Choose the Right File Sharing Solution for ITAR Compliance

ITAR (International Traffic in Arms Regulations) is promulgated pursuant to the Arms Export Control Act (22 USC sec. 2751). The regulations are programmed to restrict and control the import and export of defense and military-related items, technologies, and services. Any item or service subject to the regulations must be included on the United States Munitions List (USML), compiled, and maintained by the State Department which is responsible for the administration of ITAR.

ITAR is implemented by the State Department’s Directorate of Defense Trade Controls (DDTC). Items listed on the USML may be shared only with a US person. Any deal involving a non-US person requires either authorization or an exemption from the DDTC.

FileCloud for ITAR is a secure file management solution that offers file storage,  access, and data governance. Custom-tailored specifically for organizations who deal with ITAR
and EAR-regulated data, it offers multi-layer data security, governance, and advanced recordkeeping capabilities. FileCloud is cloud-agnostic, which means you can self-host it on your own IT infrastructure, or choose to utilize our software services.

Basic Principles to Secure your ITAR Data

  • Search and Secure Sensitive Data – FileCloud’s Smart Classification Engine automatically sorts your content into logical categories within minutes. Automate sensitive data discovery with simple rules that make sense to you. Our cloud services are hosted in AWS GovCloud. FileCloud service is managed and supported from Austin, Texas by U.S.-based personnel. FileCloud can also be self-hosted by end-users if they prefer that option over our cloud service.
  • Granular Permissions for Users – In addition to powerful auditing features, FileCloud for ITAR also offers detailed information about downloaded files, user shares, user logins, active users, DLP violations, and statistics for file movement.
  • User Data Access Control – FileCloud offers private-only, time-limited, and view-only access for sensitive documents. You can prevent downloads, and configure custom sharing options with FileCloud’s Smart DLP capabilities and document tags.
  • Audit Reports – FileCloud aims to give you the best possible audit data to satisfy ITAR compliance. With our admin portal, administrators can easily filter and select levels of granularity, as well as use the “Audit” options on our admin dashboards to view the following granular data.

Features of FileCloud for ITAR Compliance

 Own Your Data

Self-host FileCloud on AWS GovCloud or Azure. Control and manage inbound and outbound network traffic, check detailed audit logs to see who accessed the files, and more. Build a robust ITAR compliant file sharing and access control solution with FileCloud.Our cloud services are hosted in AWS GovCloud. FileCloudservice is managed and supported from Austin, Texas by U.S.-based personnel. FileCloud can also be self-hosted by end-users if they prefer that option over our cloud service.

360° Data Security

FileCloud provides multi-level, 360° data protection by bringing revolutionary Data Leak Prevention capabilities to the market. Our simple, flexible, and rule-driven system prevents accidental data leaks from end-users and protects all sensitive data. Unintentional data leaks can happen because of user errors and oversights. Establishing a set of strict policies to prevent data leaks is crucial for ITAR compliance. FileCloud’s Smart DLP offers 360* protection. FileCloud helps in protecting data in compliance with ITAR.

End- to-End Encryption

FileCloud for ITAR offers encryption at rest and in transit using FIPS 140-2 validated cryptography models. The files are encrypted as they are uploaded to the system.
FileCloud for ITAR (Online) offers independent and extensive customer control over encryption keys using AWS Key Management in GovCloud, while our self-hosted option offers complete control over data and encryption keys.

Record Management

ITAR requires that records of transactions and information be maintained for five years from the expiration of the export license or other approval. In the case of an export license exemption, this would be from the date of the transaction. FileCloud for ITAR offers complete content lifecycle management with flexible retention and archival schedules to meet your ITAR record management requirements.

Access and Authentication

Securely access your enterprise data from anywhere using any device – without a VPN. FileCloud offers multiple ways to access your organization’s files securely: web browser, a sync client, a mapped virtual drive, and mobile apps. Authenticate with Active Directory, or create new accounts with FileCloud. 2FA, SAML-SSO, and Smart Card Authentications are supported across all clients (Web, Desktop, and Mobile apps). Set expiration on shared files and set granular file permissions. Revoke data access to reduce the risk in event of a data breach.

A Review of ITAR Features from FileCloud

FileCloud for ITAR security features complies with ITAR document security requirements with features including:
• Encryption at rest and in transit using FIPS 140-2
• Complete, independent control over your content- Own your data
• Supports NIST password standards
• Multi-factor authentication
• Smart, automatic classification of documents according to sensitivity
• Smart Data Leak Prevention
• Control access based on IP filters
• Realtime activity-Audit
• U.S.-based infrastructure operated by U.S. Citizens in the U.S.

Conclusion

Security is important to comply with ITAR compliance and achieving the same efficiency by migrating all file sharing needs to FileCloud is a good bet. FileCloud provides secure data transfer to defense contractors and other organizations.FileCloud also provides the necessary tools for high performance and productivity. The penalties for ITAR violations, both criminal and civil, are substantial. Criminal penalties may include fines of up to a million dollars per violation and 10 years’ imprisonment while civil fines can be as high as half a million dollars per violation. Failure to comply with ITAR may also damage an organization’s reputation and ability to conduct business. The State Department maintains publicly available records of all penalties and violations dating back to 1978. Organizations and individuals run the risk of being completely debarred from exporting defense-related services and items.