Chapter 3, Technology Transfer and Disclosure, discusses technology security and transfer requirements, export controls, disclosure of classified and controlled unclassified information, and system-specific release requirements for sensitive technologies frequently requested by partner nations.

Section

Title

C3.1.

Technology Transfer

C3.2.

Disclosure Of Classified Military Information

C3.3.

Export License And Customs Clearance

C3.4.

Visits, Assignments, And Exchanges Of Foreign Nationals

C3.5.

Release Of Information

C3.6.

Anti Tamper Policy

C3.7.

System-Specific Technology Release Requirements

C3.1.1. DoD Instruction (DoDI) 2040.02, International Transfers of Technology, Articles, and Services, requires that the DoD treat dual-use and defense-related technology as valuable national security resources, to be protected and transferred only in pursuit of national security and foreign policy objectives. These objectives include ensuring that: critical U.S. military technological advantages are preserved; transfers that could prove detrimental to U.S. security interests are controlled and limited; proliferation of weapons of mass destruction and their means of delivery are prevented; and diversion of defense-related goods to terrorists is prevented. At the same time, the sharing of defense technology, properly controlled, is a valuable way to ensure our allies and partners participate with the United States in future military operations. In applying export control and technology security policies, due recognition will be given to the importance of interoperability with allies and coalition partners and to impacts on the defense industrial base. DoD will apply export control and other technology security policies and procedures in a way that balances economic and scientific interests with those of national security. It is important that these considerations be taken into account prior to any commitment to disclose or release controlled defense-related information or technology. Table C3.T1. provides definitions for categories of controlled defense-related information and technology discussed in this chapter.

Table C3.T1. Classified and Sensitive Material Definitions

Title

Definition

Reference

Classified Information

Official information that has been determined, pursuant to Executive Order (E.O.) 13526 or any predecessor order, to require protection against unauthorized disclosure in the interest of national security and which has been so designated.

32 CFR 117

Communications Security (COMSEC)

Protective measures taken to deny unauthorized persons information derived from telecommunications of the USG relating to national security and to ensure the authenticity of such communications.

32 CFR 117

Controlled Cryptographic Item (CCI)

A secure telecommunications or information handling equipment ancillary device, or associated cryptographic component, that is unclassified but controlled. (Equipments and components so designated bear the designator “Controlled Cryptographic Item” or “CCI”).

DoD Manual 5200.01 Vol.1. DTM-04-009

Controlled Unclassified Information (CUI)

Information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies, excluding information that is classified under E.O. 13526 of December 29, 2009, or the Atomic Energy Act of 1954, as amended. (P.L. 83-703)

E.O. 13556

Critical Program Information (CPI)

U.S. capability elements that contribute to the warfighters' technical advantage, which if compromised, undermines U.S. military preeminence. U.S. capability elements may include, but are not limited to, software algorithms and specific hardware residing on the system, its training equipment, or maintenance support equipment.

DOD Issuance 5200.39

Foreign Government Information (FGI)

Information that is:

  1. Provided to the United States by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or
  2. Produced by the United States pursuant to, or as a result of, a joint arrangement with a foreign government or governments, an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both are to be held in confidence.

32 CFR 117

C3.1.2. Pre-Letter of Request Assessment Requests for Classified and Advanced Technology Release Decisions in Support of Security Cooperation Initiatives and Competitions. When potential sales of sensitive or classified defense articles or information will require inter-agency technology security and foreign disclosure (TSFD) release determinations are identified in the Foreign Military Sales (FMS) Sales Forecast within Categories of A or B, or when the Security Cooperation Organization (SCO) becomes aware of credible demand signals (i.e. written or verbal statements from senior procurement officials) indicating a probable submission of a Letter of Request (LOR) for Price and Availability (P&A) or Letter of Offer and Acceptance (LOA), or a Request for Information (RFI) or Request for Proposal (RFP) for such items, the SCO should develop a Pre-LOR Assessment Request (PAR), as described in Table C3.T2., to inform the inter-agency community and prepare the cognizant Implementing Agency (IA) to initiate TSFD processes for the timely release determinations. When no formal LOR is available, a PAR serves in place of an LOR and Country Team Assessment (CTA) as grounds for the IA to initiate applicable foreign disclosure and technology security release processes. Note that the PAR cannot be used as an LOR for any other purpose.

C3.1.2.1. In the preparation of the PAR, the SCO consults with the IAs, including their Foreign Disclosure Office for releasability and technical information, and the relevant Combatant Command (CCMD). When complete, the SCO forwards the PAR to the CCMD. As the PAR is an extraordinary process, a CCMD endorsement is required in each case to support initiation of the TSFD release processes. The CCMD comments in the endorsement on each of the elements in Table C3.T2. addressed in the PAR. The PAR and CCMD endorsement are forwarded to Joint Staff, the applicable IA, and the DSCA by the CCMD. This process forms the basis for a collaborative effort to analyze the recipient nation's military requirements in order to identify a capability that fulfills those requirements and initiates the DoD’s TSFD requirements to meet the partner's acquisition needs.

Table C3.T2. Pre-Letter of Request Assessment Requests for Classified and Advanced Technology Release Determinations - Required Information

#

Required Information

1

What are the military requirements and operational intentions or plans for the defense article(s) described below:

  1. Significant Military Equipment (SME) and Major Defense Equipment (MDE)
  2. Classified defense article(s)
  3. Communications Security articles(s)

2

Specify performance characteristics of the desired capabilities.

  1. Identify specific configuration.
  2. Are there any desired modifications or changes of the desired defense article from the U.S. standard configuration? If so, what and why?

3

What is the absorptive capacity of the proposed recipient (i.e., does the proposed recipient have the resources (financial, educational, doctrinal, etc.) to purchase, maintain, employ, and sustain the system in accordance with its intended end use?

4

How would the defense articles contribute to U.S. strategic and foreign policy goals?

5

What is the justification for number and type of defense articles that might be requested with an explanation of how the quantity endorsed is the minimum required consistent with the legitimate military requirements of the recipient?

6

What, if applicable, are the communications resources that the recipient nation would use to support its operations?

  1. Does the recipient nation require beyond line-of-sight flight operations?
  2. Will air-ground communications and/or data transfer require encryption (if so, commercial or National Security Agency (NSA) Type 1)?

7

Would the defense articles fulfill or contribute to a CCMD's requirement goals, and has it been identified in the CCMD's Capabilities Priorities for Partners (CPP)?

8

Explain how the classified and/or sensitive defense articles fulfills or contributes to a Department of State (State), Office of the Secretary of Defense for Policy (OSD (P)), or CCMD priority or critical requirement?

9

Is this the first introduction of this system or capability into the recipient's inventory or the region?

10

What is the anticipated reactions of neighboring nations to the introduction of the capability into the region? Neighboring countries with which the proposed recipient has had recent or historical issues must be addressed.

11

How would the proposed sale affect the relative military strengths of countries in the region and of the impact of the proposed sale on U.S. relations with the countries in the region?

12

What would be the extent of military interoperability on missions or training with U.S. Forces?

13

What is the availability of comparable systems from foreign suppliers? Is the defense article a DoD Program of Record? Does the proposed recipient have defense trade relations with potential adversaries of the United States?

14

What is the assessment of the nation's ability to account for, safeguard, operate, maintain, sustain, and support the sensitive or classified defense articles?

  1. What is the nation's maintenance concept? Two level? Three level?
  2. Does the nation expect it will provide local depot level repair or will it elect contractor provided depot level maintenance?
  3. What level of repairable stocks does the nation anticipate it will require?

15

Will the proposed recipient agree to a plan for end use monitoring for sensitive and advanced war fighting technology and what is the SCO's plan for compliance verification?

16

What training is required either in-country or in the United States, and what are the anticipated reactions resulting from the presence of U.S. trainers in-country?

  1. Approximately when, if elected, does the nation need to commence and end U.S.-based or in-country training?
  2. Will the nation need to participate in related U.S. armed services' user-groups, forums, or other U.S. Air Force (USAF)/U.S. Navy (USN)/U.S. Army (USA) programs concurrent with adopting these capabilities?

17

What is the possible negative impact of any in-country U.S. presence that might be required as a result of providing the requested defense articles?

18

Is the potential recipient a:

  1. Member of North Atlantic Treaty Organization (NATO)+?
  2. Coalition Partner?
  3. Signatory to a General Security Agreement (GSA)/General Security of Military Information Agreement (GSOMIA) or like agreement with the USG?
  4. Signatory to a Communications and Interoperability Security Memorandum of Agreement (CISMOA) or like agreement, if applicable?
  5. Signatory to a Basic Exchange and Cooperation Agreement (BECA) or like agreement, if applicable?

C3.2.1. Policy on Disclosure of Classified Military Information to Foreign Government and International Organizations. Department of Defense Directive (DoDD) 5230.11 implements National Disclosure Policy (NDP-1). It is U.S. national and DoD policy that Classified Military Information (CMI) is a national security asset that must be protected and shared with foreign governments only when there is a clearly defined benefit to the United States, when authorized by officials designated under the Directive and then only when all requirements of the Directive are met.

C3.2.2. Avoiding False Impressions. U.S. policy is to avoid creating false impressions of USG readiness to make available classified military materiel, technology, or information. Much military hardware is unclassified; however, its operation and maintenance or related training may involve sensitive classified information. Some classified information (e.g., sensitive compartmented information (SCI), communications security (COMSEC) information, etc.) may require approval outside of DoD and the National Disclosure Policy Committee (NDPC). Accordingly, proposals to foreign governments or international organizations that result from either U.S. or combined (U.S. and proposed recipient) initial planning, and that will lead to the eventual disclosure of classified military information, must be authorized in advance by designated disclosure officials in the departments and agencies originating the information or by the NDPC. This includes the release of unclassified Price and Availability (P&A) data. Furthermore, it must be explicitly stated and acknowledged that no U.S. commitment to furnish such classified information or materiel is intended or implied until disclosure has been approved.

C3.2.3. Disclosure Authorities. Under the terms of NDP-1, the NDPC is the central authority for formulating, promulgating, administering, and monitoring national disclosure policy. The Secretary of Defense and the Deputy Secretary of Defense are the only officials who may grant unilateral exceptions to NDP-1. However, in most cases, exceptions to policy are granted or denied by the NDPC. Under DoDD 5230.11, the Secretary of Defense has delegated disclosure authority to the Secretaries of the Military Departments (MILDEPs) and other DoD officials whose decisions must be compliant with NDP-1. They are required to appoint a Principal Disclosure Authority (PDA) at component headquarters level to oversee the disclosure process and a Designated Disclosure Authority (DDA) at subordinate command and agency levels to oversee disclosure decisions at their level when disclosure authority is delegated. Any commitment to disclosure or release of controlled defense-related information or technology must be authorized by the PDA or DDA unless authority is otherwise delegated in a Delegation of Disclosure Authority Letter (DDL).

C3.2.4. Disclosure Decisions. PDAs or DDAs evaluate proposals for disclosure of classified information relating to defense articles and services on a case-by-case basis in accordance with NDP-1, DoDD 5230.11, and MILDEP regulations. An affirmative disclosure decision requires consent of the PDA or DDA representing the DoD Component that originated the information and the written consent of the official having original classification authority for the information if the information has not already been marked by the originator for disclosure to the intended recipient government or international organization. The PDA or DDA must also ensure that the disclosure criteria, conditions, and limitations in DoDD 5230.11, are satisfied, including the existence of a bilateral General Security Agreement (GSA) concerning the mutual protection of classified information. In the absence of a GSA, the security requirements may be included in a program agreement (e.g., a co-production or cooperative development memorandum of understanding (MOU)), or in a program-specific security agreement described in Section C3.2.6. Disclosure authorizations for classified information are recorded in the National Disclosure Policy System (NDPS). The chief of the U.S. diplomatic mission must approve in-country release of all security assistance (SA) information to a purchaser.

C3.2.5. Tentative Security Assistance Plans and Programs. Classified planning information for budget and future years may be released to a foreign government or international organization to the extent it is necessary for participation in the SA planning process; it is necessary for development of related defense plans; the purchaser can maintain security precautions; and the purchaser uses the information only for the intended purposes. If the release involves classified information or Controlled Unclassified Information (CUI), the release must be approved by the supporting DDA. Classified dollar levels of proposed programs may be released only with permission of the Director, DSCA, and Department of State (State) concurrence. U.S. officials releasing information under this paragraph must ensure that the recipient understands that the release does not constitute a commitment by the United States.

C3.2.5.1. Foreign Military Sales Agreements. After a Letter of Offer and Acceptance (LOA) is approved, classified information regarding the quantity and projected delivery schedules for articles and services in Foreign Military Sales (FMS) agreements may be released to facilitate appropriate planning by the recipient, subject to assurance by the recipient that it will maintain adequate security precautions and use the information only for the purposes for which provided. Release is made only to purchaser government officials who require the information in their official capacity.

C3.2.6. Program Security Agreements. When there is no General Security of Information Agreement (GSOIA) or General Security of Military Information Agreement (GSOMIA) with a purchasing government, provisions for protecting CMI must be included in another related agreement. If, for example, the CMI is being released in conjunction with a co-production or cooperative development and production governed by an MOU, the provisions may be included in the MOU. LOAs, however, are not international agreements. If CMI is to be released in support of an FMS sale, and there is no GSOIA or GSOMIA, a program specific security agreement developed and approved by the Defense Technology Security Administration (DTSA) containing the security requirements must be concluded prior to discussion of CMI with the purchasing government. Depending upon the circumstances, this may take the form of a separate international agreement as defined by Department of Defense Instruction (DoDI) 5530.03 or by 22 CFR 181, or as a separate arrangement pursuant to the LOA. Questions concerning which form a program-specific security agreement should take should be directed to DSCA (Office of International Operations, Weapons Directorate (IOPS/WPN)), and the DSCA (Front Office, Office of the General Counsel (FO/OGC)). The agreement will contain, at a minimum, the provisions described in Figure C3.F1. below.

Figure C3.F1. Sample Text for a Program-Specific Security Agreement

C3.2.7. National Industrial Security Program. U.S. security depends on the proper safeguarding of classified information released to industry. The National Industrial Security Program (NISP) ensures that classified information released to cleared U.S. contractor facilities is safeguarded during all phases of the contracting, licensing, and grant processes. The NISP also applies to all classified information not released under a contract, license certificate, or grant, and to Foreign Government Information (FGI) furnished to contractors that requires protection in the interest of national security. 32 CFR 117 and Directive-Type Memorandum (DTM)-09-019 provides procedures used by DoD to ensure maximum uniformity and effectiveness in application of NISP policies to industry. 32 CFR 117 contains detailed security requirements for U.S. contractors’ use in safeguarding classified information. The National Industrial Security Program Operating Manual (NISPOM) is applied to industry by management’s execution of the DoD Security Agreement (DD Form 441), and by direct reference in the “Security Requirements” clause in the contract. The Defense Industrial Security Clearance Office (DISCO) verifies the eligibility of industry personnel to access classified defense information.

C3.2.8. USG Contracts with Foreign Firms. Implementing Agencies (IAs) may award (or permit a contractor to award) a classified contract to a foreign contractor if the classified information is releasable to the government of the foreign contractor under NDP-1. Foreign disclosure implications are identified by the program office and resolved by the supporting DDA prior to any announcements that could lead to foreign involvement. Classified information must be requested and transferred through government channels in compliance with the DoD Component documentary request procedures. Prior to any activity that may result in the disclosure of classified information to a foreign contractor, the IA will request that DSS Headquarters International Division seek a Facility Security Clearance Assurance (FSCA) from the security authorities of the foreign contractor. The FSCA verifies the facility security clearance of the foreign contractor and advises the other government that U.S. classified information is to be transferred to a contractor under its jurisdiction under the terms of the relevant bilateral security agreements with the other government. IA responsibilities are contained in 32 CFR 117 and DTM-09-019.

C3.2.9. Contracts Requiring Overseas Deliveries. When an IA places a contract with a cleared U.S. contractor for delivery of classified information or materiel to a foreign government, the IA is responsible for delivery. See Chapter 7 for more information regarding transportation of classified information.

C3.3.1. International Traffic in Arms Regulations Requirements. Department of State (State) policies and procedures for the permanent export of items on the U.S. Munitions List (USML), purchased under the Foreign Military Sales (FMS) program, are set forth in the International Traffic in Arms Regulations (ITAR). Export of USML items, including certain services and technical information, requires a license unless it is done via FMS. If marketing efforts involve the disclosure of technical data or temporary export of defense articles, the contractor must obtain the appropriate export license. The Defense Technology Security Administration (DTSA) researches and validates license applications for DoD.

C3.3.2. International Traffic in Arms Regulations Exemptions. The ITAR includes many exemptions from the licensing requirements. Some are self-executing by the contractor who is to use them and normally are based on prior authorizations. Other exemptions, such as the exemption in 22 CFR 125.4(b)(1), may be requested or directed by the DoD Component. Only a Principal Disclosure Authority (PDA) or Designated Disclosure Authority (DDA) has the authority to exercise certain of these exemptions in compliance with the National Industrial Security Program Operating Manual (NISPOM), (32 CFR 117) For an exemption to be used for follow-on support by a contractor, the Letter of Offer and Acceptance (LOA) and the contract must be specific regarding the exporter, the specific service or information to be provided, any sub-contractors involved, intermediate consignees, the end use, and the end user. Failure to fully document this information may result in program delays and requirements for obtaining additional export authorizations by the supporting contractor.

C3.3.3. Department of Defense-Sponsored Shipments of Foreign Military Sales Materiel.

C3.3.3.1. Export Requirements for Department of Defense-Sponsored Shipments. Exports are conducted pursuant to ITAR, Part 126. When classified materiel is involved, a Transportation Plan is required in accordance with ITAR, Part 126.6(c)(6). See Chapter 7 for procedures. Exports of FMS materiel through the Defense Transportation System (DTS) require entry of the Electronic Export Information (EEI) into the Automated Export System (AES). If a continental United States (CONUS)-located shipping activity offers shipments directly to commercial air carriers for lift to a purchaser's country, it may be necessary for the shipper to prepare the EEI to enable the materiel to depart CONUS. Item 16 in the EEI must contain "M"s to identify the materiel as FMS exports. The Census Bureau maintains a web page and customer assistance phone number to assist shippers with EEI preparation.

C3.3.3.2. Overseas Customs Clearance Requirements for Department of Defense-Sponsored Shipments. The purchaser is responsible for obtaining overseas customs clearances and for all actions and costs associated with customs clearances for deliveries of FMS materiel using DTS, including any intermediate stops or transfer points.

C3.3.3.3. Reporting of Foreign Military Sales Export Shipments for Department of Defense-Sponsored Shipments. All USG and DoD-sponsored shipments of FMS export materiel moving overseas within DTS are reported monthly to the Foreign Trade Division, Bureau of Census, Department of Commerce (DOC), by the Implementing Agency (IA) sponsoring the sale. The Census Bureau Shipment Report (CBSR) assures compliance with conditions under which exemptions are granted and satisfies the export data requirements of the U.S. DOC.

C3.3.3.4. Purchaser-Sponsored Shipments of Foreign Military Sales Materiel.

C3.3.3.4.1. Export License Requirements for Purchaser-Sponsored Shipments. An export license is not required when FMS materiel is transferred to the purchaser within the United States; however, Customs and Border Protection (CBP) must have currently implemented data for LOAs, including all Amendments or Modifications, prior to export of these shipments. This information is provided electronically by DSCA Security Cooperation Information Portal (SCIP) to CBP. A license is not required, but the purchaser must file EEI at the time of export in AES. Table C7.T1. outlines responsibilities for FMS purchasers and FMS freight forwarders. To export materiel, a freight forwarder must meet the requirements identified in Section C7.5. If a purchaser acts as its own freight forwarder, it must register with State Directorate of Defense Trade Controls (State (DDTC)) and file a statement that it will comply with the ITAR. If the materiel involves classified articles or data, a Transportation Plan is required. See 22 CFR 126.6. and Chapter 7 for requirements.

C3.3.3.4.2. United States Customs Clearance Requirements for Purchaser-Sponsored Shipments. The purchaser or its designated FMS freight forwarder must obtain customs clearances for FMS materiel exported from the United States. The purchaser's representative or freight forwarder prepares EEI using AES. EEIs must be filed with and authenticated by U.S. CBP at the primary port of exit. Laws and regulations concerning customs-related requirements for legally exporting USML items, including certain services and technical information are found on the DDTC web page, AES Direct web site, and in 22 CFR 123.22 and 22 CFR 126.6. All exports of FMS materiel from the United States must be reported to the U.S. DOC, as required by current Federal statutes or regulations.

C3.3.3.4.3. Overseas Customs Clearance Requirements for Purchaser-Sponsored Shipments. The purchaser is responsible for all actions and costs associated with obtaining overseas customs clearances for deliveries of FMS materiel to a purchaser's port of discharge (including delivery to third countries) using commercial means.

C3.3.3.4.4. Purchaser-Sponsored Shipments of Classified Foreign Military Sales Materiel. If a purchasing country proposes to take possession of classified defense articles purchased under the FMS program within the United States, it may still use the export exemptions in 22 CFR 126.6.

C3.3.3.4.4.1. Transportation Plan for Purchaser-Sponsored Shipments. The LOA must contain the requirement for, and describe the specific responsibilities for preparing, the Transportation Plan. The Transportation Plan must provide a specific description of the transfer arrangements and nationality of freight forwarders and carriers to be used, all of which shall be consistent with Department of Defense Manual (DoDM) 5200.01 Vol. 1, Directive-Type Memorandum (DTM)-04-009, DTM-04-010, and 32 CFR 117. A Transportation Plan is required for the use of any carrier, whether commercial or DTS. The Transportation Plan must be approved by the IA before delivery of the material. A detailed description and standardized format are available in Chapter 7.

C3.3.3.4.4.2. Foreign Government Representative. Classified materiel may be released only to a person who has been designated by the purchasing government in writing as its Designated Government Representative (DGR) or as its transfer agent (e.g., a cleared freight forwarder) that is used for onward movement to the point where custody of the shipment is assumed by the government’s DGR. The Military Assistance Program Address Directory (MAPAD) must be consulted for the verification of freight forwarders that have been approved to handle classified shipments. The identity of the transfer agent, carrier, and DGR is included in the Transportation Plan or in the Notice of Availability (NOA) (DD Form 1348-5) for individual shipments as identified in Chapter 7. An NOA for classified material is sent to notify a purchaser’s representative, as listed in the MAPAD, that classified material is ready for shipment. The purpose of the NOA is to delay release of materiel requiring special receipt and export processing. Each entity that has custody of a classified shipment shall be required to sign for the shipment in accordance with 32 CFR 117.

C3.3.4. Temporary Imports. When it is known at the time of LOA negotiation that items will be returned to the United States for any purpose, including maintenance, overhaul, repair, or other follow-on support, the LOA, contract, and original Transportation Plan must provide for the return shipment or other support, consistent with Chapter 7.

C3.3.4.1. Temporary Import of Unclassified Defense Articles. A Temporary Import License (ITAR Form DSP-61) is required for the import and re-export from the United States of unclassified defense articles that are not otherwise exempted by 22 CFR 123.4(a).

C3.3.4.2. Temporary Import of Classified Defense Articles. Unless otherwise exempted by 22 CFR 126.6, classified defense articles being temporarily imported and subsequently re-exported from the United States must be accompanied by ITAR Form DSP-85.

C3.3.4.3. Temporary Import of Offshore Procurements. Materiel procured outside of the United States under USG and DoD procurement actions for the FMS program must be imported and exported under a DSP-61 if it passes through the United States en route to the purchasing country unless an exception under 22 CFR 123.4 applies (22 CFR 123.4 exceptions do not apply to defense articles imported or exported from Canada that transit the United States). There are additional exceptions for Canada and Mexico under 22 CFR 123.19 and 22 CFR 126.5. The DSP-61, filed by the purchaser or its agent, is required whether the materiel is imported or exported intact, or is incorporated into another defense article that is subsequently exported to the purchasing country.

C3.3.4.4. Temporary Import of Defense Articles for Repair. Articles temporarily imported into the United States for overhaul, repair, modification, calibration, etc., are subject to the DDTC license approval requirements listed in 22 CFR 123.1 unless the temporary import and subsequent re-export qualifies for an exemption located in 22 CFR 120 to 130, such as in 22 CFR 123.4, 22 CFR 123.19, 22 CFR 126.5 or 22 CFR 126.6. When it is anticipated that FMS-origin unclassified articles will be returned to the United States for overhaul, repair, calibration, or modification, the import requirements should be included in the LOA for the original sale. For classified FMS-origin materiel the requirements should be included in the Transportation Plan, the LOA, or both. The FMS purchaser or its agent is responsible for filing documentation with the U.S. CBP upon entry of the FMS-origin materiel into the United States (on temporary import basis) for Repair and Return. The entry documentation must contain the statement:

“This shipment is being imported in accordance with and under the authority of 22 CFR 123.4.(a)(subsection____)”

C3.3.4.4.1. A complete list and description of the defense articles being imported must be included. The description includes quantity and value in U.S. dollars. When the materiel is subsequently re-exported, the purchaser or its agent must submit EEI, using AES Direct, to CBP that identifies 22 CFR 123.4 as the authority for the export and provide, as requested by CBP, the entry document number or a copy of the CBP document under which the FMS-origin defense article was imported on a temporary basis for Repair and Return. This requirement applies to both FMS customer-arranged shipments and shipments made through the DTS. IAs preparing FMS LOAs for Repair and Return programs should include a LOA note indicating the requirement for the foreign country to report imports and exports made under the LOA to CBP. See Appendix 6 on LOA Notes.

C3.3.4.5. Temporary Imports of Defense Articles without Subsequent Export of the Same Article. Under 22 CFR 123.4(b), a license is not required for the temporary import (but not the subsequent export) of unclassified defense articles that are to be incorporated into another article or modified, enhanced, upgraded, altered, improved or serviced in any other manner that changes the basic performance or productivity of the article. A DSP-5 is required for the re-export of these enhanced defense articles unless FMS exceptions apply.

C3.3.5. Permanent Imports. The Department of Justice (DOJ), Bureau of Alcohol, Tobacco, Firearms, and Explosives (BATFE), regulates the permanent import of defense articles, as listed in the United States Munitions Import List (USMIL) (27 CFR 447), (based on the USML), pursuant to the Arms Export Control Act (AECA) and implementing federal regulations. Permanent imports of defense articles into the United States require a permit through an approved BATFE Form 6 in accordance with 27 CFR Part 447, unless the import does not need a permit based on 27 CFR 447.41(c). See https://www.atf.gov for more information.

C3.4.1. Many disclosures of classified information occur as a result of visual demonstrations or verbal exchanges during meetings or visits. Department of Defense Directive (DoDD) 5230.20 contains standard procedures governing visits, assignments, and exchanges of foreign nationals to the DoD and to DoD contractor facilities over which the DoD Components have security responsibility. Approval of a classified visit by a Designated Disclosure Authority (DDA) is a disclosure decision and constitutes an exemption to the licensing requirements of the International Traffic in Arms Regulations (ITAR) if the visit meets certain requirements listed in 22 CFR 125.5. With few exceptions, visits and assignments requiring access to classified material are processed through the DoD Foreign Visit System (FVS) of the DoD Security Policy Automation Network (SPAN). One exception is for visits by students under Security Assistance-sponsored training programs where the DD Form 2285, “Invitational Travel Orders (ITO)” provides the necessary security information. Visits are categorized as one-time, recurring, or extended.

C3.4.1.1. One-Time Visit Authorizations. Approval of a one-time visit request permits a single, short-term (normally less than 30 days) visit for a specified purpose.

C3.4.1.2. Recurring Visit Authorizations. A recurring visit authorization permits intermittent visits over a specified period of time to support a government-approved license, contract or agreement, or other program when the information to be released has been defined and approved for release in advance by the USG.

C3.4.1.3. Extended Visit Authorizations. An extended visit authorization permits a single visit for an extended period of time (beyond 30 days) to support a foreign government contract or joint program (e.g., joint venture, representative to a joint or multinational program), or for a liaison officer, exchange officer, or cooperative program personnel under authorized international agreements. Before any commitment is made to assign a liaison officer to a cleared defense contractor facility in support of the sale of defense articles or services, the assignment must be coordinated with and agreed to by the contractor and the supporting Defense Security Service office in order to fix responsibility for security oversight. The specific terms of the assignment, including security responsibility, should be set forth in the supporting contract.

C3.5.1. Freedom of Information Act. Records containing security assistance-related information, including Letter of Offer and Acceptance (LOA) and Foreign Military Sales (FMS) procurement contracts, are released in accordance with the Freedom of Information Act (FOIA) (5 U.S.C. 552) as implemented in Department of Defense Manual (DoDM) 5400.07, Department of Defense Administrative Instruction (DoDAI) 108, and DoDM 5200.01 Vol. 1, Directive-Type Memorandum (DTM)-04-009, and DTM-04-010.

C3.5.1.1. Any request under the FOIA for an LOA or FMS procurement contract should be referred to the appropriate legal counsel of the DoD Component for action. Proposed final decisions to withhold or release, in whole or in part, LOAs already accepted or in preparation must be coordinated with DSCA (Front Office, Office of the General Counsel (FO/OGC)). The DoD Component need not coordinate an FMS procurement contract with DSCA.

C3.5.1.2. Under FOIA Exemption 4 (5 U.S.C. 552(b)(4)), commercial or financial information provided to the USG in confidence by a person (including an agency of a foreign government or a domestic or foreign business) may be exempt from disclosure to the public, if the information obtained from a party is protected from disclosure by certain legal privileges or is “confidential” (i.e., the party normally treated the information as private and reasonably was assured that the government would not publicly disclose the information). This exemption is intended to protect both the interests of commercial entities that submit proprietary information to the government and the interests of the government in receiving continued access to such data. Such information is to be marked “Controlled Unclassified Information (CUI)” in compliance with Department of Defense Instruction (DoDI) 5200.48. If the DoD Component determines that it may be required to disclose commercial information obtained from a person, corporation, or foreign government, it should notify the submitter of the information in accordance with DoDM 5400.07, and Executive Order (EO) 12600.

C3.5.1.3. Under FOIA Exemption 3 (5 U.S.C. 552(b)(3)) and 10 U.S.C. 130c, effective October 1, 2000, information provided by, made available by, or produced in cooperation with, a foreign government or international organization may be withheld from release. DoD Components must ensure the foreign entity has met all of the requirements outlined in the Section 130c in order to justify the withholding of information pursuant to the FOIA.

C3.5.2. Release of Unclassified Information. Except as provided in Section C3.2., unclassified information pertaining to systems for which the purchaser has been authorized release may be provided by the USG to the purchaser country or international organization, as appropriate, for purposes related to security cooperation.

C3.5.3. Foreign Government Information. Information provided by a foreign government (both classified and unclassified) in confidence is held in confidence. Similar information produced by the USG as a result of a joint arrangement with a purchaser is also held in confidence. DoDM 5200.01 Vol. 4, DTM-04-009, DTM-04-010, provides instructions for protecting such information. Foreign Government Information (FGI) is classified in accordance with DoDM 5200.01 Vol. 4, DTM-04-009, DTM-04-010. FGI classification decisions should be honored and under no circumstances modified without the express written consent of the Government that provided the information. Requests for mandatory review for the declassification of FGI are processed in accordance with DoDM 5200.01 Vol. 4, DTM-04-009, DTM-04-010.

C3.5.4. Technical Data.

C3.5.4.1. Definition of Technical Data. The International Traffic in Arms Regulations (ITAR) defines technical data as: information, other than software, that is required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance, or modification of defense articles. This includes information in the form of blue prints, drawings, photographs, plans, instructions, or documentation; classified information relating to defense articles and services; information covered by an invention secrecy order; and software, as defined in the 22 CFR 120.40(g), directly related to defense articles. Technical data does not include information concerning general scientific, mathematic, or engineering principles commonly taught in schools, colleges and universities, or information in the public domain. It also does not include basic marketing information on function or purpose or general system descriptions of defense articles.

C3.5.4.2. Release of Technical Data. Releasability of technical data is considered in the same manner as other potentially sensitive parts of the program. In accordance with 22 CFR 124.2, the release of ITAR controlled technical data without the need of a “Technical Assistance Agreement” to be approved by Department of State Directorate of Defense Trade Controls (DDTC) is limited to the provision of training in basic operations and maintenance of defense articles lawfully exported. This specifically excludes the release of technical data for training in support of intermediate and depot level maintenance. Release in support of intermediate and depot level maintenance must be reviewed to ensure that the Technical Data Package (TDP) does not contain information that can be used for design, development, or production of an item. CUI may be exempt from public disclosure under the Freedom of Information Act (5 U.S.C. 552) and must be reviewed in foreign disclosure channels before release to foreign Governments or international organizations.

C3.5.4.2.1. Release of United States Government-Owned Technical Data. USG-owned TDPs are released under FMS procedures and only in support of a specifically defined, lawful, and authorized USG purpose. The LOA must cover the full cost of preparation, reproduction, and handling of technical data.

C3.5.4.2.2. Release of Privately Owned Technical Data. Foreign representatives normally request release of privately owned technical data through commercial channels subject to export licensing requirements. If DoD Components release such information under a security cooperation program, the owner must authorize its release, and the data must be properly marked. The LOA must cover the full cost of preparation, reproduction, and handling.

C3.5.4.3. Requests for Technical Data Packages. TDP requests must specify whether the TDP is to be used for operating and maintaining U.S.-origin defense equipment; for study purposes to determine whether to request production authorization; or for production, follow-on development, or improvement of a U.S. defense article, component, or derivation thereof. The LOA must identify the approved purpose for which the TDP is provided. See Appendix 6 for exact note placement and wording.

C3.5.4.4. Restrictive Markings on Technical Data Packages. Implementing Agencies (IAs) must ensure the TDP includes markings showing the authorized rights, the security classification, and other restrictions or unauthorized uses. Each separate part of the technical information is marked. If individual part marking is not possible, TDP cover information provides the restrictions. DoDI 5230.24 and Department of Defense Directive (DoDD) 5230.25 provide DoD policy and procedures for marking and handling export-controlled technical data that are critical technology.

C3.5.4.4.1. Sale of Technical Data Packages for Operation and Maintenance. TDPs are sold for Operations and Maintenance (O&M) only if the IA verifies that the article was provided to the purchaser through authorized transfer and there is no other viable means of maintaining the U.S.-origin equipment. The IA provides the LOA (or other documentation that validates the authorized transfer of the U.S.-origin equipment) and Table C3.T3. information to the release and disclosure authority for use in making a release determination. If the proposed release involves classified information or CUI, the decision must be approved by a Designated Disclosure Authority (DDA) appointed pursuant to DoDD 5230.11. See Appendix 6 for the wording of a standard note included in LOAs that contain O&M TDPs.

Table C3.T3. Data Sheet for Technical Data Packages Transferred for Operations and Maintenance

#

Data Sheet for TDPs Transferred for Operations and Maintenance (O&M)

1

Nomenclature of hardware, major end item, or component, as applicable

2

Major assemblies or components in the TDP having USG patent or other proprietary rights not releasable without prior approval

3

Statement as to whether the TDP requirement could be met by means of pertinent DoD instructions, maintenance manuals, or other similar publications

4

In-country inventory of major end items requiring maintenance support derived from the requested TDP

5

Current status of DoD maintenance capability (e.g., is there an excess depot level capability at the DoD facility?)

6

Estimated date by which USG repair parts support terminates

7

Security classification of the TDP

8

Identification of any classified information or CUI

9

Verification of legal rights to release the TDP for this purpose

10

The DoD Component recommendation on releasing the TDP

11

Copies of pertinent correspondence with purchaser

C3.5.4.4.2. Sale of Technical Data Packages for Study or Production. TDPs are offered for study only when DoD is prepared to release the TDP for production. Foreign manufacture of U.S. equipment benefits the United States when it strengthens friendly defense forces, improves U.S. defense relationships, or enhances interoperability. It may also benefit the United States when it serves to maintain the purchaser’s defense industrial base or to improve general defense capabilities. Requests for TDPs for study or production are normally denied if an article is in limited supply or if foreign production would adversely impact the U.S. industrial base. The IA provides the LOA and information (as specified in Table C3.T4.) to the release and disclosure authority for use in making a release determination. If the proposed release involves classified information or CUI, a DDA appointed pursuant to DoDD 5230.11 must approve the decision. The purchaser can be provided technical data and authority necessary to operate and maintain or manufacture the defense article through an LOA, through an international agreement (such as for cooperative development), or through the combination of an LOA and a complementary international agreement in the form of a memorandum of understanding (MOU) or a memorandum of agreement (MOA). See DoDI 5530.03. See Appendix 6 for the wording of standard notes included in LOAs that contain TDPs for study or production.

Table C3.T4. Data Sheet for Technical Data Packages Transferred for Study or Production

#

Data Sheet

1

Nomenclature of defense article to be studied or produced

2

Quantity to be produced by, and production schedule of, the requesting government

3

Use of article to be produced, with names of third country purchasers if for third country sale

4

Stock on hand; show separately any quantity beyond approved acquisition objective

5

U.S. and foreign production history for last five years

6

Production plans

  1. underway
  2. approved, and
  3. proposed

7

Estimated date by which USG repair parts support terminates

8

Known U.S. source(s) of supply

9

USG cost of the article

10

Security classification of the TDP and of the article to be produced

11

Other countries authorized to produce the article

12

Anticipated impact of TDP sale on U.S., FMS, or other programs

13

Whether production recipients previously obtained the article and quantities obtained

14

Verification of legal rights to release the TDP for this purpose

15

TDP elements having patent or other proprietary rights not releasable without prior approval

16

Whether TDP requirement could be met by maintenance manuals or other publications

17

The DoD Component recommendation regarding release of the TDP

18

Attach copy of pertinent correspondence with purchaser

C3.5.4.4.3. Revisioning Services. After TDPs have been approved for transfer, revisioning services can be offered that provide purchasers updates as TDPs are revised. Revisioning services may appear as a separate line item on the LOA transferring the TDP, or they may be offered on a separate LOA. Revisioning services require a unique LOA note shown in Appendix 6. If previous TDP transfer notes on the case require updating, the revisioning services LOA must contain the complete current provisions required for initial transfer of the TDP.

C3.6.1. Anti-Tamper Policy Compliance. The USG reserves the right to incorporate Anti-Tamper (AT) technologies and methodologies in weapons systems and components that contain Critical Program Information (CPI)* offered under any security cooperation (SC) Program. In the normal course of system Research, Development, and Acquisition (RDA), the DoD Anti-Tamper Executive Agent (ATEA) approves a final AT plan prior to Critical Design Review (CDR), which is later subject to Validation and Verification (V&V) testing.

* U.S. capability elements that contribute to the warfighters' technical advantage, which if compromised, undermines U.S. military preeminence. U.S. capability elements may include, but are not limited to, software algorithms and specific hardware residing on the system, its training equipment, or maintenance support equipment.

C3.6.2. When preparing a response to a Letter of Request (LOR) for weapons systems or components containing CPI, the Implementing Agency (IA) will coordinate with the DoD ATEA (atexecutiveagent@pentagon.af.mil) to ensure that sensitive technology or program information is defended against unlawful exploitation or loss and that an approved AT plan is in place. The IA must ensure that any necessary AT sustainment mechanisms and associated costs are included in the Letter of Offer and Acceptance (LOA) and certify compliance with AT requirements on the LOA transmittal memorandum forwarded to DSCA (Office of International Operations, Global Execution Directorate, Case Writing and Development Division (IOPS/GEX/CWD)) for LOA processing.

C3.6.3. An LOA that includes any weapons system or components that contain CPI may not be offered until the DoD ATEA has issued written approval of the AT plan. If an AT plan has not already been established and approved for the system or components containing CPI, the Program Office must submit an AT plan to the DoD ATEA at least 60 days prior to planned offer of an LOA. The IA may not offer the LOA prior to receipt of written DoD ATEA (or designee) approval of the initial plan. V&V testing must be completed 60 days prior to hardware export. Exports of weapons systems or components that contain CPI may not be made until the DoD ATEA has issued final written concurrence of satisfactory V&V testing.

C3.7.1. Missile Technology Control Regime. The Missile Technology Control Regime (MTCR) is an informal and voluntary international political arrangement designed to control the proliferation of rocket and unmanned aerial vehicle (UAV) systems and associated equipment and technology capable of delivering weapons of mass destruction. Although the regime is a political commitment rather than a treaty with international legal obligation, many countries, including the United States, have passed laws restricting the export of MTCR-controlled items. See Arms Export Control Act (AECA), Chapter 7 (22 U.S.C. 2551).

C3.7.1.1. Missile Technology Control Regime Screening Process. Regime controls are applicable to all items on the United States Munitions List (USML) annotated with an (MT) per Introduction to the U.S. Munitions List (22 CFR 120.10). The Department of State (State), Department of Commerce (DOC), and DoD each has a role in regulating the export of MTCR-controlled items from the United States. DoD identifies MTCR-controlled items that purchasers have requested via Foreign Military Sales (FMS). To ensure technical reviews are standardized, reviewers must complete a DSCA-approved Missile Technology Proliferation Course. Implementing Agencies (IAs) maintain a roster of personnel trained and/or knowledgeable on MTCR controls to be updated and provided quarterly to DSCA (Office of International Operations, Weapons Directorate (IOPS/WPN)).

C3.7.1.1.1. Upon receipt of a Letter of Request (LOR), prior to Letter of Offer and Acceptance (LOA) development, the System Program Office (SPO), Program Manager (PM), or equivalent will perform a technical review of each LOA to identify MTCR-controlled items contained in the LOA or envisioned to be part of the associated program. (Special reporting requirements apply to bulk compounds (Item 4) and fuses (Item 2.A.1.f.))*

*The reviewer must report the compounds listed in Item 4 of the MTCR Annex if they are to be exported in bulk or in any other manner or form that might support the creation of a propellant for a missile or a UAV. However, the reviewer is not to report Item 4 explosive compounds if they are molded or poured into a form that precludes their use as rocket propellant (e.g., as a bursting, propelling, or gas generating charge in a shell, cartridge, squib, or actuator).

Even though all fuses meet the criteria of Item 2.A.1.f. in the MTCR Annex (i.e., “weapon or warhead safing, arming, fusing and firing mechanisms...”), the reviewer is not to report any common type munitions fuse as a possible MTCR controlled item unless the fuse in question is of an unusual type, a rough equivalent of which is not likely to be found in most foreign arsenals, or unless the fuse uses sophisticated means (e.g., radar) to determine burst height.

C3.7.1.1.2. The reviewer transmits a list of the MTCR-controlled items to the IA MTCR point of contact (POC) at the earliest opportunity to ensure minimal delays in the LOA processing time. This list includes: the case identifier; a general case description identifying major associated systems; the Military Articles and Services List (MASL) number of each MTCR-controlled item; the MTCR Annex Category and item identifier, the nomenclature of each item; and a detailed description of each item including the manufacturer.

C3.7.1.1.3. The IA MTCR POC verifies the list and forwards it via memorandum by email to DSCA (IOPS/WPN) at {Army: DSCA.NCR.STR.MBX.MTCR-USA-WEAPONS@mail.mil, Air Force: DSCA.NCR.STR.MBX.MTCR-USAF-WEAPONS@mail.mil, Navy: DSCA.NCR.STR.MBX.MTCR-USN@mail.mil}. The memorandum should include the name, telephone and fax number, and e-mail address of the IA MTCR POC.

C3.7.1.1.4. DSCA (IOPS/WPN) reviews and forwards the memorandum to the State, Deputy Director, Office of Chemical, Biological, and Missile Threat Reduction (MTR), Bureau of International Security and Nonproliferation (ISN), for review and approval. DSCA will relay State’s reply to the IA and the DSCA (Office of International Operations, Global Execution Directorate, Case Writing and Development Division (IOPS/GEX/CWD)).

C3.7.2. Missile Technology Control Regime Category I Intelligence, Surveillance and Reconnaissance Unmanned Aerial Vehicles/Unmanned Combat Aerial Vehicle. Below list is not inclusive.

  • RQ-1/MQ-1 Predator
  • MQ-9 Reaper
  • RQ-4 Global Hawk
  • MQ-4C TritonSky Warrior
  • North Atlantic Treaty Organization (NATO) Alliance Ground Surveillance (NATO AGS)

C3.7.2.1. USG policy stipulates a “strong presumption to deny” the transfer of MTCR Category I Intelligence, Surveillance and Reconnaissance (ISR) UAVs/Unmanned Combat Aerial Vehicles (UCAVs). If the Security Cooperation Organization (SCO) becomes aware that the host country is considering submission of an LOR for an MTCR Category I ISR UAV or UCAV prior to development and submission of an LOR for such a system, the SCO should initiate a requirements analysis and pre-screening. This process begins with a Security Cooperation Organization Assessment (SCOA) providing all elements of information in Table C3.T5. below. In the preparation of the SCOA, the SCO should consult and confer with the IAs, including the IA’s Foreign Disclosure Office; the Country Team; and the Combatant Command (CCMD). When complete, the SCOA will be forwarded to the CCMD for comment on each of elements 1-17 addressed in the SCOA in a subsequent CCMD Comment. The SCOA and the CCMD Comment should be forwarded to the Joint Staff/J5 and DSCA. This process forms the basis for a collaborative effort, to analyze the recipient nation’s military requirements in order to identify a platform/payload combination (manned aircraft, Cat II UAV/UCAV, or Cat I UAV/UCAV) that fulfills those requirements and complies with the MTCR and other USG security requirements. If the SCO is not able to develop the SCOA in advance of submission of an LOR for an MTCR Category I ISR UAV or UCAV, SCOA required information should be submitted as part of the Country Team Assessment (CTA). See Table C5.T1b.

Table C3.T5. Missile Technology Control Regime Category I Intelligence, Surveillance and Reconnaissance Unmanned Aerial Vehicles or Unmanned Combat Aerial Vehicle Security Cooperation Organization Assessment

#

Required Information

1

What are the military requirements and operational intentions or plans for the ISR UAV/UCAV that might be requested, to include:

  1. Description of the primary mission and secondary missions for the ISR UAV/UCAV?
  2. Extent of anti-terrorist, border patrol/coast guard, and/or humanitarian missions for the UAV/UCAV(s) endorsed.

2

Specify performance characteristics of the desired air vehicle in terms of range (kilometer (km), payload (kilogram (kg), payload performance parameters or desired capabilities, altitude ceiling (feet (ft), flight endurance (hrs)).

Are there any desired modifications or changes to the basic configuration for the desired air vehicle or payload?

3

How the ISR UAV or UCAV would affect the military capabilities of the proposed recipient, including the ability of the recipient effectively to field, support, and appropriately employ the system in accordance with its intended end use.

4

How the ISR UAV or UCAV would contribute to U.S. strategic and foreign policy goals.

5

Justification for number and type of ISR UAV/UCAV that might be requested with an explanation of how the quantity endorsed is the minimum required consistent with the legitimate military requirements of the recipient.

  1. What is the estimated or approximate monthly number of sorties and flight hours?
  2. Where will the ISR UAV/UCAVs be based?

6

What are the communications resources that the recipient nation would utilize to support its ISR UAV/UCAV flight operations?

  1. Does the recipient nation require beyond line-of-sight flight operations?
  2. Will air-ground communications and/or data transfer require encryption?

7

If applicable, would the ISR UAV/UCAV fulfill or contribute to NATO force goals?

8

Explain why an MTCR Category I ISR UAV or UCAV would fulfill the requirements and a manned aircraft or non-MTCR Category 1 ISR UAV or UCAV cannot.

9

Is this the first introduction of this system/capability to the recipient/region?

10

Anticipated reactions of neighboring nations to the introduction of the ISR UAV/UCAV capability into the region.

11

Analysis of how the proposed sale would affect the relative military strengths of countries in the region and of the impact of the proposed sale on U.S. relations with the countries in the region.

12

Extent of military interoperability missions/training with U.S. forces?

13

The availability of comparable systems from foreign suppliers.

14

Assessment of the nation’s ability to account for, safeguard, operate, maintain, and support the ISR UAV or UCAV.

  1. What is the nation’s maintenance concept? Two level? Three level?
  2. Does the nation expect it will provide depot level repair or will it elect contractor provided depot level maintenance?
  3. What level of repairable stocks does the nation anticipate it will require?

15

A plan for end use monitoring for sensitive and advanced war fighting technology and the SCO’s plan for compliance verification.

16

Training required either in-country or in the United States and anticipated reactions resulting from the presence of U.S. trainers in-country.

  1. How many pilots, sensor operators, and maintainers will it need to be trained either in-country or in the United States?
  2. Approximately when, if elected, the nation needs to commence/end U.S.-based training?
  3. Will the nation need in-country flight simulators? If so, how many?
  4. Will the nation need to participate in related U.S. Air Force (USAF)/U.S. Navy (USN) UAV user-groups, forums, or other USAF/USN programs concurrent with adopting a U.S. UAV.

17

Possible impact of any in-country U.S. presence that might be required as a result of providing the ISR UAV or UCAV.

18

Is the potential recipient a:

  1. Member of NATO?
  2. MTCR Partner?
  3. Signatory to the Nuclear Non-Proliferation Treaty?
  4. Signatory to the Chemical Warfare Convention?
  5. Signatory to the Biological Weapons Convention?

19

Has the SCO consulted with the Foreign Disclosure Office of the FMS IA regarding the need for disclosure of information actions in regard to a potential transfer of a Category I ISR UAV/UCAV?

20

Any additional information in support of, or that would recommend against, the transfer request.

C3.7.3. Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance.

C3.7.3.1. Definitions.

C3.7.3.1.1. Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance. Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance (C4ISR) encompasses systems, procedures, and techniques used to collect and disseminate information. It includes intelligence collection and dissemination networks, command and control networks, and systems that provide the common operational/tactical picture. It also includes information assurance products and services, as well as communications standards that support the secure exchange of information by C4ISR systems. Under the C4ISR umbrella, operators use systems to exchange digital, voice, and video data with appropriate levels of command. The two key aspects of C4ISR systems are access to secure networks controlled by Information Security (INFOSEC) products and services, and classified data processed on C4ISR networks. See Chairman of the Joint Chiefs of Staff Instruction (CJCSI) 6510.06 series (not for public release) for information on the release of U.S. INFOSEC products (Communications Security (COMSEC), cryptographic algorithms, cryptographic key material, security infrastructure) to foreign purchasers.

C3.7.3.1.2. Information Security. INFOSEC is the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document and counter such threat. INFOSEC is applied through the application of Cybersecurity and COMSEC.

C3.7.3.1.3. Communications Security. COMSEC is the measures and controls taken to deny unauthorized persons’ information derived from telecommunications and other information systems, and technologies necessary to ensure the authenticity of such communications. COMSEC includes cryptographic security, transmission security, emissions security, and physical security of COMSEC material. Secure telecommunication or information system cryptographic components are the primary COMSEC products for transmission security and commonly called COMSEC devices or products. COMSEC devices are designated Controlled Cryptographic Items (CCI).

C3.7.3.1.4. Controlled Cryptographic Item. CCIs are devices approved by the National Security Agency (NSA) that embody cryptographic logic or other cryptographic design, but do not perform the entire COMSEC function. CCIs are dependent upon host equipment or assemblies to complete and operate COMSEC functions. Un-keyed CCI is unclassified. An item may be designated CCI because its entire component is controlled (e.g. Inline Network Encryptor (INE)), or because the item contains an embedded cryptographic NSA Type-1 certified module to encrypt/de-encrypt information (e.g. secure radio).

C3.7.3.2. Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance Responsibilities. Table C3.T6. lists organizations and their C4ISR responsibilities.

Table C3.T6. Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance Responsibilities

Organization

Responsibility

SCO

  • Informs host country of the requirement for NATO or CCMD sponsorship of requests for INFOSEC-enabled C4ISR systems
  • Coordinates pre-LOR C4ISR requirements with the geographic CCMD and DSCA (IOPS/WPN)
  • Forwards LOR after pre-coordination to IA

Purchaser

  • Signs bilateral Communications and Interoperability Security Memorandum of Agreement (CISMOA) or other binding INFOSEC agreement
  • Coordinates with SCO on pre-LOR C4ISR requirements
  • Submits LOR for a dedicated INFOSEC facility and staffing by two U.S. accredited COMSEC custodians to IA

U.S. Combatant Commander

  • Establishes interoperability requirement for specific C4ISR capabilities requiring INFOSEC products and services
  • Initiates CJCSI 6510.06 INFOSEC (not for public release) release process
  • Following delegation from the Chairman, Joint Chiefs of Staff, negotiates and signs the CISMOA or other appropriate bilateral INFOSEC agreement governing the transfer of INFOSEC products and services to non-NATO nations, excluding Australia and New Zealand

DSCA

  • DSCA (IOPS/WPN) reviews C4ISR pre-LOR requirements in coordination with NSA and the CCMD, and, as appropriate, assigns the lead IA
  • Monitors planning activities

IAs

  • Receive and review C4ISR LORs after pre-LOR review by DSCA
  • Obtain DSCA (IOPS/WPN) approval before processing LOR
  • Generate Price and Availability (P&A) data and/or FMS case

NSA

  • Identifies the appropriate INFOSEC solution to satisfy CCMD validated interoperability requirements
  • Delegates authority through the Joint Chiefs of Staff to the CCMD to negotiate the COMSEC portion of the CISMOA, or to negotiate INFOSEC Equipment Agreements
  • Generates FMS case for foreign purchase of U.S. INFOSEC products and services; under limited circumstances, provides written authority to military departments (MILDEPs) to include specific INFOSEC products and services on MILDEP FMS cases. See National COMSEC Instruction (NACSI) 6001 (not for public release).

Chairman, Joint Chiefs of Staff

  • Validates CCMD interoperability requirements associated with the requests for U.S. INFOSEC products and services
  • Delegates final authority to CCMD to negotiate and conclude the CISMOA

C3.7.3.3. Release of Command, Control, Communications, Computer, Intelligence, Surveillance and Reconnaissance.

C3.7.3.3.1. Release of Classified Military Data. Interoperable systems that exchange classified military information are subject to a disclosure review and approval as defined in National Disclosure Policy (NDP-1). In addition to classified system hardware and software information, all data flowing between foreign and secure U.S. C4ISR weapon systems is classified. Approvals for disclosure of U.S. classified data that transit over secure coalition networks are required before issuance of LOA and/or P&A data. See Section C3.2.

C3.7.3.3.2. The release and transfer process governing INFOSEC/COMSEC products, information, and techniques to foreign governments or international organizations is an intentionally deliberate decision process undertaken by the Committee on National Security Systems (CNSS) and the NSA Deputy National Manager. These transfers are approved only when there is a clearly defined benefit to USG foreign policy, military, intelligence, or economic objectives.

C3.7.3.3.2.1. North Atlantic Treaty Organization, North Atlantic Treaty Organization member nations, Australia, and New Zealand. The release process for INFOSEC/COMSEC products is defined in CNSS Policy No. 8 (not for public release). INFOSEC/COMSEC products released to these member nations are governed by allied agreements. These, policies and procedures that describe the requirements by which the United States can provide INFOSEC/COMSEC products, technical security material, information, and techniques.

C3.7.3.3.2.2. International organizations other than North Atlantic Treaty Organization, and Non-North Atlantic Treaty Organization member nations except Australia and New Zealand. The release process for INFOSEC/COMSEC products is defined in the CJCSI 6510.06 series. A nation's desire to be interoperable with the United States, or to support the sale of a weapon system is not considered sufficient justification for release. Justification is normally based on CCMD requirements to communicate with foreign governments via secure means or USG foreign policy objectives that necessitate release and transfer of U.S. COMSEC. CCMD validation of requirements normally occurs during their bilateral Command and Control Interoperability Board (CCIB) (or like forum) with the partner nation. Following validation of the interoperability requirement, the CCMD will initiate the COMSEC Release Request (CRR) process to request a CNSS release decision. There are two types of CRR release approvals, a Release in Principle (RIP) and Release in Specific (RIS).

C3.7.3.3.2.2.1. Communications Security Release in Principle. A RIP provides a USG policy decision related to release of COMSEC information, products, or services in support of a secure interoperability requirement. A RIP is not an approval to physically transfer any COMSEC product. A RIP is required prior to any detailed discussions with the foreign nation regarding COMSEC products or associated COMSEC information requirements. RIPs are a means to provide proposed solutions to fulfill U.S. secure interoperability requirements.

C3.7.3.3.2.2.2. Communications Security Release in Specific. A RIS provides USG approval for release of a defined set (quantity and nomenclature) of COMSEC information, products, or services to a partner nation. A RIS is required for most all communication devices (secure radios, tactical data links, etc.) included with platform sales. A RIS-General Release (RIS-GR) is a type of release that does not limit the quantity of COMSEC products or tie the approval to a specific weapon system.

C3.7.3.3.2.2.2.1. RIS-GRs may be available for the following COMSEC products:

  • AN/PYQ-10 Simple Key Loader (SKL) (all variants)
  • Identification Friend or Foe (IFF) Mode 5
  • KIK-11 Tactical Key Loader (TKL)
  • KIK-30 Really Simple Key Loader (RASKL) products.

C3.7.3.3.2.2.2.1.1. If a country has an approved RIS-GR for a device, the transfer of the device is not limited to a specific quantity when integrated in or used with U.S. manufactured weapon systems. Purchasers may obtain these devices through NSA authorized channels without further release approvals. Countries with approved RIS-GRs do not require an NSA Authorization to Sell (ATS) memorandum or e-mail for P&A or LOA staffing packages when the released products are used in/with U.S. weapon systems. Contact DSCA (IOPS/WPN) International C4I Programs office for current RIS-GR country listing (not for public or foreign release).

C3.7.3.3.3. Global Positioning System/Precise Positioning System (GPS/PPS) User Equipment (UE) is not COMSEC or CCI and follows the Department of Defense Manual (DoDM) O-4650.11 (not for public release) and CJCSI 6510.06 series (not for public release) release processes. The DoD Chief Information Officer (CIO) is the release authority for GPS/PPS UE and GPS anti-jam technology and equipment.

C3.7.3.3.4. Some C4ISR equipment/systems may require additional interagency, service specific, or multi-national release approvals beyond the CNSSP No. 8 (not for public release) or CJCSI 6510.06 series (not for public release) processes. These systems include but are not limited to: Multifunctional Information Distribution System Low Volume Terminals (MIDS-LVT), Link-22 Beyond Line of Sight Tactical Data Link (BLOS-TDL), GPS/PPS, and radio Waveforms. These additional release requirements may require additional time for release approval; therefore, early planning and coordination with the responsible CCMD is crucial during case development.

C3.7.3.4. Information Security/Communication Security Price and Availability and Letters of Offer and Acceptance. The Director, NSA, (DIRNSA) is the National Manager for INFOSEC products to include both external INFOSEC/COMSEC products and embedded cryptographic modules. The IA for INFOSEC/COMSEC products and embedded cryptographic modules is determined by the Acquisition Manager of a particular device. DIRNSA may authorize some NSA-managed INFOSEC/COMSEC products to be included on other IA managed LOAs on a case-by-case basis. Requests for exceptions to allow NSA-managed INFOSEC/COMSEC products on other IA LOAs will not be granted due to the lack of an existing NSA LOA.

C3.7.3.4.1. Special Purpose INFOSEC/COMSEC products ("S" Type COMSEC) are provided to international organizations other than NATO, and non-NATO member nations except Australia and New Zealand on NSA-managed FMS cases only. Requests to allow "S" Type COMSEC equipment on other IA LOAs will not be granted.

C3.7.3.4.2. Information Security/Communication Security Validation/Authorization. All IAs, even those responsible for the acquisition of the COMSEC/INFOSEC products and embedded cryptographic modules, must request DIRNSA determination as to whether COMSEC/INFOSEC products and embedded cryptographic modules are releasable and whether they can be included on an LOA written by an IA other than NSA (exception: See Section C3.7.3.3.2.2.2.1.). Send e-mail request to NSA at FMSLOR@nsa.gov and include a copy of the purchaser's LOR, nomenclature of the COMSEC/INFOSEC products and/or embedded cryptographic modules, quantities, and identify the weapon system or platform in which the COMSEC/INFOSEC equipment will be integrated. When required, DIRNSA will provide a response in the form of an ATS memoranda or e-mail to the IA within 30 days of the request for inclusion in the LOA staffing package.

C3.7.3.4.2.1. A RIP or RIS is required prior to providing a P&A including COMSEC products to an FMS purchaser. A new RIP or RIS is not required for a P&A if the specific COMSEC/INFOSEC products were previously released (via RIS) to the FMS purchaser for use with a U.S.-manufactured weapon systems AND the COMSEC/INFOSEC products are for use and/or integration into a U.S. manufactured weapon system(s). Address questions concerning previous releases of COMSEC/INFOSEC products to DSCA (IOPS/WPN) International C4I Programs office.

C3.7.3.4.2.2. A RIP is the minimum COMSEC release approval required for Congressional Notifications (CN) containing COMSEC products, unless the product(s) are Major Defense Equipment (MDE). If the COMSEC products are MDE, a RIS is required prior to submitting the CN to identify the specific MDE COMSEC product(s) and quantities in the CN.

C3.7.3.4.2.3. A RIS is required prior to providing a LOA with COMSEC products to an FMS purchaser. Some RIS approvals may include additional instructions for COMSEC/INFOSEC products that require special handling.

C3.7.3.4.3. IAs must verify that the foreign recipient is authorized to receive GPS/PPS UE and anti-jam technology and equipment prior to transfer. If the GPS/PPS UE must operate in PPS mode using encryption, the IA must receive FMS approval from the USAF Space and Missile Systems Center Production Corps for GPS and include the approval in the LOA staffing package.

C3.7.3.4.4. Classification of Information Security/Communication Security. Some foreign governments may classify their LORs for specific INFOSEC/COMSEC products; however, when possible, classifying the entire FMS case will be avoided. See Section C5.4.10. for more information on classified FMS cases.

C3.7.4. Electronic Warfare Systems and Electronic Warfare Integrated Reprogramming Database.

C3.7.4.1. Definition. Electronic Warfare (EW) Systems (e.g., radar warning receivers and jammers) are designed to deny or counteract the enemy's use of electromagnetic (EM) emitters (e.g., radar, communications, guidance, detection, and control devices). The sale of an EW capability involves the transfer of the EW system hardware, firmware, and software. The software typically includes a mission data file (MDF) or library that contains information/data related to EM emitters. The Electronic Warfare Integrated Reprogramming Database (EWIRDB) is the primary DoD source for technical parametric performance data on EM emitters and is used to program/reprogram the MDF to correctly identify emitters by their EM characteristics. Prior to offering an LOA to the FMS customer that includes an EW system, the FMS IA must review all EW system components to verify that the system, to include the MDF, has been approved for release and certified in writing by the appropriate DoD authorities (i.e. NSA, National Air and Space Intelligence Center (NASIC), Defense Intelligence Agency (DIA), and applicable program offices). If an EW system is not certified in writing prior to sale, the FMS purchaser must be advised, and the FMS IA must ensure a plan is in place to obtain data protection certification from the NSA prior to delivery. Delivery cannot take place without this certification unless the FMS customer uses its own technical parametric performance data instead of DoD data.

C3.7.4.2. Foreign Military Sales Electronic Warfare Integrated Reprogramming Database Types. The FMS EWIRDB is used to create the MDF or library for EW systems. There are two types of FMS EWIRDB, Direct and Indirect. A Direct FMS EWIRDB is delivered directly to the FMS customer and provides data required for an In-Country Reprogramming (ICR) capability for the EW system. An Indirect FMS EWIRDB is delivered to the U.S. reprogramming facility that will develop the MDF for the requesting country’s EW system. Both Direct and Indirect EWIRDBs must go through the release processes described below prior to the FMS sale.

C3.7.4.3. Electronic Warfare Release Process. An LOR advisory should be issued to NSA and the applicable MILDEPs by DSCA (IOPS/WPN) when an LOR is received for an EW system that will be used on a country’s weapon system for the first time. This advisory will notify the EW community of the pending request so that the evaluation process can begin. It is critical that the evaluation process be initiated as soon as possible due to the amount of time required to complete the process.

Table C3.T7. Electronic Warfare Responsibilities

Organization

Responsibility

DSCA

  • Prepares LOR Advisory for potential sale of EW system
  • Reviews LOA prior to offer to ensure appropriate reviews have been accomplished

IAs

  • Provides copy of LOR to DSCA with details on what EW system will be proposed for potential platform sale, to be used for LOR advisory
  • Determine if proposed EW system has been certified by NSA for handling of classified data
  • Incorporate required EW costs and program schedule impacts into LOA; advise purchaser of certification status and potential schedule risks and impacts
  • Reviews LOA and verifies appropriate reviews have been accomplished prior to being offered to customer

IA EW Points of Contact

  • Air Force (Deputy Under Secretary of the Air Force for International Affairs, Weapons Division) (SAF/IAPW)
  • Army (Deputy Assistant Secretary of the Army for Defense Exports and Cooperation) (SAAL-NI)
  • Navy (Navy International Programs Office Strategic Planning Directorate) (Navy IPO-03)
  • Process any required disclosure requests for applicable classified military information
  • Work with program office and vendor to develop technical documentation required for evaluation of EW systems data protection
  • Evaluate requirement to determine if Release in Principle (RIP) has been granted for a particular system. If not, submit request for RIP to DIA, NSA and SIGCOM for approval/authorization
  • Upon LOA signature work with purchaser as applicable to identify data base requirements and submit request for Release in Specific (RIS) to DIA, NSA and National Signals Intelligence Committee (SIGCOM) for approval/authorization
  • Validate that LOA is written appropriately to incorporate specific EW verbiage

DIA

  • Review and process Service requests for EW system RIP and RIS

NSA

  • Review and process Service requests for EW system RIP and RIS
  • Review and provide guidance for data protection certification for EW systems

National Signals intelligence (SIGINT) Committee (SIGCOM)

  • Review and process Service requests for EW system RIP and RIS

Purchaser

  • Upon LOA signature participates in dialog with IA FMS offices to identify required data to be included in EW data base

C3.7.4.3.1. Release of Classified Military Information. EW systems that use classified military information are subject to a releasability review and approval as defined in the NDP-1. In addition to possible classified system hardware and software, the system MDF may include classified data. Approvals for release of U.S. classified data are required before an LOA can be offered to a purchaser.

C3.7.4.3.2. Foreign Military Sales Electronic Warfare Integrated Reprogramming Database Release in Principle. Prior to offering an LOA for FMS EWIRDB support, there must be an approved and valid RIP in place for the use of the Direct or Indirect FMS EWIRDB. The FMS EWIRDB RIP is issued by NSA for a particular country on a specific weapon system platform, and is not related to a COMSEC RIP. Once the IA Program Office or vendor determines there is an FMS EWIRDB requirement, a request for a RIP should be submitted to the appropriate IA EW POC listed in Table C3.T5. The IA will designate a POC for receipt of these requirements to ensure consistency in the submissions to the DoD authorities. The request for a RIP will be submitted to the DoD disclosure authorities (Table C3.T5.) At a minimum, these requests will identify the requesting country, platform, type of database (Direct/Indirect) and EW system nomenclature, if known. Once the RIP is granted, an LOA for FMS EWIRDB support can be offered to the purchaser. The IA should enter comments in Defense Security Assistance Management System (DSAMS) case remarks stating that an EW RIP has been granted, citing the approving agency, date of grant, and POC.

C3.7.4.4. Foreign Military Sales Electronic Warfare Integrated Reprogramming Database Release in Specific. Upon implementation of an LOA for an EW system with FMS EWIRDB support, the IA EW POC will coordinate with the country to determine the desired data to be incorporated into the FMS EWIRDB. This information, along with the identified recipient country, platform, type of database (Direct/Indirect) and EW system will be used by the EW points of contact at the applicable IA to develop a request for a RIS. The RIS will be submitted to the DoD disclosure authorities for approval. If approved, the RIS will authorize the EWIRDB executive agent, NASIC, to begin the development of an FMS EWIRDB for a particular country, platform, and EW system as funded by an FMS LOA. Table C3.T5. lists organizations and their EW responsibilities.

C3.7.4.5. Letter of Offer and Acceptance Requirements. All LOAs that offer EW systems and/or data base support must clearly identify, in the LOA notes, the nomenclature of the EW system components, the type of data base support being provided and the platforms associated with the EW system and/or data base support. The LOA notes must clearly state if an EW system is not certified prior to the LOA being offered.

C3.7.5. Identification, Friend or Foe Systems.

C3.7.5.1. Definition. Identification Friend or Foe (IFF) systems are sensitive identification devices that emit signals used to identify whether a platform is friendly or unknown to help prevent fratricide.

C3.7.5.2. Identification Friend or Foe Release Requirements. Release of U.S. manufactured IFF Mode 4/5 capability to foreign governments must be handled according to the COMSEC release process of CJCSI 6510.06C, "Communications Security Releases to Foreign Nations" (not for public release). IFF Mode 4/5 is typically approved on a general release basis for U.S. manufactured platforms, which means it is not tied to a specific quantity or platform. A release in specific approval, as outlined in reference (a), is required for U.S. manufactured IFF Mode 4/5 systems' integration into non-U.S. manufactured platforms. Transfers of Mark XIIA IFF Mode 4/5 systems are based on validated interoperability requirements.

Table C3.T8. Identification Friend or Foe Release Coordination Responsibilities

Organization

Responsibility

DSCA

  • Review LOA prior to offering, to ensure appropriate reviews have been accomplished and approvals are in place

IAs

  • Only offer IFF Mode 4/5 on LOAs for approved countries. Prior to offering an LOA for IFF Mode 4/5, request approval from NSA to sell associated COMSEC equipment
  • Upon identification of appropriate IFF system for platform, ensure DoD AIMS Program Office (PO) has certified the platform and IFF system or that platform and system certification is planned for in the LOA

NSA

  • Review and processes COMSEC release requests in accordance with applicable release processes
  • Provide "approval to sell" letters to IAs for IFF COMSEC devices
  • Provide IFF Mode 5 Operational and Test Keying Material, as authorized via standard key management distribution process

Department of Defense Air Traffic Control Radar Beacon System (ATCRBS), Identification Friend or Foe (IFF), Mark XII/XIIA, System (AIMS) Program Office (PO)

  • Evaluate platforms and systems for compliance with relevant standards; and certifies compliant systems
  • Confirm that NATO-approved third-party certification agencies meet AIMS standards for conducting platform certifications

Purchaser

  • Nations National Distribution Authority (NDA) or COMSEC custodians should request COMSEC Keying Material from the controlling authority, i.e., Joint COMSEC Management Office (JCMO), MacDill Air Force Base, FL

C3.7.5.2.1. IFF systems that use classified military information are subject to disclosure review and approval as defined in the NDP-1. Per NDP-1, approvals for release of U.S. classified data are mandatory before an LOA can be offered to a purchaser.

C3.7.5.2.2. The DoD Air Traffic Control Radar Beacon System (ATCRBS), IFF, Mark XII/XIIA, Systems (AIMS) Program Office (PO) or a NATO-approved, AIMS-compliant certification agency, is responsible for ensuring Mark XIIA systems and platforms are certified to the interoperability requirements specified in the DoD AIMS 03-1000 series standards. There are two levels of certification. The first level is for the actual equipment or "box" including transponders and interrogators, and the second level is for the installed performance or "Platform Certification." Program managers selling IFF equipment through FMS must ensure that the system and platform are certified by AIMS or a NATO-approved, AIMS-compliant certification agency.

C3.7.5.2.3. Communication Security Keying Material. COMSEC Accounts obtain IFF Mode 4 Keying Materiel from the Controlling Authority, the JCMO.

C3.7.5.2.3.1. IFF Mode 5 Test Keying Material is currently available for platforms in the integration and test phase. COMSEC Accounts request IFF Mode 5 Test Keying Material from the NSA.

C3.7.5.2.3.2. IFF Mode 5 Operational Keying Material release and issuing procedures will be determined after IFF Mode 5 is in operational use by U.S. forces.

C3.7.5.3. All LOAs for the provision of IFF Mode 4/5 systems shall clearly identify the IFF system components in an LOA note. The LOA note shall also clearly state whether or not the platform for an IFF system has been or will be certified as meeting AIMS standards.

C3.7.6. Signals intelligence LOAs.

C3.7.6.1. SIGINT involves collecting foreign intelligence from communications and information systems and providing it to customers across the U.S. government, such as senior civilian and military officials. This information is used to help protect our troops, support our allies, fight terrorism, combat international crime and narcotics, support diplomatic negotiations, and advance many other important national objectives.

C3.7.6.2. NSA is required to conduct a foreign disclosure review on all LOAs that include SIGINT. NSA must provide an Approval to Sell letter before SIGINT equipment and services can be offered on a LOA.

C3.7.7. Network Enabled Weapons. Network Enabled Weapons (NEW) are precision-guided munitions that are equipped with datalink radios that allow for re-targeting, altering their respective targeting coordinates, tracking, or passing off control to other weapon systems on the datalink.

C3.7.7.1. A NEW device may employ NSA Type 1 COMSEC encrypted datalink, such as Link-16, or a non-NSA Type 1 COMSEC encrypted datalink, such as Common Datalink (CDL). NEWs with NSA Type-1 COMSEC encryption require COMSEC release approval and NSA ATS for transfer, in addition to any other release approvals and monitoring requirements. See Section C3.7.3. and Section C8.4.1.4.

C3.7.8. Cross Domain Solutions. A Cross Domain Solution (CDS) is a means of information assurance that provides the ability to manually or automatically access or transfer information between two or more differing security domains. CDS devices are integrated systems of hardware and software that enable the transfer of information among otherwise incompatible security domains or levels of classification. CDS devices may facilitate the connection of U.S. weapon systems acquired by partner nations with non-U.S. domains by filtering unauthorized messages and malicious files to protect both U.S. and FMS customer systems, networks, and data.

C3.7.8.1. CDS devices available to FMS purchasers must be tested and certified by the NSA, and their transfer requires approval from DIRNSA prior to the USG offering the solutions to the FMS purchaser. IAs must request DIRNSA to determine if the CDS is releasable and whether it can be included on an LOA.

C3.7.8.2. Send requests to NSA FMS Group at FMSLOR@nsa.gov and FMS_P1@nsa.gov and include a copy of the purchaser's LOR, nomenclature of the CDS products, quantities, and identify the weapon system or platform in which the CDS will be integrated. DIRNSA will provide a response in the form of a CDS ATS memoranda or e-mail to the IA within 30 days of the request for inclusion in the LOA staffing package.