How do I enforce compliance for an export-controlled (ITAR) research project?
Principle
In tiCrypt, each asset has an encrypted resource key. Projects control compliance to the highest level by combining public key cryptography and access control mechanisms.
To enforce compliance for an ITAR-based project, you must use User certifications and tag all resources that belong to the project.
Practice
To tag a file by project, navigate to the tab then select the My Files section on the top left panel.
- Select the file you would like to classify.
- Click the
Change projectbutton in the top panel. - Follow the instructions from classify a file section.
Next, you may use the large project size workflow to add both security levels and requirements in place, then certify users via "User Certifications".
At some point, files in an ITAR project may become CUI and hence declassified by the project manager/admin.
To Declassify a file from project navigate to the tab then select the My Files section on the top left panel.
- Select the classified file you would like to declassify.
- Click the
Change projectbutton in the top panel. - Follow the instructions from declassify a file section.
To conduct a report of the ITAR project, you may have to contact your audit team who can generate that for you. Reports can be generated using queries that contain all the necessary data to comply with an ITAR-level project.
Downloading files is limited and traced automatically in the audit logs.
To transfer data into an ITAR-level project, you should use SFTP inboxes.