The International Traffic in Arms Regulation (ITAR) was put in place by the Government to ensure materials being sent outside the United States are secure.The International Traffic in Arms Regulation (ITAR) is an export control for the United States Munitions List(USML), which contains articles, services, and related technology.
Microsoft Government Cloud AND ITAR
Microsoft has two primary solutions that offer the government compliance infrastructure necessary, while still offering the ease-of-use and core services that make Microsoft such a powerful cloud provider.
Office 365 GCC High & Azure Government are fully ITAR compliant offerings from Microsoft. They have been designed to meet the standards of ITAR to effectively secure and monitor data to reduce risk for agencies and contractors.
Remember, while these two solutions can enable government compliance, ITAR compliance is not simply delivered out-of-the-box. Nimbus Logic can assist you in setting up the correct policies, agreements & system architecture needed for ITAR compliance.
Nimbus Logic and ITAR compliance
Nimbus Logic is only one of a small select group of Microsoft partners that can provide GCC High licensing to contractors under 500 seats. In addition to our Microsoft Government licensing, Nimbus Logic can also assist in becoming fully ITAR compliant by establishing the required cloud policies, architecture & monitoring required for compliance.
ITAR’s Impact to your Organization Data Management Practices
End-To-End Encryption: Encrypt email and files containing ITAR technical data within the client to prevent access by foreign cloud servers or personnel, effectively resolving geolocation and personnel permissions concerns.
Access Controls: Prevent unauthorized foreign access by setting expiration and disabling forwarding. Watermarking files containing ITAR technical data helps deter file-based leaks, but in the event of a data breach, users can revoke access to reduce the risk of foreign access.
Persistent Protection: Maintain control of attachments to prevent foreign access wherever they’re shared, ensuring ITAR compliance beyond the initial email.
DLP: Detect ITAR technical data in email and files and automatically enforce encryption and access controls.
Granular Audit: View when and where ITAR technical data has been accessed as it’s shared throughout the supply chain, and adapt controls for evolving collaboration and access requirements.
Customer Key Server: Host your own keys so that only authorized U.S. personnel can access the keys protecting ITAR technical data for ultimate control.