EL-MF880-01, HP Global Trade

advertisement
EL-MF880-01
11-May-2015
HP Global Trade – Classification Compliance Supplier’s Declaration
3rd Party Products – Export Classification Data Collection Form
**** To be completed by the Manufacturer/Supplier of the 3rd Party Product ****
Owner
Global Trade
Responsible Group
Classification Team
Document Identifier
EL-MF880-01
Revision and Date
D. 11-May-2015
Abstract
This questionnaire provides information about third-party products
that HP intends to export. This information assists HP’s Global Trade
Classification team to determine the proper export classification.
Applicability
This questionnaire is applicable to third-party manufacturers or
vendors who provide products to HP that HP intends to export.
Status
Approved
© Copyright 2013- 2014 Hewlett-Packard Development Company, L.P.
This is an uncontrolled copy when in printed form.
1.1
Introduction
The following is a list of questions/requests will help HP collect the needed classification
information for 3rd party products that HP intends to export. Please obtain the following
information from the 3rd party manufacturer or vendor in order to assist our HP Global Trade
Classification team in determining the proper export classification for each product:
Product Questions
Please respond to the following set of questions for each product. These questions will help to
collect the needed classification information. If the product data is available in an electronic file
please provide a copy or allow access.
Primary Product Detail(s) and Contact Name(s)
Date:
Name of Product:
HP Product Number:
Manufacturer/Vendor Product Number:
HP Contact Name & Phone Number:
Manufacturer Contact Name & Phone Number:
Name and Phone Number of person completing this form:
1. Export Commodity Classification Numbers /Control List numbers (ECCN) and HTS
Please confirm with your Export compliance department if the product is subject to U.S.
and/or other national government export regulations (dual use, military etc.) and insert all
control list numbers applicable for the product:
U.S. ECCN: [
]
Page 1
EL-MF880-01
EU (European Union) ECCN: [
National country______ ECCN: [
11-May-2015
]
]
Please provide the Harmonized Tariff Schedule Number (HTS) used by the manufacturer of
the product: [
]
2. Please provide technical specs or a product data sheet or a technical description that
provides a functional overview of the product.
3. What is the overall design function and characteristics of the product?
4. Specify the related system software and/or hardware this product will interoperate or
interface with.
5. If this product is a module or subcomponent of a higher product, identify this product and
provide the main product number if available.
6. If software, is this software available as freeware? ___Yes ___No
7. Does this product use cryptography to provide for password protection, authentication,
access control or digital signature of the user? ___Yes ___No
8. Does this product contain encryption/decryption for any data privacy purposes, such as for
information security over virtual private network or public networks, or for data storage, etc.?
___Yes ___No
9. Does this product contain a cryptographic application program interface (i.e. APIs specially
designed to allow the plug-in or implementation of specific crypto capabilities)? ___Yes
___No
10. If software, what type of media is the software loaded on?
___CD/DCD ___ Tape ___ Floppy Disk
explain:
___ Electronic Download____other please
11. Please provide the Harmonized Tariff Schedule Number (HTS) used by the manufacturer of
the product.
12. Please provide the Adjusted Peak Performance (APP) for computer based products.
13. If this product is a 'graphics accelerator' or 'graphics coprocessor', classified under ECCN
4A994.g, then please provide the 3D vector rate for the product.
14. Please provide the US export commodity classification number (ECCN) used by the
manufacturer for the product.
15. Was this product self-classified or was an official export classification decision obtained from
the US Dept of Commerce?
16. If an official export classification decision was obtained from the US Dept of Commerce,
please provide a copy of the classification decision documents, or provide the case review
(CCATS) number and the results of the review including any ‘Comments from Licensing
Officer’ stated on the CCATS document and associated with this product.
17. Does the product fall under the U.S. Government International Traffic in Arms Regulations
(ITAR), or any other local government regulations which uniquely control the product for
military or encryption reasons? If YES, please provide the regulatory citation:
18. Is this product specially designed or intended primarily for military, defense or government
use? If ‘yes’ please explain.
Page 2
EL-MF880-01
11-May-2015
19. If this product has been classified for export in any country other than the US please identify
the country, provide the classification, explain the justification/basis for the classification and
provide references to any government issued documents supporting the classification.
20. If the product was not developed or manufactured in the US then please identify the country
where the product was developed and/or manufactured, and explain what local country
export requirements, export control and export classification applies to this product.
21. Is this product specially designed and limited for banking use, financial transaction use or for
money transaction use?
22. If response was positive for questions 6, 7 or 8 then please answer the remaining
questions in order to provide further details regarding the use of cryptography in the
product:
23. Please indicate if this product uses cryptography functionality (i.e., incorporates or uses
encryption or decryption code, techniques or a cryptography application programming
interface) for any purpose, including but not limited to access control, user/data
authentication, message/data privacy, data storage security, network communications
security or general purpose use?
If yes please identify all uses of crypto:
24. Please describe in detail the type of data that is encrypted for example general purpose user
data/files, general user communications, limited financial data, data limited to systems
and/or network management (Operations, Administration, Maintenance and Provisioning):
25. Please provide the following technical details regarding the implementation of cryptography
in the product:
a) the type of algorithm(s)
b) where the crypto was sourced from,
c) key lengths,
d) method of key management including key size,
e) identify crypto functions/parameters exposed to applications,
f) purpose or use of the crypto,
g) identify if the product contains any cryptographic application programming interfaces
(i.e., APIs specially designed to allow the plug-in or implementation of specific crypto
capability(ies))
26. If the product contains cryptography please indicate if a one-time cryptography product
review and French import approval was requested from the French ANSSI (formerly
referred to as DCSSI) agency and provide the results of the review.
27. If this product is exempted from the one-time cryptography product review in France
please explain the basis for the exempt status.
28. Does this product provide: secure Wide Area Network (WAN), Metropolitan Area Network
(MAN), Virtual Private Network (VPN)?
If YES, please answer the following 4 questions:
a) Is the aggregate encrypted WAN, MAN, VPN or backhaul throughput (includes
communications through wireless network elements such as gateways, mobile
switches, controllers, etc.) greater than 90 Mbps?
b) Does the wire (line), cable or fiber optic WAN, MAN or VPN single channel input
data rate exceed 154 Mbps?
Page 3
EL-MF880-01
11-May-2015
c) Does the media (voice/video/data) encryption or centralized key management
support more than 250 concurrent encrypted data channels, or support encrypted
signaling to more than
1,000 endpoints, for digital packet telephony/media (voice/video/data) over
internet protocol communications?
d) Does the air interface coverage (e.g., through base stations, access points to mesh
networks, bridges, etc.) exceed 1,000 meters, where any of the following applies?
i. Maximum data rates exceed 10 Mbps (at operating ranges beyond 1,000
meters); or
ii. Maximum number of concurrent full duplex voice channels exceed 30; or
iii. Substantial support is required for installation or use
29. Is this product generally available to the public by being sold or freely distributed, without
restriction, from stock at retail selling points such as through over-the-counter, mail order,
electronic (e.g. over the Internet) or telephone transactions?
If yes, please respond to the following 6 questions:
a) Please explain/provide examples of how the product is generally available to the
public.
b) Can the user easily change the product or cryptography functionality beyond the
features of the product? If yes please explain.
c) Is the product designed for installation by the user without further substantial
support by the supplier?
d) If requested by a government authority, can details of the product be accessible
and provided, to the appropriate government authority in order to ascertain
compliance with questions a,b and c above?
e) Is this product of potential interest to a wide range of individuals and/or
businesses? If NO please explain.
f)
Is the price and information about the main functionality of the product available
before purchase without the need to consult the vendor or supplier?
30. Import to Russia: Please indicate if a technical product import review has been done by
the FSB or by a Russian technical laboratory and if a Russian import license has been
obtained from the Ministry of Industry and Technology (MIT) or if an import notification
request has been filed with the FSB, and provide the results of any reviews, import license
or notification requests?
31. Import to China: If the product contains cryptography please indicate if any China import
license request has been filed with the Chinese government and provide the results of any
China government reviews or import license request?
32. Is this is an open source code product which contains cryptography and no formal export
classification decision was obtained from the US govt (see questions 14 and 15 above)? If
YES, then please:
Identify the URL where the source code can be obtained without cost, and
Confirm if written notification of the internet posting has been sent to the US Department of
Commerce, Bureau of Industry and Security in accordance with US exports regulations.
Page 4
EL-MF880-01
1.2
11-May-2015
Additional Evaluation Questions to Determine if Product is Subject to US
Govt Cryptography Review
1. Does the product provide penetration capabilities that are capable of attacking, denying,
disrupting or otherwise impairing the use of cyber infrastructure or networks?
2. Does the product provide or perform vulnerability analysis, network forensics, or
computer forensics functions characterized by any of the following?:
a) Automated network analysis, visualization, or packet inspection for profiling
network flow, network user or client behavior, or network structure/topology and
adapting in real-time to the operating environment; or
b) Investigation of data leakage, network breaches, and other malicious intrusion
activities through triage of captured digital forensic data for law enforcement
purposes or in a similarly rigorous evidentiary manner.
3. Does the product provide or perform "non-standard cryptography" as defined below?
a) Definition of Non-standard cryptography:
b) Non-standard cryptography. Means any
c) Implementation of "cryptography" involving the
d) Incorporation or use of proprietary or unpublished
e) Cryptographic functionality, including encryption
f)
Algorithms or protocols that have not been
g) Adopted or approved by a duly recognized
h) International standards body (e.g., IEEE, IETF,
i)
ISO, ITU, ETSI, 3GPP, TIA, and GSMA) and
j)
have not otherwise been published.
k) Reserved.
4. Does the product include encryption source code? If yes please identify the source code
and confirm if the source code is open source or proprietary?
5. Does the product have any of the following:
a) Been designed, modified, adapted or customized for "government end-user(s)";
b) Cryptographic functionality that has been modified or customized to customer
specification; or
c) Cryptographic functionality or "encryption component" that is user-accessible and
can be easily changed by the user;
d) Encryption commodities and software that provide functions necessary for
quantum cryptography;
e) Encryption commodities and software that have been modified or customized for
computers classified under ECCN 4A003 (high performance computers);
f)
Public safety / first responder radio (e.g. Implementing Terrestrial Trunked Radio
(TETRA) and/or Association of Public-Safety Communications Officials
International (APCO) Project 25 (P25) standards);
Page 5
EL-MF880-01
11-May-2015
g) Cryptanalytic functionality
h) "Open cryptographic interface"
i)
Can the product be characterized as chips, chipsets, electronic assemblies or a
field programmable logic device?
j)
Can the product be described as cryptographic libraries, modules, development
kits or toolkits, including for operating systems and cryptographic service
providers (CSPs)?
k) Can the product be described as an application-specific hardware or software
development kit implementing cryptography?
End of Questionnaire
Please send the completed form with requested information to exportclass@hp.com
Revision History:
Revision,
Brief Description of change
Date,
Change Number
A. 10-Jan-2007
Initial release of reformatted questionnaire dated 31-May-2006.
B. 11-Mar-2013,
DCN -03163
Revised document
C. 25-Jun-2014
Revised document, contact email changed to exportclass@hp.com
D. 11-May-2015
Revised document that includes some formatting changes.
Page 6
Download