regulations often occur through error. However, because these violations can cause harm to the national security and foreign policy of the United States, it is important that organizations detect these violations, investigate the cause of the violation, take corrective actions to mitigate further violations, and report these violations through the Voluntary Disclosure mechanism.
Training
It is essential that organizations perform training programs that provide sufficient levels of education for all employees, especially those members of the organization’s export compliance team. This training should be up to date and utilize knowledgeable and experienced trainers. Furthermore the depth of the training should reflect the level of activity that person has in the compliance program.
Risk Assessments
It is important to continually reassess risks that may lead to ITAR violations. Considerations in the reassessments should include changes in the organization, the physical and cybersecurity infrastructure, the organizations, employees, customers, suppliers, and other third parties. These should occur as required throughout the year.
Audits and Compliance Monitoring
Independent and objective audits must be performed regularly to provide inputs in determination of the compliance programs effectiveness. These audits should include interviews with relevant personnel, review of documentation, site security, and IT security. Various types of audits should be included including functional level audits focusing on specific areas, program level audits, and external audits.
CVG Strategy Can Help
The DDTC’s Export Compliance Program Guidelines underscore the importance of viable export compliance programs for businesses engaged in sales of defense articles and defense services. These programs should be incorporated into an organization’s management system to ensure effective mitigation of risks associated with violations.
CVG Strategy can help you in understanding Export Administration Regulations and establishing a coherent and effective export compliance system. We can perform export control classifications, perform audits, and educate your team. Regardless of whether your business falls under EAR or ITAR, CVG Strategy has the expertise to help.
MIL-STD-461 is an EMI/EMC standard for developmental test and evaluation. This standard is broken out into nineteen various methods. These methods include Radiated Emissions, Conducted Emissions, Radiated Susceptibility, and Conducted Susceptibility.
MIL-STD-461 testing includes radiated and conducted test methods. These methods involve simulations of magnetic, radio frequency, Electrostatic Discharge (ESD), and Electromagnetic Pulse (EMP) sources of potential disturbance. Susceptibility requirements are determined by type of equipment, type of platform the equipment is to be operational on, and location of the equipment on that platform.
RE102 Radiated Emissions Testing
RE102 is the MIL-STD-461 method for evaluating electromagnetic field radiated emissions from systems and subsystems enclosures and cabling designed for U.S. military applications. Requirements and testing to this military standard vary for platform of intended installation. The frequency ranges applicable for various platforms are:
Ground: 2 MHz to 18 GHz
Surface Ships: 10 kHz to 18 GHz
Submarines: 10 kHz to 18 GHz
Aircraft (Army and Navy): 10 kHz to 18 GHz
Aircraft (Air Force): 2 MHz to 18 GHz
Space: 10 kHz to 18 GHz
By the numbers, limits imposed on emissions are severe and well below most commercial standards. The numbers however, do not tell the entire story, because test values measured are peak values, not average or quasi-peak. Measurements are also made with antennas positioned 1 meter away from the edge of the test set up.
In short there is not an apple to apple comparison that can be made between RE102 and other standards; the emission limits are lower, the frequency ranges are larger, and the measurements are performed in a more severe manner.
Special Test Requirements for AIAA S-121A
AIAA S-121 specifies general design practices and sets recommended verification and validation requirements for space vehicles and launch vehicles. This standard can be used for tailoring MIL-STD-461 methods for space applications that may exceed those of MIL-STD-461. This can often be the case for radiated emissions where the limits for certain frequency bands are extremely low.
To achieve these measurements, tailored testing involving scans at reduced Resolution Bandwidths (RBW). Performing these tests requires detailed communications with test facilities to ensure that testing is performable and to calculate required time for test performance.
Getting it Right
While RE102 testing should be performed as early in product development as possible, it is important that the test item be as representative as possible. This means that enclosure, PCB revisions, firmware, software, and cabling should be fully representative of the final product. Care should also be taken in creating the ability to simulate normal modes of operation so that testing can be performed on the Equipment Under Test (EUT) that reflects its intended use.
All of these parameters should be reflected in an Electromagnetic Test Procedure (EMITP) that is constructed in accordance to MIL-STD-461 requirements as described in DI-EMCS-80201. Other important data for inclusion in the EMITP are descriptions of stimulation and monitoring equipment, operating frequencies, performance checks, and a description of cable types complete with construction details.
Facing the Music About MIL-STD-461 RE102
The simple fact is that most product developers do not pass MIL-STD-461 RE102 testing the first time. Retest and redesign cost money and time. Adding patchwork cures such as filtered connectors can add significantly to product cost and often not provide the required attenuation. Often the most cost effective solution is to perform an evaluation of the product to assess sources of the emissions and make design changes to mitigate them before they can couple onto wiring and power sources.
CVG Strategy Experts
Our experts at CVG Strategy have extensive experience in EMI/EMC testing for a number of industries and products, both military and commercial. We also have expertise in testing for space requirements including AIAA S-121A. Our industry experts can assist in developing tailored test plans, test witnessing and troubleshooting. We can also provide design analysis and guidance for product compliance.
Our EZ-test plans are available for military applications for EMI/EMC and environmental testing. Our Electromagnetic Test Procedures are recognized by A2LA Certified Test Labs as reliable and comprehensive. We have included, in addition to guidance from the standards, additions including best practices which we have learned in test program management of equipment designed to Department of Defense standards.
Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs. These activities will be essential for Department of Defense (DoD) contractors to remain compliant.
Current CMMC Requirements
Currently CMMC 2.0 requirements are divided into three levels of compliance:
CMMC Level 1 – Foundational is comprised of the 17 practices described in FAR 52.204-21 and requires an annual self-assessment.
CMMC Level 2 – Advanced is comprised of 110 practices which are aligned with the NIST SP 800-171 Revision 2 This is a set of security practices and security standards for non-governmental organizations that handle Controlled Unclassified Information (CUI). It requires that a third-party assessment by conducted every three years for information deemed critical for national security. It also requires an annual internal assessment
CMMC Level 3 – Expert includes over 110 practices based on the NIST SP 800-17 cybersecurity standard and includes further controls. There is also a requirement for triennial assessments conducted by government representatives.
Upon further investigation, one will find that NIST SP 800-171 involves references to over half a dozen other documents which are comprised of thousands of pages. While these documents describe the implementation of controls and development of a risk management framework, they often fail to provide solutions easily integrated into business practices.
The Dynamics of Cybersecurity
Maintaining an Information Security Management System (ISMS) requires that the organization conduct regular risk assessments. These assessments should include internal and external factors that are regularly in flux. These would include external threat dynamics and changes in the systems and locations of CUI within the organization.
The organization should also consider third parties involved with the organization. These would include contractors and vendors who may impact the confidentiality, integrity, or availability of information. Regular review of these external providers is advisable.
Beyond Technology
The weakest link in a cybersecurity program can often not reside within the digital realm. People and places provide very real risks that can be easily overlooked. Reviews should regularly be given to screening of persons who will have access to CUI.
Those who have been screened should receive sufficient education and training on information security policies and practices. Physical controls should be regularly reviewed to ensure that areas are secure, that clear desk and clear screen practices are being employed.
The Importance of an Internal Audit
Internal audits are utilized in businesses to access the organization’s ability to maintain compliance. These audits should be conducted regularly and their criteria and scope should be adequately defined. They should include an examination of procedures and security plans to evaluate their effectiveness and whether they are being implemented in actual operations as envisioned. The findings from these audits should be presented in a way that is relevant to management as these audits serve as a major input for management review.
The Role of Management Review
It is essential that management be involved with a cybersecurity program to ensure that requirements are integrated into organizational processes. Management must maintain responsibility in seeing that all objectives are met and that the program has sufficient resources. To make these decisions it is necessary that all functions of the program are monitored and measured.
Management review should consider actions of previous reviews to ascertain their effectiveness. They should also changes both within and external to the organization that may effect information risks. Considerations should also be given to incidents and events that may have occurred so that improvements to the program can be instituted.
CMMC in Action
Much emphasis has been placed on implementing CMMC and for good reason. It is of great national security that important information be kept out of the hands of hostile nation states. However, maintaining a CMMC program, once put in place, will require continual due diligence. This will require a coordinated effort by all parties and functions within an organization.
CVG Strategy Information Security Management System Consultants
To assist businesses meet the challenges in maintaining a CMMC program, CVG Strategy has developed an approach that combines the requirements of Cybersecurity Maturity Model Certification compliance with the ISO 27001 information security management system. This provides a coherent methodology for implementing and maintaining essential cybersecurity for businesses of any size.
We can help you meet your information security management system goals. CVG Strategy QMS experts are Exemplar Global Certified Lead Auditors. We can provide the training required to understand and engage in a ISMS and make it meet desired objectives. This process includes defining the context of your organization, creation of internal auditing processes and much more.
Electrical Power for MIL-STD-810 testing has requirements for functional and operational tests. The standard has placed increased emphasis in recent revisions, to changes in voltage, frequency, phase displacement, and other power deviations that are expected to be present in the normal operation of the device to be tested.
Guidance for these power fluctuations can be found in the following standards:
MIL-STD-1399 Interface Characteristics for Shipboard Equipment
RTCA DO-160 Environmental Conditions and Test Procedures for Airborne Equipment
MIL-STD-810 Testing Purpose
MIL-STD-810 Environmental Engineering Considerations and Laboratory Tests, is a series of laboratory methods to verify and validate equipment for a wide variety of environments. As such the standard places a heavy emphasis on tailoring testing to replicate, as nearly as possible, environmental stresses that will be present in the intended environment. Furthermore it stresses, where applicable, to examine the synergetic and cumulative effects that may affect equipment operation.
Method 520 Combined Environments
Electrical power fluctuations may affect the operation and reliability of equipment. These effects may be more pronounced when combined forcing functions are present such as, high temperature, low temperature, altitude, and humidity. Method 520 Combined Environments provides information on these electrical stresses that is applicable for testing in other methods.
Method 520 is intended for evaluation of equipment for utilization on aircraft. This method includes procedures for Engineering Development, Flight or Mission Support, and Platform Envelope. This method considers electrical power stresses incurred from ground support equipment and during mission profiles. Specific conditions it considers are:
Normal AC system stresses
ON/OFF cycling during normal operation
Mission related transients within platform electrical systems
These factors can then be included in a mission profile so that electrical power fluctuations can be integrated into a mission profile that is included in laboratory testing. This approach can be utilized for testing of other equipment types such as military vehicle, ground stationary, or shipboard where the equipment is mission critical.
The Role of Developmental Test and Evaluation
MIL-STD-810 is intended for developmental test and evaluation of equipment intended for use in military systems. It is also utilized in commercial industries where rugged equipment is essential. To ascertain which testing should be performed and determine test parameters it is essential to engage in a tailoring process. This process integrates measured data from specific areas of intended use and data compiled in Part Three of the standard. This data is collected in a Life Cycle Environmental Profile (LCEP).
An LCEP is an analysis of the environmental stresses likely to be encountered during the entire life of a product, from manufacturing to end of life. It serves as an input for a Environmental Issues/Criteria List (EICL) which is a collection of justified environmental parameters for design and product test. These stresses include those found in logistical, tactical, and operational phases.
Once this analysis is completed, Detailed Environmental Test Plans can be created that detail the exact procedure to be performed, operational and functional test to be run, essential data to be collected, and specific pass/fail criteria for the Unit Under Test (UUT).
CVG Strategy Test and Evaluation Experts
CVG Strategy engineers can help you integrate fluctuations in electrical power for MIL-STD-810 testing. Our experts at CVG Strategy have extensive experience in Climatic/Dynamic and EMI/EMC testing for a number of industries and products, both military and commercial. CVG Strategy specializes in Independent Developmental Testing and Evaluation including development of Test Plans, Test Procedures, Test Witnessing and Troubleshooting.
The Federal Communications Commission (FCC) and Homeland Security Bureau have designated Huawei and ZTE as threats to U.S. national security. Because both Chinese companies are subject to the Chinese Communist Party, they are required by law to cooperate with China’s intelligence gathering activities. China has developed an arsenal of cyber capabilities to target U.S. information security. The use of these companies’ products therefore allows the communist party to exploit network vulnerabilities and compromise critical communication networks.
FCC Prohibits Import of Telecom Equipment
On November 25, 2022 the FCC announced that it had adopted final rules to bar the sale or import of telecommunications equipment manufactured by Huawei and ZTE. It also included products from Dahua Technology Hangzhou Hikvision Digital Technology Co. and Hytera Communications. This action was unanimously approved by the four FCC commissioners. This is the first time in history that the FCC has voted to prohibit electronic equipment to protect national security.
While protecting government concerns, the actions taken do not provide complete protection from questionable devices. The ban does not block all products from these companies but focuses on equipment intended for government facility security, critical infrastructure surveillance, or national security purposes.
The United States is not alone in these bans. The United Kingdom, Canada, Australia, and New Zealand have also acted against Chinese companies involvement in telecommunications, especially equipment involved with 5G technologies. This action will likely bring to focus banning other equipment generated by hostile state-controlled companies.
Similar actions by the U.S. federal government are taking place against Chinese firms as the FBI has voiced concerns about TikTok’s use of U.S. citizens’ user data to the House Committee on Homeland Security by Director Christopher Wray. The Chinese owned social media app currently has over one billion monthly users. Among the FBI’s concerns is that the Chinese government could conduct influence operations with the app or use it to gain control of millions of user devices.
FCC Bans Universal Service Fund For These Companies
The FCC banned the use of the agency’s Universal Service Fund for the purchase services or equipment from Huawei and ZTE in 2020. This fund is currently 8.3 billion dollars per year and is used to provide affordable communications for schools, libraries, and rural health care. At that time carriers receiving monies from the fund were required to purge their networks of such equipment.
At that time both agencies claimed ample evidence justifying these actions. In fact the agency spent 1.9 billion dollars in 2021 to remove Huawei and ZTE gear that was being used in U.S. rural areas.
The Department of Justice also prosecuted a case against the company for participation in a fraudulent scheme to export banned U.S. goods and technologies for its business in Iran. Although Huawei denied these allegations, company records show that the company was directly involved in these actions.
CVG Strategy Cybersecurity Solutions
FCC concerns about Huawei and ZTE illustrate the severity of cybersecurity threats to businesses in the United States. IT solutions alone are not sufficient to combat these forces. Viable solutions include all stakeholders in an enterprise. They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.
CVG Strategy provides cybersecurity consulting and training for large and small organizations. Our experts can tailor a program using risk management process to identify information assets and interested parties. We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.
CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.
CVG Strategy MIL-STD-810 classes will provide you with the ability to develop and conduct an environmental test program. Our two day course not only provides you with valuable information about climatic and dynamic test methods but also includes training in the methodology to correctly apply test tailoring. This course is available online or onsite. Ample time is available for questions and comments so that participants are encouraged to keep engaged. Check here for our online Training Registration Schedule.
Course Description
In this two day course you will learn:
The history and evolution of MIL-STD-810
Use of Parts I of the standard to support test program development and test tailoring
Use of Part III of the standard to evaluate expected climatic conditions
How to conduct a Life Cycle Environmental Profile
Developing a Detailed Environmental Test Plan (DETP)
Preparing for Laboratory Testing
Considerations for vibration test fixtures
Description and purpose of each test method
MIL-STD-810 Applications
MIL-STD-810 Environmental Engineering Considerations and Laboratory Tests is comprised of 29 test methods that address a broad range of environmental conditions. These methods include climatic testing such as high and low temperature, humidity, salt fog, and sand and dust. The standards also provides test methods for evaluating the effects of dynamic stressors such as vibration, shock, and acceleration.
This important standard has been used by product developers in the the United States and internationally to evaluate both defense and commercial products’ ability to perform as designed when subjected to the environmental stressors that are expected in their life cycle. This testing can therefore verify and validate the environmental worthiness and overall durability of a system design.
Test Program Tailoring
MIL-STD-810 does not impose test specifications. Instead, it describes the environmental tailoring process that results in realistic materiel designs and test methods. This process combines requirements and information derived from Whole Life Assessments (WLA) to provide criteria for selection of appropriate test methods. It will also provide criteria for selecting appropriate severities and durations to perform for each test.
CVG Strategy Test and Evaluation Expertise
Our team of test and evaluation experts can assist you in creating a meaningful test program that meets requirements and prevents costly failures at the operational test stage. CVG Strategy provides an array of services to help you with environmental and EMI/EMC testing.
Our instructors have decades of experience in laboratory test and evaluation of military and commercial products. We understand the importance of testing and getting a properly designed product to market in a timely fashion.
In many cases, testing requirements can be met or enhanced through compliance by analysis. Such analysis can involve computer modeling and simulation, acceptance by similarity, or testing of coupon samples. These types of analysis can also serve to identify design deficiencies early in product development and thereby streamline product to market schedules.
Part 120 of the ITAR has received massive reorganization. This section is now broken up into three parts; General Information, General Policies and Processes, and Definitions enumerated as subparts A through C. Subpart A – General Information details purpose and legislative authority for the regulations. Subpart B – General Policies and Processes provides an overview of general policies and processes within the regulations. Subpart – C Definitions provides a centralized locations for terms used throughout the document.
Prior to this revision, definitions had been scattered throughout the regulations. They are now arranged in Subpart – C in a logical order proceeding from larger conceptual items to those of lesser importance. Subsequently those definitions have been removed from other sections. Additionally, these terms have undergone clarification and been moderately reworded. Examples of terms that have undergone revision include:
Defense Article
Defense Service
Technical Data
Public Domain
Compositional Terms
U.S. Person
Foreign Person
Regular Employee
Specially Designed
Export
Reexport
Missile Technology Control Regime
The Missile Technology Control Regime (MTCR) Annex which had previously been a part of the ITAR has now been removed in its entirety. The content of this annex is now reflected with notations in the United States Munitions List (USML). Articles enumerated in the USML that relate to MTCR controls are now annotated with (MT).
CVG Strategy Export Compliance Services
Because the the DDTC has restructured ITAR, providers of military goods and services will have to make adjustments to their export compliance programs. This will involve adjustments to program documents and assessing revised definitions to assure that compliance requirement are met and maintained.
CVG Strategy, LLC is recognized the world over as the premier provider of customized Export Compliance Consulting, Export Compliance Programs, and Training that address critical U.S. Government and Canadian laws and regulations, from Export Administration Regulations (EAR), to the International Traffic in Arms Regulations (ITAR), Office of Foreign Asset Controls (OFAC), Canadian Goods Program (CGP) and other regulatory agencies.
CVG Strategy ITAR and Export Compliance experts have managed manufacturing and distribution businesses and have worked for multi-national organizations. CVG Strategy’s experts are not ex-government employees, they understand the needs and goals of small to medium-sized operations in managing compliance requirements. They also have expertise in the implementation and maintenance of a wide variety of management system standards.
For most projects, the design of vibration test fixtures is often left to the last minute. Regardless of your industry, vibration testing is one of the most important tools in product test and evaluation. A well designed fixture will provide ample rigidity to prevent resonances that can result in product over test. It will help provide confidence that the vibration encountered by the unit under test is representative of the required spectrum.
Using you own
Using your own vibration test fixture as opposed to using one from a test facility has many benefits. Fixtures laying around test labs are often drilled out and adapted for any number or customers’ immediate requirements. If retesting is required, having your own fixture assures you of a more repeatable test regardless of the test facility you may use.
The same fixtures can also be used for shock testing where rigidity and strength are requirements. Using vibration test fixtures in environmental chamber tests for can facilitate proper orientation of equipment and prevent accidental damage to interconnected test items during removal from the chamber.
Designing your Fixture
Rigidity
Rigidity is the major consideration in vibration fixture design. A microscopic deflection in any part of the fixture can result in alarming resonances and nulls. Aluminum is an excellent material for vibration test fixtures as it provides the required rigidity while minimizing weight. Consider the intended orientations of test items and provide mounting holes for test items so that they can be easily installed and removed.
Weight
Weight is also a consideration when designing a fixture. This is particularly the case if multiple units undertest are to be tested simultaneously. Material selection can help reduce the overall weight requirements for the vibration table. Aluminum is a good material for most fixtures. It is relatively inexpensive and is light as compared to steel. It is easily worked and can be constructed to provide the required rigidity.
Magnesium provides the best material for tensile strength to weight ratio. It also has better dampening at high frequencies. It is however, more costly and is not as easy to machine. It is therefore usually reserved for high test performance requirements.
Computer Modeling
A well designed fixture will provide repeatable testing and provide the required excitation to the product being tested without resonances or nulls. To accomplish this, computer modeling should be performed. These evaluations are will ensure that the fixture has a minimum of harmonic distortion over the bandwidth of planned testing.
Validating your Fixture
Before using your vibration fixture in testing it is beneficial to perform a resonance scan to check for any unwanted responses. This is accomplished by attaching multiple accelerometers to the fixture, and sending low-level random signals that cover the frequency range of your intended test.
CVG Strategy Experts
CVG Strategy engineers can design and build vibration fixtures to meet you specific test requirements. We have decades of experience in vibration and shock testing. Let our expertise keep your test program on schedule by letting us assist you with your test and evaluation needs.
Our experts at CVG Strategy have extensive experience in Climatic/Dynamic and EMI/EMC testing for a number of industries and products, both military and commercial. CVG Strategy specializes in Independent Developmental Testing and Evaluation including development of Test Plans, Test Procedures, Test Witnessing and Troubleshooting.
Water is a Major Concern in Product Ruggedness Testing
Water is part of many test methods when evaluating product ruggedness. We live in a world that is predominated by the substance, and its effects on products for any application are severe. Because of this, products must be evaluated for their abilities to endure exposure to water as a solid, liquid, and as a gas. These tests, although seemingly simple, can present challenges to product designers.
Effects of water on products include:
Possible degradation of strength
Corrosion or erosion of materials
Fungal Growth
Malfunction of electronic and electrical equipment with possibility of hazardous operation
Fouling of lubricants
Increased chemical reactions
Swelling of materials
Condensation
Changes in material properties such as elasticity
Ingress Testing
Ingress testing is found in a wide variety of industry specific test methods. Perhaps the standard with the broadest use is IEC 60529 which evaluates a product’s degree of protection as classified by an Ingress Protection Code (IP Code). These tests also involve solid foreign objects including dust. Testing that involves water includes dripping, spraying, splashing, jetting, powerful jetting, temporary immersion, continuous immersion, and water jet with high pressure and temperature.
Similar testing can be found in standards specific to the aerospace, automotive, and military sectors. In the automotive sector a number of ISO, IEC, and proprietary standards are used in evaluation. In defense applications MIL-STD-810 includes testing for blowing rain, humidity, salt fog, immersion, the effects of icing.
Of major concern in these tests are gaskets and seals used to create “waterproof” enclosures. Though it may appear to be an easy task, gasket design can be a great challenge. In many cases a gasket must not only protect against ingress but also serve to attenuate radio frequency energy to meet EMI requirements.
The sealing materials must also endure thermal, solar, and dynamic effects. In some cases, such as wind blown rain, the impact of droplets can cause resonances that defeat otherwise sound barriers.
Humidity
Large portions of the planet experience intense humidity. Some areas experience this year round. Additionally certain applications such as marine will have extreme conditions.
Humidity can wreck havoc in a large number of ways. Prolonged exposure to humidity can degrade plastics. It can interact with deposits of dust and other substances to produce corrosive films.
Testing for the effects of humidity is difficult. Thorough evaluation usually involves lengthy tests that can last months. Aggravated or accelerated testing can at times be useful to point out potential design deficiencies, but it can be difficult to ascertain the validity of data returned with respect to anticipated exposures.
Fungus
Exposure to airborne fungal mycotoxins can be highly hazardous to humans resulting in neurological damage and cancer. Fungus and mold species prosper in humid conditions. A number of test standards can evaluate a products potential for supporting fungal growth.
It can be difficult to ascertain this by a simple analysis of materials in a Bill of Materials because deposits of contaminates may find their way on to a product during manufacturing or actual use. Generally these organisms can attack a wide variety of materials. Additionally their metabolic wastes can degrade materials.
Salt
Airborne salt can cause extreme corrosion. Salt fogs are common in coastal areas and of course in marine applications. Testing of protective coatings is essential for products that can expect such exposure. While test methods can detect possible sources of problems they are not effective simulations of the actual environmental effects.
Of further concern, testing is usually performed on new product. How a protective coating performs after thermal and solar can be difficult to evaluate, as can the effects of dropping, or impacts sustained in actual use.
Water as a Solid
Product ruggedness can be greatly diminished by ice and frost. Deposits of ice can cause structural failures and of course render devices inoperable. Frost and ice can gradually cause failures of seals and gaskets.
It can also cause failure of bonding materials and cause distortion of parts when recurring icing and thawing events occur. Test methods are available for evaluation of ice effects and time should be taken to select appropriate procedures based on a product’s intended usage.
CVG Strategy Product Test Expertise
CVG Strategy has extensive experience in product test and evaluation of product ruggedness and water. We can evaluate products, examine requirements, assess gasketing and sealing methods, and develop a test matrix to ensure that a product will perform as designed for its intended service life. We provide a variety of consultant services to assist in product testing.
We also provide test plan templates for MIL-STD-810, IEC 60529, and a number of other standards. These provide the necessary documentation to ensure that testing is performed as required, functional and operational tests are conducted, and important data is collected.
ISO 27001 cybersecurity management is an effective Information Security Management System (ISMS) for organizations and businesses of all sizes. It provides a means to ensure confidentiality, integrity, and availability of information in a system that can be harmonized with other management systems.
The ISO Advantage
There are numerous cyber security solutions for protecting confidential information. Some of these however, are not well suited for the requirements of a business environment. To be effective in these environments cyber security must integrate information security risk assessments with other risks facing the organization so that upper management can tailor the program to fit the context of the organization.
When this has been accomplished, policies and procedures can be created that allow for cooperation and involvement at all levels of the organization. Then appropriate security controls can be implemented with assurance that adequate resources are available for proper execution.
This advantage is due to the fact that ISO 27001 shares the 10 clause framework of other ISO management standards such as ISO 9001:2015. This framework establishes methodologies for:
Identifying the expectation of all stakeholders for information security.
Identifying the specific risks that will likely threaten the confidentiality, integrity, or availability of that information.
Selection of appropriate controls for addressing these risks.
Establishment of measurable goals and objectives for securing information.
Implementation of controls and mitigations.
Establishing methods for measuring the effectiveness of the entire program and reporting that effectiveness to management.
Establishing a methodology for continuous improvement of ISMS.
ISO 27000 Set of Standards
The ISO 27000 series of information security standards include over sixty separate standards that address specific elements intrinsic to a complete ISMS. While ISO 27001 provides the framework of the management system, other standards address specific information security controls. Many of these address the needs of specific technologies such as communication, cloud services, or storage security. Others provide guidelines for incident management and the analysis of digital evidence.
This vast set of resources allows organizations adopting this standard to address issues specific to their industry’s requirements. Additionally, because it is an internationally accepted standard it allows for enhanced supplier and customer relationships worldwide.
Competitive Advantages of an ISMS
ISO 27001 is an effective approach to cybersecurity because it incorporates a coordinated systematic approach that involve all levels of an organization. Because this standard institutes management review and auditing it ensures that the organization is attuned to the changing nature of cybersecurity threats. It accomplishes this through a Plan-Do-Act-Check (PDCA) Cycle. The PDCA establishes objectives and processes, implements them, assesses and measures effectiveness, and provides corrective actions.
Implementing an ISMS in compliance with ISO 27001 and achieving certification, demonstrates to all parties that an organization is actively engaged in the confidentiality, availability, and integrity of information. It can provide a competitive edge for businesses in any sector by instilling confidence that valuable and sensitive information is safe.
There have been countless incidences of cyberattacks that compromised operation and data of organizations. Industry experts do not forecast these events diminishing, as new strategies are constantly being refined by cybercriminals.
For many smaller businesses, failure to address the likely hood of a data breach could result in catastrophe. In today’s world, addressing data security and having comprehensive plans for recovery in the event of a breach is essential.
CVG Strategy ISMS Solutions
Businesses worldwide are under attack from players that are well funded and very focused on compromising proprietary data. IT solutions alone are not sufficient to combat these forces. Viable solutions include all stakeholders in an enterprise. They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.
CVG Strategy provides cybersecurity consulting and training for large and small organizations. Our experts can tailor a program using risk management process to identify information assets and interested parties. We can create the documentation and provide the essential training to establish your ISMS and guide you through certification audits.
CVG Strategy also provides consulting services for NIST 800-171 and CMMC Certification for those businesses and institutions providing services to the Department of Defense and other government agencies.
Test requirements for equipment designed for use on military platforms include a number of power quality standards. These standards evaluate the equipment’s ability to operate normally when subjected to disturbances characteristically found on their platform of intended use. They also place limits on the level of disturbance the equipment can contribute to the voltage distribution network.
Power distribution systems are subject to extreme variances and disturbances caused by devices that share the system. They can also have disturbances caused by variances in power generation devices such as generators and alternators. Inductive load dumps, spikes and surges, coupled interference, voltage fluctuations, and frequency variations can all cause significant disturbances in equipment’s normal operation that could lead to hazardous conditions or render the equipment inoperable. Because of this, military standards for evaluation of these phenomena can place stringent demands on Equipment Under Test (EUT).
MIL-STD-1275
MIL-STD-1275 “Characteristics of 28 Volt DC Power Input to Utilization Equipment in Military Vehicles” is a series of tests that simulate expected variances on vehicle power distribution systems. Test also evaluate variances emitted by the equipment under test to ensure that the equipment does not contribute excessive disturbances to supply voltage inputs. Test methods employed in this evaluation include:
Operational Voltage Range – For this test the EUT is powered at 20 and 30 Volts DC for 30 minutes at each voltage.
Voltage Ripple – The Voltage Ripple test is in fact a variance of MIL-STD-461 CS101. with the upper test frequency extended from 150 kHz to 250 kHz.
Starting Operation including Initial Engagement Surges and Cranking Surges.
Voltage Spikes both emitted and injected.
Voltage Surges both emitted and injected.
Reverse Polarity – For this test the EUT is powered at 33 Volts with reverse polarity for five minutes.
All of these tests can be challenging, but in particular the surge test can result in smoke emanating from power input circuitry, a disappointing end of a trip to the lab to be certain.
MIL-STD-704
MIL-STD-704 “Aircraft Electrical Power Characteristics” evaluates equipment for power distribution systems present on U.S. military aircraft platforms. Separate matrices of evaluation are performed based on the type of power input the equipment utilizes. Power types include:
Single Phase, 400 Hz, 115 VAC
Three Phase, 400 Hz, 115 VAC
Single Phase, Variable Frequency, 115 VAC
Three Phase, Variable Frequency, 115 VAC
Single Phase, 60 Hz, 115 VAC
28 Volts VDC
For any of the above power types, as many as 18 various tests are to be conducted. These tests include Current Harmonic Measurements, Voltage and Frequency Modulations, Transients, Interrupts, Emergency Limits, and Phase Reversals.
Consideration for classes of equipment and their level of immunity are covered in this standard. For example, a coffee pot can be rendered momentarily inoperable but a flight navigational system cannot. In no case can equipment equipment under test suffer damage or cause an unsafe condition. As with MIL-STD-1275 limits are placed on disturbances the equipment contribute to the electric power system.
MIL-STD-1399-300
MIL-STD-1399-300 “Electric Power, Alternating Current” provides test methodologies for evaluating equipment for shipboard operation. As with any of the aforementioned standards, limits and specifications are mandatory.
This standard is broken up into two parts. Part one covers low supply voltages (115 or 440 VAC). Part two covers medium voltage supplies from 4,160 VAC to 13,800 VAC. Required testing includes variances in Voltage and Frequency, Voltage Spikes, Emergency Conditions, Grounding Tests, Equipment Profile Tests, Current Waveform Tests, Simulated Human Body Leakage Current, Equipment Insulation Tests, and Active Ground Tests.
Designing Equipment for Power Sources
Military power quality testing is a specific set of methodologies that examine equipment’s ability to operate when subjected to extreme characteristics of electric power to ensure compatibility in their intended environments. While being associated Electromagnetic Compatibility (EMC) and Electromagnetic Immunity (EMI) it presents specific challenges to equipment designers.
In many cases, specially designed power supplies can be utilized to provide protection from electrical supply disturbances and distortions. However, when equipment is designed to control large inductive loads, care must be taken early in design to ensure that the equipment does not itself cause power distribution issues.
CVG Strategy can also provide guidance for MIL STD environmental testing including performance of a Life Cycle Environmental Profile as required for MIL-STD-810. Our engineers can perform design analysis to identify potential design issues before testing. We can also assist in developing test programs for product verification and validation.
The Bureau of Industry and Security (BIS) considers enforcement policies changes an instrument for combatting national security threats. This was highlighted in remarks released from Matthew Axelrod, Assistant Secretary for Export Enforcement. In recent presentations he outlined the changing focus of the United States export control system and the need for bolstering enforcement actions of the Export Administration Regulations (EAR).
Administrative Enforcement Changes Under Consideration
The BIS is considering three major changes in the way that export regulations are enforced. These proposed changes are as follows:
Publicizing administrative charging letters when filed. Currently charging letters are not publicized until the case has been resolved. Making these letters public will incentivize other companies involved in similar violations to desist in those activities. A policy to make administrative charges public would be similar to actions taken in criminal proceedings taken by the agency.
Limiting the use of no admit / no deny settlements. The BIS has often settled various administrative enforcement cases out of court, allowing organizations to pay reduced penalties without admitting to violation of export regulations. While the agency does desire to incentivize companies to resolve violations, the overuse of no admit / no deny falls short of getting companies to admit fault and fails to identify root causes of those violations.
The BIS is considering raising penalty amounts for administrative cases. Axelrod pointed out that if penalties are not sufficiently severe, that organizations can conclude that the risk is not sufficient to deter violation of the law. Furthermore, it was pointed out that penalties should be commensurate with the level of threat they present to national security.
Other Areas of Increased Enforcement Focus
Enforcement of Sanctions
Sanction enforcement is not a new area of enforcement for agencies involved with export regulations. In fact, in the last decade, enforcement authorities actions in sanction cases have resulted in billions of dollars in civil and criminal penalties. This is because many businesses are lax in ensuring that parties they are engaging in transactions are not on denied parties lists.
In the past sanctions have been considered by many to be applicable solely to financial institutions. Today, however, as sanctions have been increasingly utilized for national security and foreign ends, they are becoming increasingly relevant to any business in the international supply chain. This is the case for companies doing business in any number of countries, as more and more nations are working together in imposing sanctions multilaterally.
Antiboycott Compliance
Mr. Axelrod, along with enforcing the Department of Commerce’s EAR, also oversees the Office of Antiboycott Compliance. Anti boycott regulations were adopted to require U.S. firms to refuse to participate in foreign boycotts that the United States does not sanction. They have the effect of preventing U.S. firms from being used to implement foreign policies of other nations which run counter to U.S. policy.
The enforcement of these regulations are also currently under review. As with EAR enforcement, increases in administrative penalties and reconsideration of no admit / no deny settlements are being eyed. Additionally, those involved with enforcement are looking to prioritize which violations are being actively investigated, placing emphasis on more severe violations.
Changes in the Implementation of Export Controls
Export controls are increasingly being implemented in response to a complex and challenging geopolitical landscape. These issues include:
A growing concern over Russian actions and intentions
Nations engaged in genocide
Nations involved in subjection of ethnic minorities
Nations involved in slavery and forced labor
Nations actively engaged in theft of proprietary information including trade secrets
Nations involved in propping up illegitimate regimes through institutional corruption
As Axelrod pointed out, companies that engage in transactions with these nations, receive profit at the expensive of the world’s collective peace and prosperity. It is therefore more important than ever that those involved in export activities to effectively engage in the complexities of export compliance.
CVG Strategy Export Compliance Expertise
CVG Strategy, a proven leader in export compliance, can help your organization implement and maintain viable export compliance programs to navigate this increasingly complex business concern. We can provide expertise in Export Administration Regulations, International Traffic in Arms Regulations (ITAR), Sanctions, Denied Parties Screening, Anti Boycott and Canadian Goods Program (CGP).
We also provide assistance in item classification, Technical Assistance Agreements (TAA), and voluntary disclosures. Our staff can also provide effective training for all levels of an organization to ensure that all personnel are aware and up to date on export compliance issues.
As the BIS considers enforcement policies changes, it is becoming more and more important for companies to develop effective export compliance programs. These developments are likely to continue to raise the complexity and associated risks for companies involved in the international supply chain.
