Export Control

 

Data Security

Export-controlled data often requires specific data security measures per Federal Regulation, Contract, Sponsor Provider and/or Institutional Policy. ITAR-controlled technical data typically requires enhanced controls on access, use, storage, transmission, and disposal. In some cases, EAR-controlled data may require a similar level of security.

 

Likewise, federal information security standards for Controlled Unclassified Information (CUI) apply to both export-controlled and other types of data. Examples of such requirements include compliance with 32 CFR Part 2002, DFARS 252.204.7012, NIST SP 800-171, etc.

 

OSU personnel who receive, use, and/or generate export-controlled data (ITAR or EAR-controlled) must carefully consider what (if any) data security requirements apply to such data. The Office of Research Security and Regulatory Trade Compliance (OReSTCO) can assist personnel with determining which data security requirements apply to export-controlled and other sensitive data, and how to adequately implement controls through a Technology Control Plan (TCP).

 

Note: if you are applying for a sponsored research project or are collaborating in a project that includes export-controlled data and/or CUI data security requirements, please coordinate with the Office of Research Security and Regulatory Trade Compliance (OReSTCO) as soon as possible. OReSTCO will assist in developing a System Security Plan for your project that addresses data security requirements.

 

For international travel with laptops and other electronic devices, please review the Travel page for more information.