# Export Controls and Cryptography Law Backlink: [[Domain 1 - Index]] **Definition:** Regulations restricting export of cryptography and certain technologies across borders. ## Key Facts - Export control regimes vary by country; crypto often controlled. - Consider technical data, software, and deemed exports (to persons). - Sanctions/embargoes affect transactions and partners. - Cloud services may still implicate export through access. - Maintain records, screening, and training for compliance. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Recognize when export restrictions apply - Choose compliant deployment strategies (key management/access) >[!note] **Mnemonic** - “Export Care for Crypto.” ### Example Q: Key server accessible by sanctioned region—issue? A: Potential export/sanctions violation; restrict access. ## Revision Checklist - [ ] Define deemed export - [ ] List two compliance practices - [ ] Consider cloud/data access angles - [ ] Engage legal for cross-border ## Related [[Legal Systems and Laws (Civil, Criminal, Administrative)]] · [[Service Level Agreements and Contracts]] · [[Privacy Principles and Regulations]] · [[Third-Party and Supplier Risk Management]] · [[Control Frameworks (ISO/IEC 27001, NIST, COBIT)]] #cisSP #domain-1 #concept