How STEALTHbits Helps with ITAR Compliance

How STEALTHbits Helps with ITAR Compliance

What is ITAR?

The International Traffic in Arms Regulations (ITAR) is a United States regulatory compliance standard that restricts and controls the export of defense and military related technologies to safeguard U.S. national security. The U.S. Government requires all manufacturers, exporters, and brokers of defense articles, defense services or related technical data to be ITAR compliant.

For a company involved in the manufacture, sale or distribution of goods or services covered under the United States Munitions List (USML), or a component supplier to goods covered under the USML, the company is required to be ITAR compliant, meaning the company must be registered with the State Department’s Directorate of Defense Trade Controls (DDTC). Overall, the U.S. government is attempting to prevent the disclosure or transfer of sensitive information to a foreign national.

Specifically, ITAR [22 CFR 120-130] covers:

  • Military items or defense articles
  • Goods and technology designed to kill or defend against death in a military setting
  • Space-related technology because of the application to missile technology
  • Technical data related to defense articles and services
  • Strict regulatory licensing

Where STEALTHbits Fits

As with any regulation, considerations corresponding to people, process, and technology need to be taken into account in order to achieve true compliance. STEALTHbits fits primarily within the technology aspect of the equation, supporting the people and processes that have been implemented to achieve the overarching goal of safeguarding data subject to the standard.

In particular, the following capabilities and products correspond directly to the needs of most organizations as it pertains to ITAR compliance:

  • Sensitive Data Discovery & Classification – Using StealthAUDIT’s built-in sensitive data discovery and data classification components, organizations can not only identify where their ITAR “technical data” exists across network file shares, SharePoint sites, cloud storage repositories, Exchange, and SQL databases, but tag them as well.
  • Access Control – A critical component to achieving compliance with ITAR requirements is not just knowing where ITAR technical data exists, but understanding who has access to it, how, and what they’re doing with the data. StealthAUDIT’s governance facilities, activity monitoring, and ability to assess permissions, metadata, and more enable organizations to answer all the most critical questions about access to their ITAR technical data, automatically adjust the access model that has been applied to it to align with least privilege access principles, and control it continually to keep it that way.
  • Threat Detection and Vulnerability Management – STEALTHbits’ behavioral analytics through StealthDEFEND, real-time change detection and prevention through StealthINTERCEPT, and proactive vulnerability assessment capabilities using StealthAUDIT enable organizations to pinpoint and remediate areas of risk and eliminate excessive and undifferentiated warnings produced by native logs and other third-party solutions. Whether preventing modifications to critical Active Directory security groups, alerting on unauthorized authentications, detecting anomalies in file activity, or reporting on systems vulnerable to compromise, STEALTHbits’ solution allows organizations to address security and compliance at multiple layers, demonstrating to auditors a true commitment to meeting and exceeding ITAR requirements.

Any STEALTHbits product can be trialed prior to purchase. Are you interested in seeing how easily STEALTHbits can address your most pressing ITAR requirements? Request a free trial now!

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.