ECCN 4A005
NSRSATSystems, equipment, and components therefor, specially designed or modified for the generation, command and control, or delivery of intrusion software .
What This ECCN Covers
ECCN 4A005 controls systems, equipment, and components specially designed or modified for the generation, command and control, or delivery of "intrusion software." It is the hardware/system side of the Wassenaar-derived cybersecurity controls and is controlled for National Security, Regional Stability, and Anti-Terrorism reasons.
Who needs to check this?
Vendors of offensive-security and intrusion tooling platforms, and security firms that develop or distribute such systems.
Compliance tip
Note the EAR's carefully scoped definition of "intrusion software" and its exclusions — defensive tools, debuggers, and many security products fall outside. The related controls have nuanced carve-outs for vulnerability disclosure and incident response; verify the current entry and Country Chart, and treat classification as a legal question.
Items Covered
- 1. Commodities that are specified in 4A005 that also meet or exceed the performance parameters in 4A090.a.
- z.2 Commodities that are specified in 4A005 that also meet or exceed the performance parameters in 4A090.b.
1 item reserved by BIS (not shown)
Control Reasons
Items controlled for national security reasons under multilateral export control regimes.
Items controlled for regional stability reasons.
Items controlled for anti-terrorism reasons. Most items on the CCL have AT controls.
Disclaimer
This information is for reference only. For official classifications, consult BIS or a qualified export control professional.