Latest News

What we’re talking about

defense export handbook
Export Compliance News

Defense Export Handbook – An Overview for Businesses

The International Trade Administration (ITA) has released the 2025 Defense Export Handbook to provide an overview of U.S. trade laws governing the export of defense products.  This handbook also gives guidance to new-to-market exporters on evaluating international markets and includes contact information for export control, trade promotion, and licensing.  The publication describes U.S. statutes that

Read More »
Cyber Security

Integrated Business Management Systems for Effectiveness

Integrated business management systems provide more effective solutions to the challenges facing organizations today.  This approach consolidates business processes and systems across teams and unifies objectives.  It can effectively address requirements for quality management, export compliance, information security management, and other concerns, ensuring compliance without gaps, duplication of efforts, or teams working at cross purposes.

Read More »
cmmc final rule
Cyber Security

CMMC Final Rule to be Implemented in 2025

The Department of Defense (DoD) has released its Cybersecurity Maturity Model Certification (CMMC) final rule.  This rule will now require contractors to verify that required security measures have been implemented for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).  These requirements will are to be implemented in early to mid-2025 when verification of security

Read More »
Developments in the ITAR
Export Compliance News

ITAR Developments and U.S. Foreign Policy

AUKUS Pillar I and Pillar II ITAR developments continue as the U.S. responds to national security threats with strategic trade controls and security partnerships. In recent news, AUKUS Pillar II has greatly eased the transfer of defense articles and technologies between Australia, the United Kingdom, and the United States. This trilateral security partnership was created

Read More »
Validated End User
Cyber Security

Validated End User (VEU) Program Expanded

The Bureau of Industry and Security (BIS) has expanded its Validated End User (VEU) Program to include controls for data centers in an effort to create a trusted ecosystem for artificial intelligence (AI) development.  The VEU will now review applicants data centers to ensure application of appropriate safeguards and security measures.  This update to the

Read More »
Ransomware Possible Cause of Death
Cyber Security

Ransomware Possible Cause of Death

Ransomware may have been the possible cause of death of a patient in Dusseldorf.  A ransomware attack on thirty servers at the Dusseldorf University hospital on September 9, 2020 prevented immediate emergency treatment and resulted in the patient having to be transported to a facility 20 miles away where she died from a delay of

Read More »
Voluntary Self Disclosure Process
Export Compliance News

Voluntary Self Disclosure Process Changed by BIS

The Bureau of Industry and Security (BIS) has amended the Voluntary Self Disclosure (VSD) process in the Export Administration Regulations (EAR).  The newly released amendment to CFR 15 Section 764.5 and Supplement No. 1 to part 766 provides guidance for settlement determinations of penalties for administrative enforcement cases.  This action evolved from a series of

Read More »
DFAR Amendment for Contractor Implementation
Cyber Security

DFAR Amendment for Contractor Implementation

The Department of Defense (DoD) has proposed a Defense Federal Acquisition Regulation Supplement (DFAR) amendment for contractor implementation of Cybersecurity Maturity Model Certification (CMMC).  DFARS case 2019-D041 was first published in September 2020 with an effective date of November 20, 2020 to allow for the development of CMMC 2.0.  CMMC 2.0 establishes a framework for

Read More »
Suit Filed Against Georgia Tech
Cyber Security

Suit Filed Against Georgia Tech by U.S. Government

A suit filed against Georgia Tech by the United States Government alleges that the university’s affiliate, Georgia Tech Research Corporation (GTRC) knowingly failed to meet its cybersecurity requirements for the Department of Defense (DoD).  The suit was initiated by a whistleblower complaint from members of Georgia Tech’s Cybersecurity team.   The lawsuit alleges that the Georgia

Read More »
AUKUS Defense Trade
Export Compliance News

AUKUS Defense Trade Moves Forward

The U.S. Department of State announced on August 15, 2024 that progress had been made in the AUKUS defense trade integration. This has resulted in an interim final rule amendment to the International Traffic in Arms Regulations (ITAR) that will facilitate billions of dollars in secure license-free defense trade between Australia, the United Kingdom, and

Read More »
Academia Research Export Compliance
Export Compliance News

Academia Research Export Compliance Challenges

The Bureau of Industry and Security (BIS) has released guidance on improving academia research export compliance programs. This guidance is based on recent trends in Voluntary Self-Disclosures conducted by academic institutions where Export Administration Regulations (EAR) violations occurred . Voluntary Self-Disclosures A Voluntary Self-Disclosure (VSD) is conducted when an organization recognizes that violations or suspected

Read More »
Integrating Physical Security Requirements
Cyber Security

Integrating Physical Security Requirements for Businesses

Integrating physical security requirements is an area of growing concern for organizations of all sizes.  Aside from insuring basic safety for personnel and physical assets, businesses are faced with security requirements for cybersecurity and export compliance.  This necessitates a non-siloed approach to an often overlooked management function. Basic Physical Security Measures Every organization should ensure

Read More »
New Export Screening List
Export Compliance News

New Export Screening List for Diversion Risks

The Bureau of Industry and Security (BIS) has issued guidance that recommends using a new export screening list as additional due diligence to prevent diversion risks.  This new database, The Trade Integrity Project has been released by the Open Source Center, which is based in the United Kingdom.  This list focuses on entities involved in

Read More »
AUKUS Eases Export Restrictions
Export Compliance News

AUKUS Eases Export Restrictions Under ITAR and EAR

AUKUS eases export restrictions under ITAR and EAR for certain defense related articles and technologies between the United States, Australia, and the United Kingdom.  This strategic initiative has been taken to enhance the defense capabilities of all three nations to respond to national security threats posed by the Peoples Republic of China (PRC) and Russia.

Read More »
NIST Special Publication 800-53
Cyber Security

NIST Special Publication 800-53 Controls

NIST Special Publication 800-53 is a catalog of security and privacy controls released by the National Institute of Standards and Technology for U.S. federal information systems.  It includes key steps in the Risk Management Framework for the selection of appropriate security controls for information systems.  This framework standards and guidelines is a requirement for federal

Read More »
Statute of Limitation for Sanctions
Export Compliance News

Statute of Limitation for Sanctions Extended to Ten Years

President Biden signed H.R. 815 into law on April 24, 2024 to address specific foreign policy and national security issues.  This legislation includes an extension (Section 3111) for the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) from five to ten years.  This statute of limitations is applicable to

Read More »