DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION

By Dennis Andrie,

On November 18, 2013, The Defense Acquisition Regulatory Council (DARC) issued its final ruling for Defense Acquisition Regulations System (DFARS) Subpart 204.73 and associated contract clause 252.204-7012, Safeguarding of Unclassified Controlled Technical Information.The new subpart presents a high level guide to actions that need to be undertaken by companies that contract or subcontract with the U.S. Government to protect Unclassified Controlled Technical Information in the course of executing the U.S. Government contracts. more “DFARS Subpart 204.73 – SAFEGUARDING UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION”

Can we turn off Snowden’s access after the fact?

By E.K. Koh

In my last blog, Would data-level controls have stopped Snowden, I highlighted the importance to separate system rights from data rights. But what if Snowden was using a login credential that in fact grants him rights to sensitive data? Accounts vary, but in the blog What the Snowden affair taught us , Anand alluded to the fact that Snowden gained access by stealing credentials of users with higher privilege. Unfortunately, even a system with fine grained data entitlement capabilities will not be able to stop Snowden, under his new identity, from copying sensitive data. more “Can we turn off Snowden’s access after the fact?”

Attributes is the new role?

By Sandeep Chopra.

“Attributes” is the new Role?

In the last Gartner Identity and Access Summit in Nov 2013, Gregg Kreizmann, Research VP in Gartner, made a prediction that by 2020, 70% of all businesses will use attribute-based access control (ABAC) as the dominant mechanism to protect critical assets, up from <5% today.

In Oct 2013, NIST published their report titled “Guide to Attribute-based Access Control Definition and Consideration”, which we discussed in an earlier blog. This is recognition that organizations, including the federal government, need to govern how information is shared across systems, applications, and organizations. more “Attributes is the new role?”

A “Cheat Sheet” on the Obama Export Control Reforms

By Gary Stanley.

The initial Obama export control reforms became effective on Oct 15th.  Although these reforms promise less licensing, they come at the price of more complex controls and more extensive record keeping.  The new rules must be approached in a systematic manner.   Here’s a “cheat sheet” to help you take advantage of these significant changes to U.S. export and re-export controls. more “A “Cheat Sheet” on the Obama Export Control Reforms”

Export Control Reform – Are you Ready?

By E.K. Koh.

Parts of the US Export Control Reform went into effect on October 15th, 2013.  Are you ready?

The current system has two different control lists administered by two different departments, Commerce and State, and there are three primary export licensing agencies, Commerce, State, and the Treasury.  A multitude of agencies – Commerce, Defense, Homeland Security, Justice, State, and the Treasury – each have authority to investigate and/or enforce some or all of the export controls, each using separate IT systems that do not intercommunicate. more “Export Control Reform – Are you Ready?”

Managing Export Compliance with Trade Management IT Systems

By Soujanya Madhurapantula.

Let’s start with what a trade management system is, what it does, and what are some of its shortcomings.

What is a Trade Management System

Export control can get pretty messy, especially when you consider how a typical company will be operating according to the rules of multiple jurisdictions at any given time.  Businesses that must comply with Export Control regulations like ITAR often maintain license and distribution information in a central Trade Management System (TMS).  more “Managing Export Compliance with Trade Management IT Systems”