We talk to a lot of aerospace and defense companies. One of their biggest challenges is meeting ITAR compliance. The US government created the International Traffic in Arms Regulations (ITAR), governing the export and import of defense related material and technologies. US companies can face multi million dollar fines if they provide non-US citizens with access to ITAR-protected products or information. A lot of the information that needs to be protected is in the form of technical documentation or diagrams etc. This is where SharePoint comes in. Becuase SharePoint is quickly becoming a very popular choice for document management, these organizations are facing the challenge of making this information secure in SharePoint. Item level security can be difficult to configure and maintain in SharePoint. That's why the addition of our Metadata Security for SharePoint product can make
ITAR complaince in SharePoint much easier.
Often when an ITAR related project is started in an organization, it will be assigned a special project code. Documents and information created by the project can be tagged with this code to identify the information as belonging to the project.
Let’s say we have a new
ITAR project which has been given project code
ITAR-621. Documents saved or uploaded into SharePoint related to this project would be tagged as "
ITAR-621" by using a custom column in SharePoint. Users can be prompted for these tags by forcing input for the column when a document is saved.
Now what we want to do is ensure that all of the documents tagged as [/b]ITAR-621[/b] in the library can only be viewed by a specific set of users that have been cleared to work on this project. This group would be screened to make sure it does not contain any individuals who may be citizens of countries that are called out in
ITAR as not being allowed to view
ITAR material. This group can be configured in Active Directory or SharePoint itself. Let's call this group the "Allowed Group"
In order to facilitate the security for these documents, our Metadata
SharePoint Security product can be used. Using our product the administrator would define a security rule as follows - "Whenever the Project tag equals ITAR-621 assign permissions only to the Allowed Group". As a result, when users that are not members of the Allowed Group access the document library, they will not be able to see any documents tagged as ITAR-621. In our example they will only be able to see the one document in the library which was not tagged as an
ITAR-621 document.
Using SharePoint along with the Titus Labs
Sharepoint Metadata Security product allows organizations to establish a productive and collaborative environment while also ensuring complaince with
ITAR regulations.
