ISC2 CISSP Practice Question

The correct answer is the Export Administration Regulations (EAR). EAR, administered by the U.S. Department of Commerce, governs the export of dual-use items from the United States, including commercial and open-source encryption software. When a company plans to deploy strong encryption software developed in the U.S. to international locations, it must comply with EAR requirements, which may involve classification and reporting.

International Traffic in Arms Regulations (ITAR) is another U.S. export regulation, but it applies specifically to defense articles and services on the U.S. Munitions List, which is not the case in this commercial scenario.

The Digital Millennium Copyright Act (DMCA) addresses copyright infringement, not export controls. The General Data Protection Regulation (GDPR) is an EU privacy law governing the data of EU residents and does not regulate the export of software from the U.S. Basel III is an international framework for banking regulation and is not relevant to this scenario.