What we’re talking about
The U.S. Government continues to impose export compliance penalties for companies that commit violations. This is the case for exports that fall under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). These penalties can include both civil and criminal fines, imprisonment, and denial of export privileges. Penalties Under the ITAR
The International Traffic in Arms Regulations (ITAR) expands treaty exemptions for the transfer of defense articles, services, and technical data enumerated on the Munitions List. This rule, which will become effective on May 12, 2023, is in effect for transfers between the United States and Australia, the United Kingdom, and Canada. Effect of Rulemaking This
A new Department of Defense (DoD) requirement for contractors has been proposed. This would require contractors to provide applicable export authorizations when receiving certain types of government contracts. This proposed amendment to the Defense Federal Acquisition Regulation Supplement (DFARS) would empower the Defense Contract Management Agency (DMCA) to request export authorizations when contracts require Government
The Bureau of Industry and Security (BIS) addressed human rights abuses with additions to the Entity List of individuals and organizations that are enabling or engaging in human rights violations. The eleven entities added, in March of 2023, are based in China, Burma, Russia, and Nicaragua. These actions demonstrate the ongoing efforts by the Department
Microsoft export violations have resulted in multi-million-dollar penalties for the software provider. The company has made voluntary disclosures to the Bureau of Industry and Security (BIS), the Department of the Treasury’s Office of Foreign Assets Controls (OFAC), and the Department of Justice (DOJ). Most of these reported violations occurred between 2012 and 2019. These violations
Quality Management internal auditing is performed in an organization to assess strengths and weakness, and identify areas of noncompliance. These audits are usually conducted by employees of the organization to assess processes they are not directly involved in to ensure an unbiased analysis. Information gathered from a well performed internal audit can provide insights for
Hosting giant, GoDaddy, has disclosed a Multi-Year Security Breach that has compromised customer security and may cause infection of websites. This is a noteworthy concern as the company acts as a hosting service for 20 million customers worldwide. The first breach was reported in November of 2019. Since this time the company has reported two
The Bureau of Industry and Security (BIS) is Assessing the Civil Space Industrial Base in the United States in partnership with the National Oceanic and Atmospheric Administration (NOAA) and the National Aeronautics and Space Administration (NASA) to better understand this important supply chain network. This study will use surveys to collect data from U.S. organizations
Tabletop Exercises for Cyber Incident Response teams are effective tools for assessing the ability of an organization to protect and preserve sensitive data. These exercises engage team members to respond to a variety of scenarios. This provides an evaluation of the Cyber Incident Response Plan’s technologies, processes, and personnel’s ability to maintain confidentiality, integrity, and
MIL-STD-810 Temperature Shock testing (Method 503) is used to evaluate equipment’s ability to withstand sudden changes in temperature. This laboratory test method is conducted in environmental test chambers and can be tailored to replicate the anticipated thermal profiles during storage, transit, and operation. Such shock could be experienced when a jet fighter on a tarmac
The Department of Commerce has initiated the Disruptive Technology Strike Force which will partner the Bureau of Industry and Security (BIS) with the Department of Justice (DoJ) in the enforcement of the Export Administration Regulations (EAR). Export Administration Regulations (EAR) control the export of commodities determined to be dual-use. Dual-use items refer to commodities and
As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule. These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses. Because the rule is in proposed status, it
The Directorate of Defense Trade Control (DDTC) has released Export Compliance Program Guidelines to provide businesses with an overview of best practices for complying with the International Traffic in Arms Regulations (ITAR). These guidelines encourage organizations to adopt robust policies and procedures to ensure that compliance with export controls for items enumerated in the United
MIL-STD-461 MIL-STD-461 is an EMI/EMC standard for developmental test and evaluation. This standard is broken out into nineteen various methods. These methods include Radiated Emissions, Conducted Emissions, Radiated Susceptibility, and Conducted Susceptibility. MIL-STD-461 testing includes radiated and conducted test methods. These methods involve simulations of magnetic, radio frequency, Electrostatic Discharge (ESD), and Electromagnetic Pulse (EMP)
The Directorate of Defense Trade Controls (DDTC) Open General License (OGL) pilot program has been instituted to ease the conditions under which exports, reexports, and retransfers of unclassified defense articles may be performed between pre-approved parties. This program was started in August 1, 2022 and will continue through July 31, 2023, at which time the
Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs. These activities will be essential for Department of Defense (DoD) contractors to remain compliant. Current CMMC Requirements Currently CMMC 2.0 requirements are divided into three levels of compliance: CMMC Level 1 – Foundational is comprised of the 17 practices
