Guidance for Safeguarding of Export-Controlled Items
Conditions Required by the Office of the Provost
Approval is required from the Office of the Provost for export-controlled item(s) to be brought to campus. Approval is provided on a case-by-case basis and upon recommendation by the Director of Export Compliance.
Proper precautions shall be taken to protect export-controlled items even while they are in use in a laboratory. These include, but are not limited to, keeping access doors locked and posting warning signage, and limiting access to all unauthorized personnel. No Foreign Person shall have access to a laboratory while it is being used for an export-controlled experiment, unless that Foreign Person has been granted a license or other exception for that project.
Caltech undergraduate students shall not be given access to ITAR export-controlled items, as that would jeopardize their ability to publish and would put them at risk of an export violation. Prior approval from the Office of the Provost is required before such access can be granted.
When transferring ITAR-controlled technical data or technical information to authorized Foreign Parties, the following notice must be placed on all documents or technical data to be transferred:
"Information included herein is controlled under the International Traffic in Arms Regulations ("ITAR'') and is being released under U.S. Department of State export license # TA NNNN-YY. Re-transfer of this information to any other Foreign Person or foreign entity requires an export license issued by the U.S. Department of State."
Include the appropriate export compliance marking at the foot of each page. If this is not practical, please put the marking statement on the cover and then each subsequent page should have this statement:
"All information on this page is subject to the limitations contained on the cover sheet."
All export-controlled items must be secured in locked storage containers when not in the personal possession of the approved project personnel.
Detailed requirements, based on Department of Defense mandates, for the proper safeguarding of export-controlled information, are given in the IMSS link:
The following is a brief summary of these requirements:
Export-controlled information that is to be shared among two or more people must be housed on an IMSS-run server designated for this purpose. See managed hosting for export controlled data for additional details.
Export-controlled information must not be accessed from shared, public computers, or posted on public websites or websites that rely solely on IP addresses for access control.
All export-controlled information must be encrypted if stored on mobile computing devices such as laptops or PDAs. External portable hard drives, flash drives or CDs/DVDs may be used for the storage of export-controlled information, since these devices can easily be locked in a storage container when not in use. However, these media must be encrypted.
Export-controlled information must be encrypted for electronic transmission or emailing. Secure file transfer methods (ssh/scp/sftp/ssl) and/or strong encryption (AES-256) are acceptable for the electronic transfer of export-controlled information. The preferred encryption tools are PGP or GPG, although WinZip or 7-Zip may also be employed, provided that a strong password is used, and that it is transmitted securely and independently from the transmission of the export-controlled data (for example by text message or telephone).
The Caltech Office of Export Compliance (OEC) is available to provide guidance for the safeguarding of export-controlled items, contact us here.