ITAR

The United States International Traffic in Arms Regulations (ITAR) is an export control regulation administered by the US Government and enforceable extra-territorially. Australian businesses, in areas spanning high tech military to dual use technologies, must ensure their compliance
with these regulations and standards.
ITAR places strong security requirements on companies. Using GuardWare INSIGHT, companies can implement these requirements in an easy, fast and secure manner. Following are ways how GuardWare INSIGHT assists organisations achieve compliance:

• Helps to enforce Technology Control Plan (TCP). GuardWare INSIGHT is the enforcement tool used by Technology Control Officers to enforce the policies and procedures for securely handling controlled ITAR information.
• Assists Technology Control Officer centrally manage and control ITAR information. GuardWare INSIGHT is the main digital enforcement used by TCOs for maintaining ITAR compliance. Using GuardWare INSIGHT TCOs get an overall view of where ITAR information is being stored, who has access to it and how isit being moved or transferred. Using the system, they can centrally define who can access controlled information and take back control in case of lost device or staff turnover or change. The system generates automated alerts in case of risky user actions and unauthorised access of information. Using this information TCOs can re-educate their users on proper handling of controlled information or in the case of malicious activity take appropriate action.
• Helps to locate and classify ITAR related data. One of the first steps is to locate where ITAR related data is stored and classify it using appropriate security classifications. GuardWare INSIGHT automates this process by scanning local devices and servers to locate ITAR related data and apply appropriate classification on it.
• Access of controlled data. Controlled data should be protected from unauthorised access and using up to date access control. Inadvertent access by unauthorised persons may be a violation of U.S. export controls. GuardWare INSIGHT helps enforce this by monitoring access of controlled information and alerting if accessed by unauthorised personnel.
• Movement of controlled data needs to be encrypted. ITAR requires that all transmission of controlled information over the internet should to be protected using encryption as mentioned above. This includes email attachments and files being uploaded and maintained in cloud storage. Care should also be taken during offline movement of controlled data. For example, leaving Australia with export-controlled technology, software or classified data on your laptop may be a violation of Australian or U.S. export controls. Companies need to ensure that all offline movement of data whether on a laptop or using external storage media like USB or CD is protected using encryption to prevent against loss. GuardWare INSIGHT helps to enforce this requirement by ensuring only authorised encrypted channels are used to move data. INSIGHT monitors all movement of data which includes using offline means like USBs or any online encrypted channel like cloud. The monitoring is done at content level ensuring clear evidence is available to TCO in case of non-compliances.
• Monitoring and alerting. One of the most common forms of breaches are a result of human error like unauthorised export of controlled technology. With GuardWare INSIGHT companies can establish strong data monitoring and auditing controls to the extent needed to enable alerting, analysis, investigation, and reporting of unlawful or unauthorized activity which can assist the TCO in the event of a violation. With GuardWare INSIGHT companies can ensure that the actions of individual users can be uniquely traced to those users.
• Disposal of Controlled Data. Companies need to establish proper procedures to destroy/delete all physical and electronic controlled data at the end of its useful life. This is a complicated process as over time data moves out of secure enclaves. GuardWare INSIGHT can help to locate this data using automated data discovery scans. Once discovered TCO’s can take appropriate actions to appropriately dispose off
  the data.