Access Controls

Controlling access to ITAR-controlled technical data

Access Control Requirements

ITAR requires that access to controlled technical data be limited to authorized persons. Arcliance provides tools to define, enforce, and audit access controls for your technical data assets.

Access Control Levels

Level 1: Public

No Restrictions

Marketing materials, public specifications. No export controls.

Level 2: Internal

Company Only

Company confidential but not export controlled. All employees can access.

Level 3: Export Controlled

U.S. Persons Only

ITAR or EAR controlled. Only verified U.S. persons or authorized foreign nationals.

Level 4: Restricted

Need-to-Know

Highly sensitive. Access requires specific TCP authorization and need-to-know.

Defining Access Permissions

Classify Assets
Assign export classification and access level to each asset.
Create Access Groups
Define groups based on project, department, or clearance level.
Assign Users to Groups
Add authorized personnel to appropriate groups.
Link to TCP
Associate access controls with the governing Technology Control Plan.

Person Verification

Before granting access to controlled data, verify personnel status:

U.S. Persons

U.S. citizens (birth certificate or passport)
Lawful permanent residents (Green Card)
Protected individuals (asylum/refugee status)

Foreign Nationals

Verify citizenship/nationality
Screen against denied party lists
Obtain required authorization (TAA/license)
Document access in TCP

Access Logging

All access to controlled assets is logged for audit purposes:

Who accessed what and when
Access method (download, view, edit)
Authorization basis (TCP, TAA, license)
Access denials and reasons

Access logs are retained for the required compliance period and cannot be modified.

Integration with IT Systems

Arcliance can integrate with your existing IT infrastructure:

Active Directory / LDAP for user provisioning
SSO for authentication
DLP (Data Loss Prevention) systems
Cloud access security brokers (CASB)