Technology Control Plans: Topics For 
        Discussion
        I.    What is a Technology Control Plan?
        II.    Security (NISPOM) and Export Control Requirements 
               (ITAR/EAR)
              II.a Export Control Requirements (ITAR/EAR)
              II.b NISPOM Requirements 
        III.   The Intersection between Security and Export Control 
               Requirements
        IV.    Other Functional Areas: Communication, Cooperation and 
               Engagement is Key
        V.     Technology Control Plans: Underlying Processes in Place?
        VI.    Elements of a Robust Technology Control  Plan: It’s Not 
               Just a Piece of Paper!
        VII. TCPs: Sample
        VIII. Now What? 
                                                                                                                   2
     I.   What are Technology Control Plans?
   • Purpose:
       • Control the access and dissemination of 
         export controlled information, 
         materials, technology, data, etc. in 
         accordance with federal export 
         regulations. 
       • Ensures that personnel understand their 
         obligations under the NISPOM and 
         export control laws and regulations, 
         e.g., the International Traffic in Arms 
         Regulations. 
        II. Security (NISPOM) and Export Control 
        Requirements (ITAR/EAR)
     •  The National Industrial Security Program Operating Manual 
        (NISPOM) 10-509 specifies: “A Technology Control Plan is required 
        to control access by foreign nationals assigned to, or employed 
        by, cleared contractor facilities unless the CSA [Cognizant Security 
        Agency] determines that procedures already in place at the 
        contractor’s facility are adequate. The TCP shall contain 
        procedures to control access for all export-controlled 
      • information.” (Emphasis Added)
          International Traffic in Arms Regulations (ITAR) 22CFR §126.13 
          (c) also recommends the use of a Technology Control Plan (TCP): 
          “In cases when foreign nationals are employed at or assigned to 
          security-cleared facilities, provision by the applicant of a 
          Technology Control Plan (available from the Defense 
          Investigative Service) will facilitate [export licensing 
          processing].”
     II.a  Export Control Requirements (ITAR/EAR)
   • Defense Contractors (Manufacturers/Exporters/Brokers)  are 
     mandated to register under the International Traffic In Arms 
     Regulations;
   • Establishing a robust Export-Import Compliance Program (to 
     include ITAR and the Export Administration Regulations, for dual-
     use/commercial), elements of which include, but are not limited 
     to:
          • Robust Policies, Procedures, to include integration into 
            such requirements in other affected functions’ processes 
          • Commodity Jurisdiction and Classification;
          • Denied Party Screening;
          • Export-Import Licensing and Management;
          • Customs-Trade Partnership Against Terrorism
          • Anti-Boycott adherence;
          • Training;
          • Self-Assessments/Audits
          • …More processes and procedures tailored to your business and 
            level of risk
     II.b  NISPOM Requirements
   • The contractor shall establish procedures to ensure that foreign 
     visitors are not afforded access to classified information and other 
     export-controlled technical data except as authorized by an 
     export license, approved visit request, or other exemption to the 
     licensing requirements. The contractor shall not inform the foreign 
     visitor of the scope of access authorized or of the limitations 
     imposed by the government. Foreign visitors shall not be given 
     custody of classified material except when they are acting as 
     official couriers of their government and the CSA authorizes the 
     transfer.