.svg)
This table defines the ITAR rules covered in FileCloud's Compliance Center, explains what steps you must take to be in compliance, and describes how FileCloud validates each rule.
|
Rule (click to see text) |
Description |
Steps for complying |
Validation |
|---|---|---|---|
|
Identify which documents are defense articles. |
In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies defense articles.
|
If the metadata set exists and is enabled, status is OK; if not, status is Issues. |
|
|
Identify which files contain technical data. |
In the Compliance Center, click the Edit button for the rule, and select a metadata set with a tag that identifies technical data.
(To carry out compliance, you must use smart classification to apply the metadata tag to technical data.) |
If the metadata set exists and is enabled, status is OK; If not, status is Issues. |
|
|
Only allow access to the system from within the US. |
In the Compliance Center, click the Edit button for the rule, and select a DLP rule that blocks users from logging in from outside locations. Only DLP rules for the LOGIN action are available for selection. |
If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from outside the US, status is Issues. |
|
|
Only allow US residents to access the system. |
Enabling the rule to confirm that your system checks if all users are US residents is all that is necessary to pass the compliance check. |
None |
|
|
Do not permit public sharing. |
|
If the DLP rule exists and is enabled and there are no existing public shares, status is OK; if not, or if modifications to the rule allow public shares, status is Issues. |
|
|
Allow at least one user access to the Compliance system. |
To enable at least one user to manage the Compliance Center:
|
If one or more Admin users have access to the Compliance Center, status is OK; if not, status is Issues. |
|
|
Prevent unauthorized access to data by non-US residents. |
Install FileCloud with an enterprise license or a license that includes a Digital Rights Management (DRM) component.
|
If a proper license is installed, status is OK; if not, status is Issues. |
|
|
Prevent data from being shared with non-US entities. |
Remove any existing public shares or change them to private. |
If any public shares exist, status is Issues. |
|
|
Confirm that data is only transferred between US entities. |
|
If HTTPS is not used, storage is not fully encrypted, or any existing files are not fully encrypted, status is Issues. |
|
|
Keep decryption methods secure. |
Enabling the rule to confirm that decryption keys are kept confidential in your system is all that is necessary to pass the compliance check. |
None. |
|
|
Ensure that proper permission is given if data is shared with non-US entities |
|
If Share Mode is Allow All Shares or any public shares exist, status is Issues. |
|
|
Maintain records of all data shared with non-US entities |
In the Admin portal, go to Settings > Admin and set the Audit Log Level to FULL. |
If Audit Log Level is set to OFF or REQUEST, status is Issues. |
|
|
Deny access to the system by prohibited countries |
In the row for the rule in the Compliance Center, click the Edit button and select a DLP rule that blocks users from logging in from those countries.
|
If the DLP rule exists and is enabled, status is OK; if not, or if modifications to the rule allow log in from those countries, status is Issues. |
|
|
Confirm that reports of violations of compliance rules can be exported. |
Enabling the rule to confirm that there is functionality to export reports of compliance rule violations from this page is all that is necessary to pass the compliance check. |
None |