Compliance

ITAR/EAR


The protection of sensitive government information is critical in today’s environment of cyber risk. Virtustream is committed to aligning to the standards that have been established to protect the use and access to Controlled Unclassified Information (CUI) that resides in non-federal systems on behalf of a federal agency. These standards include the United States (US) government export control regulations ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulations). Both regulations are designed to help ensure that CUI, such as US defense-related technology, does not get into the wrong hands. As part of the protection requirements, Virtustream has conducted a self-assessment to validate the requirements set by the United States (US) government and NIST SP 800-171. The self-assessment is conducted on an annual basis.

Virtustream cloud services subject to the ITAR and EAR frameworks include: 

  • ITAR/EAR nodes in Virtustream data centers USDC3 and USDC4

Region: United States

About CUI

CUI is governed by the US National Archives which standardizes the way the US Executive branch handles unclassified information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and US government-wide policies. The CUI framework applies to two important export control laws including the International Traffic in Arms Regulations (ITAR) which covers defense technology, software, or other information whose export could reasonably be expected to adversely affect US national security, and the Export Administration Regulations (EAR) which regulates items designed for commercial purposes that could also be used for military purposes such as computers or software.