Department of Commerce export control regulations permit HPCMP Kerberos client software kits and hardware authentication tokens, Yubikeys, to be used outside of the United States. Hardware tokens must be provided to users while they are in the United States, and Kerberos kits must be downloaded by users while they are in the United States. Below are four use cases that impact the use of HPCMP Kerberos kits and hardware tokens:
- U.S. citizens in the United States.
- Non-U.S. citizens in the United States.
- U.S. citizens abroad.
- Non-U.S. citizens abroad.
For the first two use cases (use in the United States), there are no restrictions on the use of Kerberos kits or hardware tokens to access HPCMP systems. For the second two use cases (use outside the United States), both Kerberos kits and hardware tokens can be exported (taken abroad) and re-exported (returned to the United States) under a Department of Commerce license exception (License Exception for baggage described in Part 740.14(f)(1) and 740.14(f)(2) of the Export Administration Regulations (EAR)). This exception can be used by all users to export and re-export hardware tokens and Kerberos kits, except for citizens of embargoed countries (Cuba, Iran, North Korea, Sudan, and Syria), and except for exports or re-exports to and from those countries by anyone.
Policy for accessing HPCMP resources while traveling outside the United States
Users may access HPCMP resources while traveling outside the United States only with prior HPCMP approval. The process for acquiring this approval is done through the Portal to the Information Environment (pIE). Under the “User Information Environment” in pIE, the user should select “Submit an International Access Authorization Request” and follow the instructions. pIE will pre-populate the user information and resource information (systems where the user already has an active account). The user must complete the dates of travel, destination, and phone number of the location where computer access will occur. The request must be approved by the user’s S/AAA and the HPCMP security officer at least five (5) business days prior to the date when access from outside US and Canada will commence. Users who attempt to access the HPCMP resources from outside the United States without prior approval will be deactivated immediately and may be denied access to the HPCMP resources when they return to the United States.
Non-US citizens living outside the United States may access HPCMP resources with the approval of their government sponsor, for a limited time (less than one year). These requests must follow the same procedures as outlined in the paragraph above.
* Citizens of embargoed countries may not run on HPCMP resources.