Category XI - Military Electronics
Subparagraph (b) – Encryption software designed or modified to:
- Generate spreading code for spread spectrum or hopping code for frequency agility (does not include fixed code techniques);
- Use “burst” (time compression) techniques;
- Suppress compromising emanations of information-bearing signals.
Category XIII - Auxiliary Military Equipment
Subparagraph (b) – Encryption software designed or modified for:
- Military information security systems (including key management);
- Tracking, Telemetry and Control (TT&C) including decryption;
- Generating spreading or hopping codes for military spread spectrum systems or equipment;
- Military cryptanalytic systems;
- Military information systems providing certified or certifiable multi-level security or user isolation exceeding class B2 of TCSEC.
Category XV - Spacecraft Systems and Associated Equipment
Subparagraph (b) – Encryption software designed or modified for
- Ground control stations for telemetry, tracking and control of spacecraft or satellites.
Subparagraph (c) – Global Positioning System (GPS) receiving equipment:
- Designed for encryption or decryption (i.e. Y-Code) of GPS precise position service (PPS) signals.
NOTE: The citations provided above are intended as general summaries and are not authoritative. Researchers are responsible for consulting the USML for encryption software specifically designed or developed for a military, intelligence or space application.
NC State Researcher Action Required: ITAR Encryption Compliance
NC State researchers generating ITAR-related encryption software must upload the code onto a publicly available website immediately to demonstrate that the software has been published.
The NC State-developed encryption software must be freely downloadable by all interested members of the scientific community at no charge and without NC State’s knowledge by whom or from where the data is being downloaded. This means no login requirement or other password or other authentication procedures. The government could view a login or other authentification requirement as an access control, and such a requirement could destroy the university’s ability to characterize the generated software as unrestricted fundamental research excluded from export controls.
Learn more about Encryption Export Controls