Security and Safeguard Plans (SSPs)

[Note: The EAR amendment of April 24, 2006 removed Supplement 3 to Part 742 of the Export Administration Regulations, which previously set forth the requirements for SSPs for HPCs). The April 24, 2006 amendment added the requirement for SSPs to paragraph (c)(2) of Supplement No. 2 to part 748 (“Unique Application and Submission Requirements”) of the EAR.]

The United States requires security safeguards for exports of HPCs to ensure that they are used for peaceful purposes. The level and type of security safeguards reflect our broad proliferation and security concerns. Whether to require an SSP for a particular transaction is generally based on the country destination and Composite Theoretical Performance of the computer.

Following interagency review of an HPC license application, BIS will instruct the exporter to submit a Security Safeguard Plan (SSP) signed by the ultimate consignee. See the sample 'Standard' SSP for formatting information. The SSP must indicate that the ultimate consignee agrees to implement those safeguards required by BIS as a condition of issuing the license. BIS will inform the exporter which safeguard requirements will be imposed in the SSP. All license applications for exports and reexports to Tier III countries will require an SSP.

The following SSP provisions represent the standard set that will be used on HPC licenses to Tier III end-users. For most commercial end-users, the SSP will require end-user certification only. However, agencies retain the right to impose further conditions or SSP provisions if a particular license application poses a greater level of risk due to the type of end-user or the computing capability of the HPC.

Exporters may obtain a signed SSP from the end-user during the initial processing of a license application; this may substantially reduce the application processing time. However, if BIS requires additional safeguards after a full review of the license application, the exporter will have to make an addendum to the previously signed SSP.

'Standard' SSP Requirements

This Security Safeguard Plan certifies that the end-user will not use the item subject to this license for any of the unauthorized activities listed below and will adhere to the safeguard conditions as they appear herein:
The computer system will only be used for those activities approved by the U.S. Department of Commerce, Bureau of Industry and Security (BIS).
No use of the item subject to this license is authorized for any of the activities listed below:
1. National security work not authorized by the government of the exporting country.
2. The design, development, production or use of:
  1. Any nuclear explosive device, including any component or subsystem specially designed for such a device.
  2. Complete rocket systems or unmanned air vehicle systems capable of delivering weapons of mass destruction, including any specially designed component or subsystem of such devices. A delivery system for weapons of mass destruction is defined to include any complete rocket system (including ballistic missiles, space launch vehicles, and sounding rockets) or unmanned air vehicle system (including cruise missile systems, target drones, and reconnaissance drones) that is intended to deliver nuclear, chemical, or biological weapons.
3. The design, development, production, use or maintenance of:
4. A nuclear fuel cycle facility (including facilities engaged in nuclear propulsion and related activities) or heavy water production plant in a country not party to the Nuclear Non-proliferation Treaty.
5. Any facility for the production of chemical or biological weapons.
There will be no reexport or intra-country transfer of the computer without prior written authorization from the U.S. Department of Commerce, Bureau of Industry and Security (BIS).
No change (aggregation or upgrade) may be made to this equipment that would further increase the Weighted TeraFLOPS (WT) value without prior BIS authorization.
The end-user will ensure that the appropriate security measures are implemented and the computer system will be housed in a secure facility and protected against theft and unauthorized entry at all times.
The computer will run the necessary software to: permit access to authorized personnel only; detect attempts to gain unauthorized access; set and maintain limits on usage; establish accountability for usage; and generate logs and other records of usage. The software will also maintain the integrity of data and program files, the accounting and audit system, the password or computational access control system, and the operating system itself.
The security personnel will undertake and be responsible for the following measures:
1. Ensuring the establishment of a system to ensure round-the-clock monitoring for computer security;
2. Ensuring the inspection, as necessary, of any program to determine whether the program conforms with the conditions of the license. If not, the security personnel shall remove the program from the system;
3. Ensuring the inspection of usage logs to the extent necessary to ensure conformity with the conditions to the license [and the retention of records of these logs for at least two years.
4. Establishing the acceptability of all users in conformity with authorized end-uses.
5. Supervising the following key tasks:
  1. Establishment of new accounts and the assignment of passwords
  2. Changing the passwords for individuals frequently and at unpredictable intervals, and ensuring the right to deny passwords to anyone. ( Passwords will be denied to anyone whose activity does not conform to the conditions of the license. Misuse of passwords by users will result in denial of further access to the computer.)
6. Maintaining the integrity and security of tapes and data files containing archived user files, log data, or system backups.
Computers may not be accessed either physically or computationally without prior authorization by the U.S. Government by nationals of Cuba , Iran , , Libya , N. Korea , Sudan , Syria . However, commercial consignees as described in Supplement 3 to Part 742 of the EAR are prohibited only from giving such nationals user-accessible programmability.
"Remote Computational access" to the computer systems is not permitted unless authorized by the U.S. Department of Commerce, Bureau of Industry and Security (BIS). (Note: If "remote computational access" is permitted, the end-user must take appropriate steps to protect the computer system and to maintain audit trails of all users.)
" Computational access" is the ability to create, load, or execute a program. This function includes any system administration capabilities. Computational access does not include the ability to retrieve stored data or the ability to enter and receive transactional data to an approved program (e.g., banking transactions).
The end-user must immediately report any security breaches or suspected security breaches to the exporter's representatives.
The end-user will cooperate with any post-shipment inquiries or inspections by the U.S. Government or exporting company officials to verify the disposition and/or use of the computer. Security personnel will maintain data on the computational access usage of the computer (as required by provision 7c) and security related events. Such data will be retrievable and available for review by BIS and will contain data covering at least two years prior to the receipt of any review request.
The end-user will cooperate with the U.S. Government concerning the physical inspection of the computer using facility on short notice and will provide access to all data relevant to computational access usage. This inspection will include:
1. Analyzing any programs or software run on the computer to ensure that all usage complies with the authorized end-uses on the license;
2. Checking current and archived computational access usage logs for conformity with the authorized end-uses and the restrictions imposed by the license; and
3. Verifying the acceptability of all computer users in conformity with the authorized end-uses and the restrictions imposed by the license.
This is to certify that [End-user's name] [ (if applicable) and all the remote access end-users] will not use the [product name] for the unauthorized activities listed above, and will adhere to the safeguard conditions and perform the undertakings as prescribed in this security plan.