16 January 1998
Source: "Implementation of the Wassenaar
Arrangement List of Dual-Use Items: Revisions to the Commerce Control List
and Reporting Under the Wassenaar Arrangement; Rule."
Supplement No. 1 to Part 774--the Commerce Control List Category 5--``Information Security'', Part II Part 2--``Information Security'' Note: The control status of ``information security'' equipment, ``software'', systems, application specific ``electronic assemblies'', modules, integrated circuits, components, or functions is determined in Category 5, Part 2 even if they are components or ``electronic assemblies'' of other equipment. A. Systems, Equipment and Components 5A002 Systems, equipment, application specific ``assemblies'', modules or integrated circuits for ``information security'', and specially designed components therefor. License Requirements Reason for Control: NS, AT, EI Control(s) Country Chart NS applies to entire entry............. NS Column 1 AT applies to entire entry............. AT Column 1 EI applies to encryption items transferred from the U.S. Munitions List to the Commerce Control List consistent with E.O. 13026 of November 15, 1996 (61 FR 58767) and pursuant to the Presidential Memorandum of that date. Refer to Sec. 742.15 of the EAR. License Requirement Notes: See Sec. 743.1 of the EAR for reporting requirements for exports under License Exceptions. License Exceptions LVS: N/A GBS: N/A CIV: N/A List of Items Controlled Unit: $ value Related Controls: See also 5A992. This entry does not control: (a) ``Personalized smart cards'' or specially designed components therefor, with any of the following characteristics: (1) Not capable of message traffic encryption or encryption of user-supplied data or related key management functions therefor; or (2) When restricted for use in equipment or systems excluded from control under the note to 5A002.c, or under paragraphs b through h of this note. (b) Equipment containing ``fixed'' data compression or coding techniques; (c) Receiving equipment for radio broadcast, pay television or similar restricted audience television of the consumer type, without digital encryption and where digital decryption is limited to the video, audio or management functions; (d) Portable or mobile radiotelephones for civil use (e.g., for use with commercial civil cellular radiocommunications systems) that are not capable of end-to-end encryption; (e) Decryption functions specially designed to allow the execution of copy-protected ``software'', provided the decryption functions are not user-accessible; (f) Access control equipment, such as automatic teller machines, self-service statement printers or point of sale terminals, that protects password or personal identification numbers (PIN) or similar data to prevent unauthorized access to facilities but does not allow for encryption of files or text, except as directly related to the password or PIN protection; (g) Data authentication equipment that calculates a Message Authentication Code (MAC) or similar result to ensure no alteration of text has taken place, or to authenticate users, but does not allow for encryption of data, text or other media other than that needed for the authentication; (h) Cryptographic equipment specially designed and limited for use in machines for banking or money transactions, such as automatic teller machines, self-service statement printers or point of sale terminals. Related Definitions: For the control of global navigation satellite systems receiving equipment containing or employing decryption (i.e., GPS or GLONASS see 7A005) Items: a. Systems, equipment, application specific ``assemblies'', modules or integrated circuits for ``information security'', and specially designed components therefor: a.1. Designed or modified to use ``cryptography'' employing digital techniques to ensure ``information security''; a.2. Designed or modified to perform cryptoanalytic functions; a.3. Designed or modified to use ``cryptography'' employing analog techniques to ensure ``information security''; Note: 5A002.a.3 does not control the following: 1. Equipment using ``fixed'' band scrambling not exceeding 8 bands and in which the transpositions change not more frequently than once every second; 2. Equipment using ``fixed'' band scrambling exceeding 8 bands and in which the transpositions change not more frequently than once every ten seconds; [[Page 2523]] 3. Equipment using ``fixed'' frequency inversion and in which the transpositions change not more frequently than once every second; 4. Facsimile equipment; 5. Restricted audience broadcast equipment; and 6. Civil television equipment; a.4. Designed or modified to suppress the compromising emanations of information-bearing signals; Note: 5A002.a.4 does not control equipment specially designed to suppress emanations for reasons of health and safety. a.5. Designed or modified to use cryptographic techniques to generate the spreading code for ``spread spectrum'' or the hopping code for ``frequency agility'' systems; a.6. Designed or modified to provide certified or certifiable ``multilevel security'' or user isolation at a level exceeding Class B2 of the Trusted Computer System Evaluation Criteria (TCSEC) or equivalent; a.7. Communications cable systems designed or modified using mechanical, electrical or electronic means to detect surreptitious intrusion. 5A992 ``Information security'' equipment, n.e.s.; (e.g., cryptographic, cryptoanalytic, and cryptologic equipment, n.e.s.), and components therefor. License Requirements Reason for Control: AT Control(s) Country Chart AT applies to entire entry............. AT Column 1 License Exceptions LVS: N/A GBS: N/A CIV: N/A List of Items Controlled Unit: $ value Related Controls: N/A Related Definitions: N/A Items: The list of items controlled is contained in the ECCN heading. B. Test, Inspection and Production Equipment 5B002 Information Security--test, inspection and ``production'' equipment. License Requirements Reason for Control: NS, AT Control(s) Country Chart NS applies to entire entry............. NS Column 1 AT applies to entire entry............. AT Column 1 License Requirement Notes: See Sec. 743.1 of the EAR for reporting requirements for exports under License Exceptions. License Exceptions LVS: N/A GBS: N/A CIV: N/A List of Items Controlled Unit: $ value Related Controls: N/A Related Definitions: N/A Items: a. Equipment specially designed for: a.1. The ``development'' of equipment or functions controlled by 5A002, 5B002, 5D002 or 5E002, including measuring or test equipment; a.2. The ``production'' of equipment or functions controlled by 5A002, 5B002, 5D002, or 5E002, including measuring, test, repair or production equipment; b. Measuring equipment specially designed to evaluate and validate the ``information security'' functions controlled by 5A002 or 5D002. C. Materials [Reserved] D. Software 5D002 Information Security--``Software''. License Requirements Reason for Control: NS, AT, EI Control(s) Country Chart NS applies to entire entry............. NS Column 1 AT applies to entire entry............. AT Column 1 EI applies to encryption items transferred from the U.S. Munitions List to the Commerce Control List consistent with E.O. 13026 of November 15, 1996 (61 FR 58767) and pursuant to the Presidential Memorandum of that date. Refer to Sec. 742.15 of the EAR. Note: Encryption software is controlled because of its functional capacity, and not because of any informational value of such software; such software is not accorded the same treatment under the EAR as other ``software''; and for the export licensing purposes encryption software is treated under the EAR in the same manner as a commodity included in ECCN 5A002. License Exceptions for commodities are not applicable. Note: Encryption software controlled for EI reasons under this entry remains subject to the EAR even when made publicly available in accordance with part 734 of the EAR, and it is not eligible for the General Software Note (``mass market'' treatment under License Exception TSU for mass market software). After a one-time BXA review, certain encryption software may be released from EI controls and made eligible for the General Software Note treatment as well as other provisions of the EAR applicable to software. Refer to Sec. 742.15(b)(1) of the EAR and Supplement No. 6 to part 742 of the EAR. License Requirement Notes: See Sec. 743.1 of the EAR for reporting requirements for exports under License Exceptions. License Exceptions CIV: N/A TSR: N/A List of Items Controlled Unit: $ value Related Controls: See also 5D992. This entry does not control ``software'' ``required'' for the ``use'' of equipment excluded from control under 5A002 or ``software'' providing any of the functions of equipment excluded from control under 5A002 Related Definitions: N/A Items: a. ``Software'' specially designed or modified for the ``development'', ``production'' or ``use'' of equipment or ``software'' controlled by 5A002, 5B002 or 5D002. b. ``Software'' specially designed or modified to support ``technology'' controlled by 5E002. c. Specific ``software'' as follows: c.1. ``Software'' having the characteristics, or performing or simulating the functions of the equipment controlled by 5A002 or 5B002; c.2. ``Software'' to certify ``software'' controlled by 5D002.c.1. 5D992 ``Software'' not controlled by 5D002. License Requirements Reason for Control: AT Control(s) Country Chart AT applies to 5D992.a and .b........... AT Column 1 AT applies to 5D992.c.................. AT Column 2 License Exceptions CIV: N/A TSR: N/A List of Items Controlled Unit: $ value Related Controls: N/A Related Definitions: N/A Items: a. ``Software'', specially designed or modified for the ``development'', ``production'', or ``use'' of information security or cryptologic equipment (e.g., equipment controlled by 5A992) b. ``Software'' having the characteristics, or performing or simulating the functions of the equipment controlled by 5A992. c. ``Software'' designed or modified to protect against malicious computer damage, e.g., viruses. E. Technology 5E002 ``Technology'' according to the General Technology Note for the ``development'', ``production'' or ``use'' of equipment controlled by 5A002 or 5B002 or ``software'' controlled by 5D002. License Requirements Reason for Control: NS, AT, EI Control(s) Country Chart NS applies to entire entry............. NS Column 1 AT applies to entire entry............. AT Column 1 EI applies to encryption items transferred from the U.S. Munitions List to the Commerce Control List consistent with E.O. 13026 of November 15, 1996 (61 FR 58767) and pursuant to the Presidential Memorandum of that date. Refer to Sec. 742.15 of the EAR License Requirement Notes: See Sec. 743.1 of the EAR for reporting requirements for exports under License Exceptions License Exceptions CIV: N/A TSR: N/A List of Items Controlled Unit: N/A Related Controls: See also 5E992 [[Page 2524]] Related Definitions: N/A Items: The list of items controlled is contained in the ECCN heading. 5E992 ``Technology'', n.e.s., for the ``development'', ``production'', or ``use'' of ``information security'' or cryptologic equipment (e.g., equipment controlled by 5A992), or ``software'' controlled by 5D992. License Requirements Reason for Control: AT Control(s) Country Chart AT applies to entire entry............. AT Column 1 License Exceptions CIV: N/A TSR: N/A List of Items Controlled Unit: N/A Related Controls: N/A Related Definitions: N/A Items: The list of items controlled is contained in the ECCN heading. EAR99 Items subject to the EAR that are not elsewhere specified in this CCL Category or in any other category in the CCL are designated by the number EAR99.