ISTAC to Discuss Wassenaar Proposals for 2017

Today the DOC’s Bureau of Industry and Security (BIS) published a meeting notice in the Federal Register (81 FR 43185) for a meeting of the Information Systems Technical Advisory Committee (ISTAC). The partially closed two-day meeting will be held on July 27^th and 28^th, 2016 in San Diego, CA. The session on the 27^th will be open to the public and will be available via teleconference.

Two of the public session items may be of specific interest to readers of this blog:

• Comments on ECCN 5A001.J; and

• Wassenaar Proposals for 2017.

Export classification control number (ECCN) 5A001.J is the controversial export control language for ‘intrusion software’. BIS withdrew the proposed language that caused so much discord last year. I would suspect that this is the replacement language that BIS is proposing. I have not yet seen a copy of this new proposed language.

Last year the cybersecurity community was pretty much caught by surprise with the proposed intrusion software language that BIS proposed based upon the DOC interpretation of the latest Wassenaar language. In order to get ahead of future changes in these export controls, the community needs to pay attention to the development of the Wassenaar agreements.

There will be limited public seating for this meeting so advanced registration is recommended. The same is true for access to the teleconference. Written comments may be submitted on the topics to be discussed. The only method referenced for submitting written comments is via email (Yvette.Springer(@bis.doc.gov).