Latest News

2019 EB Security Notice

When sending technical data to EB, suppliers should use the SPARS application or GD E-Supply. Email is only acceptable when the technical data is encrypted using a FIPS140.2 Certified product. This requirement for encrypted data transfers is found in NIST SP 800-171 as invoked by DFARS 252.204-7012. As an additional clarification, the decryption password must be sent separately.

Technical data sent unencrypted over the internet is a violation of Electric Boat policies, and one or more of the following data protection standards;

  • International Traffic in Arms Regulations (ITAR), 22 CFR 120.10
  • DoDM 5200.01 V4; DoD Information Security Program: Controlled Unclassified Information
  • OPNAVINSTR N9210.3; Safeguarding of Naval Nuclear Propulsion Information

Technical data covered under these requirements includes all Controlled Unclassified Information (CUI) marked For Official Use Only (FOUO), Export Controlled, NOFORN (for U-NNPI data) or UCNI (for Unclassified Controlled Nuclear Information). Classified information must never be emailed to an email address.

As a reminder, please make sure all documentation is accurately and appropriately marked with a data sensitivity level, DoD distribution statements, export control warning or any proprietary data markings before providing to Electric Boat by any means.

March 2019 - Supplier Security Bulletins

Supplier Security Bulletins (SSB) will be a new series of publication on emergent security items the supply base should be aware of. SSB’s will be mailed direct to affected suppliers and public releasable versions will also be posted here for reference.

March 2019 - JCP Certification Process Change

JCP has rolled out a new required training module. Completion of training by the company representative signing the certification form 2345 and return of the signed training acknowledgment is a new JCO requirement. If your business does not have other specific ITAR training for your employees handling Tech data the JCO presentation is a good starting point to build your training element on.

If your company also uses other Defense Logistics Agency data and you get Tech data directly from DLA you will also be required to complete and additional form on your network compliance to DFARS. Note: this element is only required if you use other DLA services and down load data directly from the DLA.

JCP Certification process change

EB has been advised by the Joint Certification Office that in order to heighten data security awareness, the JCO has instituted a new training requirement. Any JCP certification change request or resubmittal for renewal will require this new training to be completed, acknowledged, and returned promptly to the JCO or your Company's certification may be canceled.