We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byShayna Moles
Modified about 1 year ago
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1 1 Misty Rutter Global Trade Business Engagement October 6, 2010 ENCRYPTION UPDATE
© Copyright 2010 Hewlett-Packard Development Company, L.P. 2 HP AT A GLANCE –Stanford University classmates Bill Hewlett and Dave Packard founded HP in The company's first product, built in a Palo Alto garage, was an audio oscillator. –Fortune 9 U.S. –Fortune 32 Global –304,000 employees –$114.6 billion USD in revenue for FY09 –Operates in approximately 170 countries worldwide headquartered in Palo Alto, CA –HP is the largest IT company on the planet! –Our new CEO Leo Apotheker joined HP on September 30, 2010
© Copyright 2010 Hewlett-Packard Development Company, L.P. 3 HP –No other company offers as complete a technology product portfolio as HP. We provide infrastructure and business offerings that span from handheld devices to some of the world's most powerful supercomputer installations. –HP's three business groups drive industry leadership in core technology areas: The Personal Systems Group: business and consumer PCs, mobile computing devices and workstations The Imaging and Printing Group: inkjet, LaserJet and commercial printing, printing supplies Enterprise Business: business products including storage and servers, enterprise services and software LET’S DO AMAZING
© Copyright 2010 Hewlett-Packard Development Company, L.P. 4 ENCRYPTION RULE REFORM –Interim final rule published in the Federal Register June 25, 2010 –Made the most confusing part of the EAR even more confusing even if it did “simplify” some of the requirements!
© Copyright 2010 Hewlett-Packard Development Company, L.P. 5 WHAT CHANGED? –Removed encryption review (CCATS) requirements for less sensitive encryption items Also removed post-export semi-annual reporting for these items –Established new registration process for companies who export encryption without prior review, for cryptography items transferred under License Exception ENC and for mass market items –Established an annual self-classification reporting requirement for items self-classified under the new company registration –Authorized transfers of most encryption technology to non-government end-users under License Exception ENC, except to D:1 and E:1 countries –Decontrols so-called "ancillary cryptography" items (Note 4) – removed from Cat5 Part2 altogether. Now EAR99 unless another category applies (includes encryption for copyright protection) –Expanded ability export 5E002 technology
© Copyright 2010 Hewlett-Packard Development Company, L.P. 6 REGISTRATION/REVIEW/REPORTING Requirements Matrix Encryption Registration Annual Self- Classification Report 30 Day Review Semi-Annual Reporting ENC A ENC B1XX ENC B2XXX ENC B3XXb3iii ENC B4 MMR B1XX MMR B3XX MMR B4
© Copyright 2010 Hewlett-Packard Development Company, L.P. 7 IF YOU’RE NOT SURE YOUR ITEM MEETS B1: –You can still submit a formal CCATs request. –B1 items do not get forwarded to NSA Quicker turnaround –If you are just doing proper “Bundling” without changing the manufacturer’s product, you do not have to register –Self Classification also applies to Mass Market items except items listed in B3 (Note items in B2 and B3 are not eligible for MM)
© Copyright 2010 Hewlett-Packard Development Company, L.P. 8 B2 AND B3 ITEMS – STILL REQUIRE REVIEW B2 Items include: –Network infrastructure products described in (b)(2)(i)(A); –Encryption source code; No longer required to submit copy of source code with request –Products designed, modified, adapted or customized for “government end-user(s)”; –Commodities and software that provide penetration capabilities; –Public safety / first responder radio (e.g., P25 or TETRA); –5E002 encryption technology –Remember Dormant and Disabled encryption is still covered under Cat 5 Part 2 –Added penetration testing software to B2
© Copyright 2010 Hewlett-Packard Development Company, L.P. 9 B2 AND B3 ITEMS – STILL REQUIRE REVIEW B3 Items include: –Chips, chipsets, electronic assemblies; –Cryptographic libraries and modules; –Development kits; –Products with “non-standard cryptography”; –Items that perform vulnerability analysis, network forensics, or computer forensics as described in (b)(3)(iii). –Products that activate or enable encryption
© Copyright 2010 Hewlett-Packard Development Company, L.P. 10 HOW TO FILE A CCATS REQUEST –Register for SNAP-R –Go to the main SNAP-R screen and select Classification Request, then check the encryption checkbox –Block 9 - pull-down list in the special purpose box, select License Exception ENC –Block Be sure the information in these blocks is complete and correct, because this is where the official response from BIS will be sent. If both blocks are filled in, the official response will be sent to the individual or entity identified in Block 15. –Block 22(a) Enter 5A002 for hardware, 5D002 for software, or 5E002 for technology. –Block 22(c) Enter the product name with model number, if available. –Block 22(i) Enter the name of the manufacturer. If you will sell the product under your company's label, then enter the name of your company in the manufacturer block. –Block 22(j) Provide a brief technical description including the basic purpose of the encryption item (e.g., XYZ is a PDA used for...) and the type of encryption used in the software (e.g., 168-bit Triple DES for secure , 1024-bit RSA for key exchange). Comments such as ''see letter of explanation" or ''see brochure" are not sufficient. The information identified in this block is entered directly into the BIS license application database, and will be printed on the official response issued by BIS. A brief technical description is essential. All other blocks or block portions appropriate for review requests should be completed in accordance with Part 748 of the EAR. –Block 24 Insert your most recent encryption registration number (ERN).
© Copyright 2010 Hewlett-Packard Development Company, L.P. 11 SUPPORTING DOCUMENTATION –Prepare a PDF document containing the information and documentation described in Supplement No. 6 to Part 742Supplement No. 6 to Part 742 Create a Supp. 6 template for use on all CCATs – get engineering support to complete the template for new products (or changes in existing products) –Letter of explanation – provide detailed description of items for classification and supporting argument for classification you believe applies –Technical specifications, datasheets, brochures –Submit in electronic (pdf) format
© Copyright 2010 Hewlett-Packard Development Company, L.P. 12 FOR HARDWARE OR SOFTWARE “ENCRYPTION COMPONENTS” OTHER THAN SOURCE CODE –(1) Reference the application for which the components are used in, if known; –(2) State if there is a general programming interface to the component; –(3) State whether the component is constrained by function; and –(4) Identify the encryption component and include the name of the manufacturer, component model number or other identifier.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 13 FOR ENCRYPTION SOURCE CODE –(1) If applicable, reference the executable (object code) product that was previously classified by BIS or included in an encryption registration to BIS; –(2) Include whether the source code has been modified, and the technical details on how the source code was modified; and –(3) Upon request, include a copy of the sections of the source code that contain the encryption algorithm, key management routines and their related calls.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 14 MASS MARKET REQUESTS –Determine that the products are mass marketed encryption components (chips, electronic assemblies, crypto libraries), toolkits, development kits, and non-standard crypto items described in (b)(3) of the EAR. –Additional Supporting Documents: Demonstrate that the commodities and software meet the criteria of the Cryptography Note [Note 3 of Category 5, Part 2, of the Commerce Control List (Supplement No. 1 to Part 774 of the EAR)]. Compare your product with the Cryptography Note criteria and state specifically where and how it is mass marketed.Category 5, Part 2
© Copyright 2010 Hewlett-Packard Development Company, L.P. 15 CCATS –Once you submit in SNAP-R you will receive a Case number beginning with “Z”. Refer to this number in any communications with BIS on your CCATs request. –No longer have to mail copy of CCATs package to NSA Encryption Review Coordinator. NSA now has access to SNAP-R!
© Copyright 2010 Hewlett-Packard Development Company, L.P. 16 REPORTING WHAT’S CHANGED? Semi-annual sales reporting (740.17(e) –No longer need to report b3 items (Unrestricted) other than B3iii –Sales of items eligible for self classification under B1 are not required to be reported (see Annual Self-classification reporting requirements (c)) –Submit electronically to both BIS and NSA at and
© Copyright 2010 Hewlett-Packard Development Company, L.P. 17 SELF CLASSIFICATION REPORTING –Submit Supplement 8 to Part 742 Remember: this report is just a list of products, not sales data –CSV file format –Can submit by to BIS and NSA –Zip file acceptable –If not changes in the calendar year, can statement “No changes” but recommend calling BIS to confirm receipt. Alternatively you can resubmit the prior year’s Supp. 8. You must file something every year if you exported. If no exports in the calendar year, no reporting required. –Reference your “R” in the Subject Line of the –First report will cover 6/25/10 through 12/31/10.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 18 LICENSING –ELA (Export License Arrangements) conditions are now standardized –Least sensitive government end users – Biannual reporting –More sensitive government end users Include military, police, prisons and intelligence services Require Pre-shipment notification and/or inspection
© Copyright 2010 Hewlett-Packard Development Company, L.P. 19 BIGGEST IMPACT FOR HP –Dramatic reduction in number of transactions requiring semi-annual sales reporting (B3) –Ability to self classify many items upon registration – impact to bottom line no more 30 day wait
© Copyright 2010 Hewlett-Packard Development Company, L.P. 20 STILL TO COME –The June 25 rule was published as an Interim Rule. Final Rule will incorporate some of the 6 comments received (see FOIA website) comments/record_of_comments_encryption.pdf comments/record_of_comments_encryption.pdf –BIS advised at Update 2010 they hope to remove publicly available software from the EAR –Consistent with the administration export reform program, hope to turn Category 5 Part 2 into a “Positive” list –Work ongoing with HK TID on items “self-classified” when HK requesting copy of CCATs.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 21 BIS ENCRYPTION TEAM CONTACTS Randy Pratt Director Ph: Michael Pender Senior Engineer Ph: Anita Zinzuvadia Electrical Engineer Ph: Sylvia Jimmison Export Policy Analyst Ph: Aaron Amundson Export Policy Analyst Ph: Joe Young Senior Engineer Ph: Judith Currie Senior Export Policy Analyst Ph:
© Copyright 2010 Hewlett-Packard Development Company, L.P. 22© Copyright 2010 Hewlett-Packard Development Company, L.P. 22 Q&A
Sales Order Cycle Review Report Insert Date. Source: 2 Table of Contents Executive Summary 3 Objective, Scope & Procedures Performed4.
THE QUE GROUP WOULD LIKE TO THANK THE 2013 SPONSORS.
StaffShare Limited is a Social Enterprise Company WELCOME © Copyright StaffShare Limited December 2010 StaffShare and The Skill Exchange are registered.
Procurement Communications Reporting System PCRS.
SharePoint Governance Questions January 2014 ©2014 SUSAN HANLEY LLC.
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Confidentiality label.
Welcome to SuperFleet Manager Taking your fleet fueling to the next level.
1 | Weatherization Assistance Programeere.energy.gov Grantee Training for PY 2013 Application Process March 12 & 13, 2013.
How Safe is Your States Data? Virginias Common-Sense approach to Assessing Security.
Portsmouth/Paducah Project Office 2012 Annual Security Refresher Lexington Office 1 Paducah SitePortsmouth Site.
Windows 2008 Active Directory Configuration – Week 4 of 6 Microsoft Test: Mark McCoy MCSE, CNE, CISSP.
Are you protected with the necessary tools to run your rental business efficiently?
PrevNext | Slide 1 Welcome to MEGS The Michigan Electronic Grants System Comprehensive School Reform Application Last.
Information Systems Using Information (Higher and Intermediate 2)
PrevNext | Slide 1 MEGS Updates for School Year The Michigan Electronic Grants System Last Updated: 5/27/2004.
Got Inventory? Life of an Asset. Acquisition Added to Inventory Asset Management Disposal.
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
Cisco Commerce Workspace Distributor Quoting Training– September 2010 For (Distributor Users/DCAM/Cisco Distributor Operations) All Theaters Use Slideshow.
Time & Labor Management Solutions XactTime Overview.
PrevNext | Slide 1 Michigan Electronic Grants System MEGS MEGS Overview and Updates for Last Updated: 7/26/2007.
DITA Enterprise Content Metamodel. Introduction Objectives Develop a universal metamodel to describe typical business document content Identify reusable.
Using the STARS-SES Provider Annual Reporting System (PARS) Illinois State Board of Education.
SEED Lender Training May 3, FY 2012 SBA Approvals US 53,848 Guaranteed Loans = $21,865 billion 44,377 (7a) 9,471 (504s) Massachusetts.
NextEnd We believe that the employee is not a mere input of production but a real strategic resource whose loyalty is to be gained and preserved.
The External Auditors Perspective and use of Internal Audit Brent Currey Live Seminar 9:00am – 4:30pm October 12, 2011 Relationships backed by performance.
Customer Proprietary Network Information (CPNI) NCTIA Training Session May 23, 2007.
Interface Development: Integrating M&Ms Designer and Azteca Cityworks at the City of Concord, North Carolina June 2005 Copyright © 2005 O ne GIS, Inc.
10/10/2014 FDA Regulatory Requirements & The Food Safety Modernization Act Presented by Anna Benevente, Senior Regulatory Specialist Registrar Corp October.
Performance Evaluation HR Training Sessions May , 2013.
© 2016 SlidePlayer.com Inc. All rights reserved.