ITAR Compliance

Attention reader – This is notes that will eventually be turned into a general purpose document at a later date.

ISU EAR/ITAR policy definition:



  • encrypted hard drives
  • anti-virus mandate.
  • data loss prevention
  • Data controls (restrict USB ports, CD/DVD ROMS, locked PC case)
  • 2 factor authentication.
  • no local admins
  • intrusion detection system (IDS)
  • private network – ? Would a GW for Zion cluster be allowed
  • no NetBIOS name broadcasts
  • USER TRAINING,  verbal and in writing.
  • no auto-mounting
  • Two-factor authentication:
    • Something the user knows (e.g., password, PIN, pattern);
    • Something the user has (e.g., ATM card, smart card, mobile phone); and
    • Something the user is (e.g., biometric characteristic, such as a fingerprint).



  • Use file system or block level encryption?
  • What multi-factor authentication solutions work best?
  • Does ISU maintain US National status in AD or other group?
  • Does ISU provide group policies to harden MS directory clients? What policies should be set in such a policy?  (no auto-mount, mandate AV, etc)

Linux storage encryption

File system level

Block level