Meet ITAR Requirements with FileCloud’s Compliance Center

Meet ITAR Requirements with FileCloud’s Compliance Center

Meet ITAR Requirements with FileCloud’s Compliance Center

In the last few years, network security has become more relevant, as cyberattacks and ransomware become both prevalent and increasingly sophisticated. To ensure information safety, government security agencies have created “compliance” requirements to manage the storage, exchange, and retention/destruction of protected or sensitive information. Depending on the data managed by a company and with whom they do business or share information, they will be required to meet certain requirements to be considered compliant. This blog post focuses on ITAR compliance, but there are plenty of other regulations across different industries.

For example:

• EU GDPR (General Data Protection Regulation)
• GLBA (Gramm-Leach-Bliley Act)
• HIPAA (Health Insurance Portability and Accountability Act)
• PIPEDA (Personal Information Protection and Electronic Documents Act)
• CCPA (California Consumer Privacy Act)

What is ITAR Compliance?

The International Traffic in Arms Regulations (ITAR) is a United States regulatory regime to restrict and control the export of defense and military-related technologies to safeguard U.S. national security and further U.S. foreign policy objectives.1

In summary, if you are a government entity or a business that needs to share documents with a government entity related to the Department of Defense, you need to follow specific steps to secure your documents and communicate using a secure environment.

Does FileCloud support ITAR compliance?

FileCloud will enable you to make your “shared information” comply with ITAR through its on-premises FileCloud Server solution and the option to enable FIPS 140-2 encryption, along with storage options with AWS GovCloud or Azure for Government. FileCloud has a large set of features to help compliance officers and IT managers fulfill requirements for businesses and organizations. Additionally, FileCloud offers an extensive list of security settings that can be configured in such a way that supports compliance with ITAR requirements.

FileCloud Compliance Center

Setting up your FileCloud environment to comply with ITAR (or other compliance requirements) is a straightforward process. In previous versions, this was made possible by following a provided checklist. Since FileCloud version 21.2 (October 2021), we now offer an admin UI feature, the Compliance Center.

The Compliance Center was developed to offer a simple and effective compliance tool that supports government requirements such as ITAR.

Today (March 2022), the Compliance Center supports ITAR, HIPAA, and GDPR. FileCloud will add new requirements in future versions of FileCloud (for example, NIST, CMMC, and others).

FileCloud Compliance Center – ITAR

To help you comply with ITAR, the Compliance Center includes 14 different rules that you need to enable and configure to help you comply, track, and secure your FileCloud Server.

This comprehensive feature set helps you configure each of the 14 items needed to secure your system. Each item in the list includes:

• Rules: This identifies the ITAR rule you are configuring; If you click on the rule number, it will open a new browser tab with the rule’s definition from the Code of Federal Regulations official website.
• FileCloud Configuration: This summarizes the action you need to take in FileCloud to secure compliance with the specific rule.
• Enable: You can enable/disable each rule. This will depend on your specific requirements.
• Effective Date: The date the rule was initially enabled. This helps you identify when the Compliance Center began measuring the status of this rule.
• Status: Can be “OK”, “Issues”, or blank (if disabled). If the status shows as “OK”, it will tell you the last check timestamp. If it shows “Issues”, you can click on the status, and it will show you a list of events/configurations missing that you need to fix to comply with the specified rule.
• Actions: Some actions have an edit button, and all have an info button. The edit option will let you pick and choose the specific setting required to comply with the rule (for example, a metadata set, a SmartDLP rule, etc.)

For more details on setting options and additional information on the Compliance Center, please check the Compliance Center Documentation page. You can also read about the different compliance requirements available (ITAR, GDPR, HIPAA) by visiting the More Information section.

Article written by Daniel Alarcon.

References

1. “U.S. State Department – Policy – Directorate of Defense Trade Controls.” Pmddtc.state.gov. Archived from the original on September 14, 2010. Retrieved July 8, 2010.