Understanding ITAR and EAR, and the many channels of federal regulations that govern export control can be critical to your company’s future.
The Department of State’s Directorate of Defense Trade Controls administers the International Traffic in Arms Regulations (ITAR), and the Department of Commerce’s Bureau of Industry and Security administers the Export Administration Regulations (EAR). But myriad authorities also have export regulations, including the OFAC, the White House OMB, the DHS, the DOE, the DOJ, the DOI, the DEA, the EPA, the FDA, the NRC, the PTO, and the U.S. Census Bureau. All of these agency regulations make it very difficult to maintain any sense of confidence that your export control program is current, sophisticated and robust enough to prevent stiff penalties.
Any violation of U.S. export controls, even one that is seemingly technical or inadvertent, could subject your company and any involved employees to severe criminal penalties including jail time, substantial civil penalties and fines, loss of export privileges, and suspension or debarment from contracting with the U.S. government and original equipment manufacturers (OEM).
What makes these penalties even more frightening are the new cyber security requirements for all federal contractors. All federal contractors are required to implement the 15 basic safeguarding requirements (17 of the 109 NIST 800-171 controls), see FAR 52.204-21, effective June 16, 2016; and put into place a Systems Security Plan and Plan of Action, see DFARS 252.204-7012, effective Dec. 31, 2017. Has your company seen these regulations in your customer purchase order terms and conditions? Are
you compliant and prepared to provide these documents to your customer? Will they audit your company in 2018?
CCAT has products and services that can help you get into compliance quickly. CCAT has a Policy that can be customized as your company’s first line of defense in case of a violation. CCAT has a wholly-owned IT subsidiary with expertise in system security network administration, which can get you into compliance with the 15 basic safeguarding requirements with ease. The system security changes feed the development of your Systems Security Plan, which get you into compliance with the new cyber requirements.