We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byShayna Moles
Modified about 1 year ago
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1 1 Misty Rutter Global Trade Business Engagement October 6, 2010 ENCRYPTION UPDATE
© Copyright 2010 Hewlett-Packard Development Company, L.P. 2 HP AT A GLANCE –Stanford University classmates Bill Hewlett and Dave Packard founded HP in 1939. The company's first product, built in a Palo Alto garage, was an audio oscillator. –Fortune 9 U.S. –Fortune 32 Global –304,000 employees –$114.6 billion USD in revenue for FY09 –Operates in approximately 170 countries worldwide headquartered in Palo Alto, CA –HP is the largest IT company on the planet! –Our new CEO Leo Apotheker joined HP on September 30, 2010
© Copyright 2010 Hewlett-Packard Development Company, L.P. 3 HP –No other company offers as complete a technology product portfolio as HP. We provide infrastructure and business offerings that span from handheld devices to some of the world's most powerful supercomputer installations. –HP's three business groups drive industry leadership in core technology areas: The Personal Systems Group: business and consumer PCs, mobile computing devices and workstations The Imaging and Printing Group: inkjet, LaserJet and commercial printing, printing supplies Enterprise Business: business products including storage and servers, enterprise services and software LET’S DO AMAZING
© Copyright 2010 Hewlett-Packard Development Company, L.P. 4 ENCRYPTION RULE REFORM –Interim final rule published in the Federal Register June 25, 2010 –Made the most confusing part of the EAR even more confusing even if it did “simplify” some of the requirements!
© Copyright 2010 Hewlett-Packard Development Company, L.P. 5 WHAT CHANGED? –Removed encryption review (CCATS) requirements for less sensitive encryption items Also removed post-export semi-annual reporting for these items –Established new registration process for companies who export encryption without prior review, for cryptography items transferred under License Exception ENC and for mass market items –Established an annual self-classification reporting requirement for items self-classified under the new company registration –Authorized transfers of most encryption technology to non-government end-users under License Exception ENC, except to D:1 and E:1 countries –Decontrols so-called "ancillary cryptography" items (Note 4) – removed from Cat5 Part2 altogether. Now EAR99 unless another category applies (includes encryption for copyright protection) –Expanded ability export 5E002 technology
© Copyright 2010 Hewlett-Packard Development Company, L.P. 6 REGISTRATION/REVIEW/REPORTING Requirements Matrix Encryption Registration Annual Self- Classification Report 30 Day Review Semi-Annual Reporting ENC A ENC B1XX ENC B2XXX ENC B3XXb3iii ENC B4 MMR B1XX MMR B3XX MMR B4
© Copyright 2010 Hewlett-Packard Development Company, L.P. 7 IF YOU’RE NOT SURE YOUR ITEM MEETS B1: –You can still submit a formal CCATs request. –B1 items do not get forwarded to NSA Quicker turnaround –If you are just doing proper “Bundling” without changing the manufacturer’s product, you do not have to register –Self Classification also applies to Mass Market items except items listed in 742.15 B3 (Note items in 740.17 B2 and 740.17 B3 are not eligible for MM)
© Copyright 2010 Hewlett-Packard Development Company, L.P. 8 B2 AND B3 ITEMS – STILL REQUIRE REVIEW B2 Items include: –Network infrastructure products described in 740.17(b)(2)(i)(A); –Encryption source code; No longer required to submit copy of source code with request –Products designed, modified, adapted or customized for “government end-user(s)”; –Commodities and software that provide penetration capabilities; –Public safety / first responder radio (e.g., P25 or TETRA); –5E002 encryption technology –Remember Dormant and Disabled encryption is still covered under Cat 5 Part 2 –Added penetration testing software to B2
© Copyright 2010 Hewlett-Packard Development Company, L.P. 9 B2 AND B3 ITEMS – STILL REQUIRE REVIEW B3 Items include: –Chips, chipsets, electronic assemblies; –Cryptographic libraries and modules; –Development kits; –Products with “non-standard cryptography”; –Items that perform vulnerability analysis, network forensics, or computer forensics as described in 740.17(b)(3)(iii). –Products that activate or enable encryption
© Copyright 2010 Hewlett-Packard Development Company, L.P. 10 HOW TO FILE A CCATS REQUEST –Register for SNAP-R –Go to the main SNAP-R screen and select Classification Request, then check the encryption checkbox –Block 9 - pull-down list in the special purpose box, select License Exception ENC –Block 14-15 Be sure the information in these blocks is complete and correct, because this is where the official response from BIS will be sent. If both blocks are filled in, the official response will be sent to the individual or entity identified in Block 15. –Block 22(a) Enter 5A002 for hardware, 5D002 for software, or 5E002 for technology. –Block 22(c) Enter the product name with model number, if available. –Block 22(i) Enter the name of the manufacturer. If you will sell the product under your company's label, then enter the name of your company in the manufacturer block. –Block 22(j) Provide a brief technical description including the basic purpose of the encryption item (e.g., XYZ is a PDA used for...) and the type of encryption used in the software (e.g., 168-bit Triple DES for secure e-mail, 1024-bit RSA for key exchange). Comments such as ''see letter of explanation" or ''see brochure" are not sufficient. The information identified in this block is entered directly into the BIS license application database, and will be printed on the official response issued by BIS. A brief technical description is essential. All other blocks or block portions appropriate for review requests should be completed in accordance with Part 748 of the EAR. –Block 24 Insert your most recent encryption registration number (ERN).
© Copyright 2010 Hewlett-Packard Development Company, L.P. 11 SUPPORTING DOCUMENTATION –Prepare a PDF document containing the information and documentation described in Supplement No. 6 to Part 742Supplement No. 6 to Part 742 Create a Supp. 6 template for use on all CCATs – get engineering support to complete the template for new products (or changes in existing products) –Letter of explanation – provide detailed description of items for classification and supporting argument for classification you believe applies –Technical specifications, datasheets, brochures –Submit in electronic (pdf) format
© Copyright 2010 Hewlett-Packard Development Company, L.P. 12 FOR HARDWARE OR SOFTWARE “ENCRYPTION COMPONENTS” OTHER THAN SOURCE CODE –(1) Reference the application for which the components are used in, if known; –(2) State if there is a general programming interface to the component; –(3) State whether the component is constrained by function; and –(4) Identify the encryption component and include the name of the manufacturer, component model number or other identifier.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 13 FOR ENCRYPTION SOURCE CODE –(1) If applicable, reference the executable (object code) product that was previously classified by BIS or included in an encryption registration to BIS; –(2) Include whether the source code has been modified, and the technical details on how the source code was modified; and –(3) Upon request, include a copy of the sections of the source code that contain the encryption algorithm, key management routines and their related calls.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 14 MASS MARKET REQUESTS –Determine that the products are mass marketed encryption components (chips, electronic assemblies, crypto libraries), toolkits, development kits, and non-standard crypto items described in 742.15 (b)(3) of the EAR. –Additional Supporting Documents: Demonstrate that the commodities and software meet the criteria of the Cryptography Note [Note 3 of Category 5, Part 2, of the Commerce Control List (Supplement No. 1 to Part 774 of the EAR)]. Compare your product with the Cryptography Note criteria and state specifically where and how it is mass marketed.Category 5, Part 2
© Copyright 2010 Hewlett-Packard Development Company, L.P. 15 CCATS –Once you submit in SNAP-R you will receive a Case number beginning with “Z”. Refer to this number in any communications with BIS on your CCATs request. –No longer have to mail copy of CCATs package to NSA Encryption Review Coordinator. NSA now has access to SNAP-R!
© Copyright 2010 Hewlett-Packard Development Company, L.P. 16 REPORTING WHAT’S CHANGED? Semi-annual sales reporting (740.17(e) –No longer need to report 740.17 b3 items (Unrestricted) other than B3iii –Sales of items eligible for self classification under B1 are not required to be reported (see Annual Self-classification reporting requirements 742.17(c)) –Submit electronically to both BIS and NSA at email@example.com and firstname.lastname@example.org. email@example.com firstname.lastname@example.org
© Copyright 2010 Hewlett-Packard Development Company, L.P. 17 SELF CLASSIFICATION REPORTING –Submit Supplement 8 to Part 742 Remember: this report is just a list of products, not sales data –CSV file format –Can submit by email to BIS and NSA –Zip file acceptable –If not changes in the calendar year, can email statement “No changes” but recommend calling BIS to confirm receipt. Alternatively you can resubmit the prior year’s Supp. 8. You must file something every year if you exported. If no exports in the calendar year, no reporting required. –Reference your “R” in the Subject Line of the email –First report will cover 6/25/10 through 12/31/10.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 18 LICENSING –ELA (Export License Arrangements) conditions are now standardized –Least sensitive government end users – Biannual reporting –More sensitive government end users Include military, police, prisons and intelligence services Require Pre-shipment notification and/or inspection
© Copyright 2010 Hewlett-Packard Development Company, L.P. 19 BIGGEST IMPACT FOR HP –Dramatic reduction in number of transactions requiring semi-annual sales reporting (B3) –Ability to self classify many items upon registration – impact to bottom line no more 30 day wait
© Copyright 2010 Hewlett-Packard Development Company, L.P. 20 STILL TO COME –The June 25 rule was published as an Interim Rule. Final Rule will incorporate some of the 6 comments received (see FOIA website) http://efoia.bis.doc.gov/pubcomm/records-of comments/record_of_comments_encryption.pdf http://efoia.bis.doc.gov/pubcomm/records-of comments/record_of_comments_encryption.pdf –BIS advised at Update 2010 they hope to remove publicly available software from the EAR –Consistent with the administration export reform program, hope to turn Category 5 Part 2 into a “Positive” list –Work ongoing with HK TID on items “self-classified” when HK requesting copy of CCATs.
© Copyright 2010 Hewlett-Packard Development Company, L.P. 21 BIS ENCRYPTION TEAM CONTACTS Randy Pratt Director Ph: 202-482- 5303 E-mail: email@example.com Michael Pender Senior Engineer Ph: 202-482-2458 E-mail: firstname.lastname@example.org Anita Zinzuvadia Electrical Engineer Ph: 202-482-3772 E-mail: email@example.com Sylvia Jimmison Export Policy Analyst Ph: 202-482-2342 E-mail: firstname.lastname@example.org Aaron Amundson Export Policy Analyst Ph: 202-482-5299 E-mail: email@example.com Joe Young Senior Engineer Ph: 202-482-4197 E-mail: firstname.lastname@example.org Judith Currie Senior Export Policy Analyst Ph: 202-482-5085 E-mail: email@example.com
© Copyright 2010 Hewlett-Packard Development Company, L.P. 22© Copyright 2010 Hewlett-Packard Development Company, L.P. 22 Q&A
Michael Pender U.S. Department of Commerce December 14, 2011.
Andreas Teuchert, Arrow Central Europe GmbH Munich, 21st January, 2014 Encryption Export Controls.
1 Encryption Update Ken Delaporta, Director of Operations and Export Compliance.
Best Practices for CCATS & CJs October 25, 2012 Cindy Hollohan Sr. Manager, Empowered Official Corporate Trade Compliance.
Export Control Overview John R. Murphy Business Development Manager Sartomer Company October 4, 2004 Boston, MA.
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
By: Carol Martineau, Acting Assistant Manager, Aircraft Maintenance Division, AFS-301 Date: June 7, 2015 Federal Aviation Administration ASA Conference.
Revised 12/27/13 Supplier/Vendor Instruction Manual Presented by Department of General Services, Procurement Division Office of Small Business & DVBE Services.
FTR & ACE Transition Update Theresa Gordon International Trade Management Division U.S. Census Bureau.
CABLING SYSTEM WARRANTY REGISTRATION. PURPOSE OF CABLING REGISTRATION.
Chapter 12 Working in the Enterprise Discovering Computers 2016 Tools, Apps, Devices, and the Impact of Technology.
Journalism & Media Studies Graduate Student Culminating Work : Steps for Submitting to the Campus Digital Archive at USFSP November 21, 2011 by Carol Hixson.
Novartis Flu Kit Regulatory Discussion Presenter October XX, k Submission Overview Myraqa, Inc. August 22, 2012.
Copyright CovalentWorks Training Guide for Invoices MYB2B Powered by CovalentWorks.
Deemed Exports Overview and the Inspector General’s Report Presentation for : Office of National Security and Technology Transfer Controls Bureau of Industry.
POLYCOM CONFIDENTIAL Polycom Quotes on Demand Tool Partner User Guide Version 1.1.
Deemed Exports Erin Golsen Export Policy Analyst Office of Nonproliferation Controls and Treaty Compliance.
ABC School District JPMorgan Chase Purchasing Card Training Enter Date Here.
e-DMAS Consumer Web Order Entry (WEBOE8) An Enhancement For iSeries 400 DMAS from Copyright I/O International, 2003, 2004, 2005 Skip Intro.
CONTRACTUAL FLOW DOWN OF DPAS PRIORITY RATINGS. 2 What is DPAS? The Defense Priorities and Allocations System (DPAS) is used to prioritize national defense-
We have developed CV easy management (CVem) a fast and effective fully automated software solution for effective and rapid management of all personnel.
2000 U.S. Census Bureau Foreign Trade Statistics Regulations 15 CFR Part 30 **** U.S. Principal Party in Interest and Forwarding Agent Responsibilities,
Data protection—training materials [Name and details of speaker]
Business Intelligence (3 of 3): Technically Speaking, This is How We Did It PRESENTED BY.
FY2011 Other Education and General Program Accounts OVERVIEW OF “E” FUNDS.
Getting started using crystal 00 Month 2006 Insert security classification here.
U.S. General Services Administration Federal Acquisition Service U.S. General Services Administration GSA Federal Acquisition Service Industry Webinar.
Public Purchase Vendor Registration & Responding to a Bid Copyright © The Public Group, LLC - This document is confidential and intended only for the use.
February 2009 State of Georgia Release Management Training.
C-TPAT Security Link Portal Overview. Login Home Screen Partner Documents Discussion My Account Logout.
1 Olga King Jet Propulsion Laboratory Office Of Export Compliance April 27, 2011.
PCard Training Logging into the new PCard (PaymentNet) System: * Introduction * May use IE 8.0 or greater or Firefox * Do not.
Form 470 Step-by-Step Lorrie Germann, State E-Rate Coordinator.
OCR GCSE ICT B063 (2016) ‘PROGRESS LEISURE’ © ZigZag Education 2015 Photocopiable/digital resources may only be copied by the purchasing institution on.
Works Cardholder Tutorial Initial Login, Transaction Review, & Reports.
Lead Management Tool Partner User Guide March 15, 2013 Confidential.
Central Issuance Registry Presentation for End-Users November, 2008 Special Note: This presentation includes information on Datacard Group’s long range.
Digital Certificate Installation & User Guide For Class-2 Certificates.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Cindy Collins ETEC 665 Electronic Submissions Submitting Proposals Through Grants.Gov.
Five Steps in 5 Minutes Close deals faster, more easily, more often! 1.Start a Quote: Input deal amounts and review the available lease options 2.Create.
End-Use Verification. Military Items Dual Use and Commercial Items Controlled by the State Department Controlled by the Commerce Department.
ISO The International Security Standard. WHAT IS IT? “A comprehensive set of controls comprising best practices in information security” Comprises.
NSTS Internal Demo. Agenda 1.NSTS Release Summary 2.Functionality/Enhancements by User Group Licensee Agency Admin 3.Scenarios/Demo 2.
DRAFT Guidance for Industry: Providing Regulatory Submissions in Electronic Format – Drug Establishment Registration and Drug Listing Denise Sánchez, J.D.,
Export Rulings Requests from DDTC and BIS October 2012.
Contract Review and Approval Process. This course will consist of three classes Class 1: Contract review and approval process Class 2: Managing.
NIMAC for Accessible Media Producers: February 2013 NIMAC 2.0 for AMPs.
User Guide. Service Benefits Full on-line management of client accounts Paperless direct debit – no signatures required Standing orders fixed not.
AMAZON WEB SERVICES User Agreement Summary. The Services Free Services: These are the services we intend on using. They are collectively called the Amazon.
© 2017 SlidePlayer.com Inc. All rights reserved.