Solutions by Compliance

Export Controls (ITAR and EAR)

Complying with ITAR and EAR 

ITAR, or the International Traffic in Arms Regulations, are issued by the United States government to control the export and import of defense-related articles and services on the United States Munitions List (USML). In short, the U.S. Government requires all manufacturers, exporters, and brokers of defense articles, defense services or related technical data to be ITAR compliant. The Export Administration Regulations (EAR) are issued by the United States Department of Commerce to control the export of items which are designed for a commercial purpose which could have military applications, such as computer hardware and software (Commerce Control List). 

ITAR and EAR violations can pose a huge risk for impacted companies. Defense contractors have been fined tens of millions of dollars for failing to control access to EAR and ITAR regulated data. And they can impact more than just the bottom-line – criminal penalties of 10 to 20 years in prison, depending on the regulation, are also possible. 

Secure Access to Network Applications and Resources

If your company falls under ITAR or EAR and you are providing access to product development plans, hardware specifications, source code, and other sensitive information, then you must implement security controls to ensure compliance. The rules apply to internal and external users or groups that have access to regulated content in the US and in many other countries as defined in the requirements. 

Ensure secure access to ITAR-controlled content by restricting access to network resources based on role and context. Cryptzone’s context-aware dynamic access control solution helps to tightly restrict who can access the information stored on your network, making non-authorized resources invisible and inaccessible to any users that should not have access. AppGate takes contextual attributes into consideration including the user's identity, the type of device being used, geographical location and so on, before allowing access to resources to meet strict ITAR requirements. 


AppGate is a network access security solution that reduces your attack surface by 99% while significantly lowering costs. Based on the Software-Defined Perimeter model, AppGate enforces fine-grained network permissions, automatically tailored to each unique user’s needs. 

ITAR Compliance in SharePoint and Office 365

Trying to define access in SharePoint and Office 365 using item permissions would require the creation of thousands and thousands of security groups, and if using inheritance, thousands of sites or libraries and folders. You also run the risk of exceeding the limit of allowed security scopes on a list. The complexity of these security schemes greatly expands the likelihood of multiple single point defects in individual user or document permissions – any of which constitute an export breach.

Cryptzone provides a simple approach using dynamic access and identity management. The Cryptzone approach to ITAR and EAR in SharePoint and Office 365 is simple. Security Sheriff uses metadata-driven rules in combination with user claims to determine access and permissions at the item level without the need to create additional groups and independent of permissions. Security Sheriff allows organizations to use rules and dynamically define groups, permissions and access based on user attributes and document classification. The solution secures content in compliance with ITAR / EAR regulations without adding complexity.

A powerful solution, Security Sheriff uses an agentless Secure Reader that allows users to view PDF files, Office documents (Word, Excel, PowerPoint and Visio) without letting users copy, modify or redistribute controlled content.  In addition, a user traveling outside the US can be denied access to classified documents or restricted to ‘view only’ and prevented from downloading or emailing the document.

Security Sheriff

Security Sheriff automates and enforces data security policies by leveraging dynamic access, deny rules, sharing rules and a secure viewer to help ensure that only authorized users can view, edit and share classified data.