ITAR/Export Control

The International Traffic in Arms Regulations (ITAR), which is administered by the U.S. State Department Directorate of Defense Trade Controls, regulates a wide variety of products (lethal & non-lethal) and technical information. Regulated information does not need to leave your company , or even the building, to constitute a violation.

Section 120.17(a) defines export to include sharing controlled information, intentionally or not with a foreign person (including those present within the U.S.) is considered a violation of the ITAR, that could result in penalties. Companies that export products – particularly in the high-tech, aviation, and military sectors – must put in place mechanisms that prevent violations of the U.S. export laws.

The Department of State’s Directorate of Defense Trade Controls has guidelines that suggest:

• Export controlled documents should be
  “tagged” to identify their status
• Establishing a procedure to combat illegal transfers
• Regular audits to ensure integrity of program
• Procedures to investigate any potential diversions

Prevent information access and usage by unauthorized personnel

Encryption is the only reliable means to prevent access to content by unauthorized persons. Liquid Machines Enterprise Rights Management policies encrypt data to prevent accidental or deliberate access by unauthorized persons. Liquid Machines further protects ITAR restricted content by controlling how the authorized user can work with protected data. Policies enforce fine-grained permissions that can control which users can print and edit documents, whether users can change or remove the policy, if they can work offline and, if and when access to documents expires completely. Expiring documents when at the end of their useful life reduces the volume of sensitive content to be manage – reducing the organization’s overall risk exposure.

User blacklists exclude foreign persons

Liquid Machines policies allow you to specify who is allowed to access protected content and what specific usage rights that person has under the policy. Different roles allow different users to have different permissions to the same document. Since most rights management policies can include Active Directory groups containing many users, it may not be immediately obvious that a foreign person was accidently granted rights.
The Liquid Machines Enterprise Policy Server introduces the ability to “blacklist” foreign persons or anyone who must not ever be granted permissions on a given policy. Even if a person is added to a policy role, the blacklist will override these permissions and guarantee that the user will not have access to any documents protected with the policy. Using Liquid Machines, organizations can:

• Protect content automatically
• Demonstrate compliance with detailed audit reports
• Maintain existing network infrastructure and workflow processes
• Protect more than just ITAR controlled information
• Extend Microsoft RMS to allow blacklist users and audit compliance
• Revoke rights anytime, anywhere, for any user including mobile users
• Audit information access, usage, and extractions as well as policy administration activity
• Produce critical periodic compliance reports