search cancel

ITAR template and DFARS NIST 800-171 compliance in DLP

book

Article ID: 229758

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention

Issue/Introduction

Is the ITAR template, which is available as a pre-loaded template, DFARS NIST 800-171 Compliant?

Environment

Release: 15.x

Resolution

The ITAR policy template in DLP is merely a lengthy list of US Munitions terms, as well as chemical names, along with a short list of banned recipient countries.
Our ITAR template uses the USML (U.S. Munitions List) for controlled arms and weapons in ITAR part 121. 
We use the list of countries in ITAR part 126.1.

The ITAR policy will help you comply with SP800-171r2 (NIST 800-171), though Broadcom recommends consulting your Security & Compliance team on these matters, as they are in a better position to comment authoritatively on the compliance aspects as applicable in your context.

The policy template does have some limitations.

  • Alternative spellings of items.
  • Acronyms 4 characters or more, most smaller acronyms are ignored to minimize false positives.
  • Items have been removed to avoid false positives. Removed some common words to minimize false positives.
  • We assume that arms trade involving the countries in ITAR part 126.1 will result in a recipient with one of the specific country codes. 
      -Trade may be via an intermediary that is not actually in the regulated country.
      -Recipients may have a non-country-specific TLD (like hotmail.com).