Information that has been provided to a company directly by a U.S. Government (USG) agency, including DOD, or through another company must be controlled in accordance to USG stipulated controls and safeguards to protect this information from unauthorized access.
The National Industrial Security Program Operations Manual (NISPOM) provides specific requirements, restrictions, and other safeguards to protect classified information. Companies need to ensure that they have internal controls that meet the requirements of the NISPOM.
Unclassified Information including technical data with DOD identified controls (DOD Distribution Statement A – X authorization and restrictions) and under the control of DOD must be controlled in compliance with DOD Directive 5230.25. A company in possession of DOD technical data with an assigned Distribution Statement or in receipt of technical data from other companies who have identified the applicability of DOD Distribution Statement controls must ensure that their internal controls are in compliance with DOD control requirements.
USG Controlled Unclassified Information (CUI) under the control of a company must be safeguarded in compliance with DOD (DFAR) 252.2047012 and standards detailed in the National Institute of Standards and Technology (NIST) publication 800-171.
In addition to required internal controls safeguarding technical data, these regulations also contain standards and requirements for identifying and reporting Cyber Security Incidents.
This Blog is made available by Wilmarth & Associates for educational purposes as well as to give you general information and a general understanding of export law and compliance, not to provide specific legal advice. This blog is not legal advice and should not be treated as such. You must not rely on this blog as an alternative to legal advice from your attorney or other professional legal services provider. The information provided on this website is presented “as is” without any representations or warranties, express or implied.