Impact of EAR and ITAR on Your Information Systems

Per government procurement regulations, prime contractors with EAR or ITAR obligations should include them in any contracts with subcontractors dealing with export-controlled services or products at any given time. If you are a prime federal contractor and provide any export-controlled service, handle export-controlled products, or even offers services to the U.S. federal government, you should comply with EAR, ITAR, among other federal export regulations. You are subject to ITAR or EAR if you:

  • Provide defense service and articles.
  • Manufacture, service, or export any item listed on the USML.
  • Provide Cloud or IT services to federal agencies or prime contractors that process, transmit, or store export-controlled data using your services.
  • Produce the “know-how” or items listed on the Bureau of Industry and Security (BIS) Commercial Control List (CCL).

And while EAR, ITAR, and other U.S. Federal export regulations don’t set stringent cybersecurity requirements, you almost always must have cybersecurity controls to put into effect a successful export compliance program in your organization. In both ITAR and EAR, compliance is a must.

Export Control Compliance for Cloud Service Providers (CSPs)

While CSPs may not be in the business of offering export-controlled services or producing export-controlled products, they may engage with clients with export-control needs. Unfortunately, EAR, ITAR, and other export control directives demand that you demonstrate compliance with such export control regulations if you are to work with businesses that deal with export-controlled products or services. This ensures that you avoid criminal prosecution and censure, among other penalties of non-compliance. Our professionals have vast experience assessing cloud environments to ensure they align with the DoD Security Requirements Guide (SRG), FedRAMP®, and other cybersecurity directives. We are well-suited to help you manage export control cybersecurity contractual obligations as you seek authorization.

How Can Cleared Systems Help?

We closely work with your organization to ensure you understand the EAR and ITAR control requirements and their impact on your cybersecurity plan and implementation. We offer assessment and advisory services aimed at helping you navigate all cybersecurity aspects of the export control compliance framework, effectively addressing your unique cybersecurity requirements. We offer services such as:

Export Control Cybersecurity Assessment

  • A thorough evaluation and analysis of security controls
  • A comprehensive review of your organization’s compliance with cybersecurity contract requirements
  • Validation and Monitoring of Plan of Action and Milestones (POA&Ms)
  • Compliance recommendations for organizations and information systems that are in scope.
  • Continuous compliance monitoring. 

Cybersecurity Advisory for Export Control Compliance

  • Scoping and gap analysis for your organization and its in-scope information systems.
  • Provide an advisory opinion supporting the compliance determinations and scoping rationale. 
  •  Support in implementing applicable contract obligations and security controls.
  • Support in developing documentation, including preparation of POA&M and SSP

Why Choose Us?

Over the years, we have helped organizations assess their capability to implement cybersecurity programs and control technical data in line with EAR, ITAR, and other export control directives. By Choosing Cleared Systems, you can rest assured that you will get a cybersecurity implementation that meets your export control obligations, whether you are a prime contractor, small manufacturer, or a CSP.

Share in Social Media

case studies

See More Case Studies

microsoft 365 GCC High

What is GCC High? For ITAR & CMMC 2.0

Microsoft 365 Government Community Cloud (GCC) High is a specialized cloud solution tailored for U.S. federal, state, local, tribal, and territorial government organizations, as well as for contractors who hold or process data subject to specific security regulations. In this article, we will explore the features, benefits, and differences between Microsoft 365 GCC High and other Office 365 offerings.

Learn more
Contact us

Partner with Us for Compliance & Protection

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?
1

Schedule an initial meeting

2

Arrange a discovery and assessment call

3

Tailor a proposal and solution

How can we help you?