What we’re talking about
The US Senate has approved the Export Control Transparency Act in an effort to enhance oversight of the Bureau of Industry and Security (BIS) dual use export controls. This Act will require the BIS to submit quarterly reports to Congress detailing export licensing requests. This reporting would include aggregate statistics on all license applications and
The Bureau of Industry and Security (BIS) is considering a 50% rule to address loopholes that are being used by subsidiaries of parent organizations on the BIS entity list. The proposed regulation would be similar to current to regulations enacted by the Office of Foreign Asset Controls (OFAC). This action would impose licensing requirements across
Self disclosure and cooperation in the investigation of export regulation violations by an entity’s acquiror has led to a waiver of prosecution against the acquiring company (White Deer Management LLC). The Department of Justice’s National Security Division and the Southern District of Texas’s United States Attorney’s Office have also decided to decline prosecution of the
Sequencing MIL-STD-810 tests methods can be a challenge when developing an Environmental Test and Evaluation Master Plan (ETEMP). Determining a representative test sequence is essential for generating representative cumulative environmental stressors that will provide an accurate evaluative process. The standard provides, in most cases, vague and general guidance in Part 1 and in each of
The Bureau of Industry and Security (BIS) has issued new guidance for Advanced Computing ICs in an effort to prevent diversion of electronics that could be implemented in Weapons of Mass Destruction (WMD). The BIS also updated Supplement No. 3 to Part 732 “Know Your Customer” Guidance and Red Flags to provide a due diligence
DoD Acquisition nominee Michael Duffy plans to review Cybersecurity Maturity Model Certification (CMMC) implementation in an effort to balance a need for security and excessive regulation. Duffy also recognized the need for affordability for the Defense Industrial Base (DIB) to maintain cybersecurity best practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Duffy
Recent studies have shown that organizations are not ready for CMMC. The Aware but not Prepared report from Redspin states that only half of the Defense Industrial Base (DIB) are even moderately prepared for a Level 2 certification. Despite a five year roll out for the final rule from the Department of Defense (DoD) DIB
The International Trade Administration (ITA) has released the 2025 Defense Export Handbook to provide an overview of U.S. trade laws governing the export of defense products. This handbook also gives guidance to new-to-market exporters on evaluating international markets and includes contact information for export control, trade promotion, and licensing. The publication describes U.S. statutes that
Integrated business management systems provide more effective solutions to the challenges facing organizations today. This approach consolidates business processes and systems across teams and unifies objectives. It can effectively address requirements for quality management, export compliance, information security management, and other concerns, ensuring compliance without gaps, duplication of efforts, or teams working at cross purposes.
The Department of Defense (DoD) has released its Cybersecurity Maturity Model Certification (CMMC) final rule. This rule will now require contractors to verify that required security measures have been implemented for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). These requirements will are to be implemented in early to mid-2025 when verification of security
AUKUS Pillar I and Pillar II ITAR developments continue as the U.S. responds to national security threats with strategic trade controls and security partnerships. In recent news, AUKUS Pillar II has greatly eased the transfer of defense articles and technologies between Australia, the United Kingdom, and the United States. This trilateral security partnership was created
The Bureau of Industry and Security (BIS) has expanded its Validated End User (VEU) Program to include controls for data centers in an effort to create a trusted ecosystem for artificial intelligence (AI) development. The VEU will now review applicants data centers to ensure application of appropriate safeguards and security measures. This update to the
Ransomware may have been the possible cause of death of a patient in Dusseldorf. A ransomware attack on thirty servers at the Dusseldorf University hospital on September 9, 2020 prevented immediate emergency treatment and resulted in the patient having to be transported to a facility 20 miles away where she died from a delay of
The Bureau of Industry and Security (BIS) has amended the Voluntary Self Disclosure (VSD) process in the Export Administration Regulations (EAR). The newly released amendment to CFR 15 Section 764.5 and Supplement No. 1 to part 766 provides guidance for settlement determinations of penalties for administrative enforcement cases. This action evolved from a series of
The Department of Defense (DoD) has proposed a Defense Federal Acquisition Regulation Supplement (DFAR) amendment for contractor implementation of Cybersecurity Maturity Model Certification (CMMC). DFARS case 2019-D041 was first published in September 2020 with an effective date of November 20, 2020 to allow for the development of CMMC 2.0. CMMC 2.0 establishes a framework for
A suit filed against Georgia Tech by the United States Government alleges that the university’s affiliate, Georgia Tech Research Corporation (GTRC) knowingly failed to meet its cybersecurity requirements for the Department of Defense (DoD). The suit was initiated by a whistleblower complaint from members of Georgia Tech’s Cybersecurity team. The lawsuit alleges that the Georgia
