Department of Commerce export control regulations permit HPCMP Kerberos client software kits and hardware authentication tokens, YubiKeys, to be used outside of the United States. Hardware tokens must be provided to users while they are in the United States, and Kerberos kits must be downloaded by users while they are in the United States. Below are four use cases that impact the use of HPCMP Kerberos kits and hardware tokens:
- S. citizens in the United States.
- Non-U.S. citizens in the United States.
- S. citizens abroad.
- Non-U.S. citizens abroad.
For the first two use cases (use in the United States), there are no restrictions on the use of Kerberos kits or hardware tokens to access HPCMP systems. For the second two use cases (use outside the United States), both Kerberos kits and hardware tokens can be exported (taken abroad) and re-exported (returned to the United States) under a Department of Commerce license exception (License Exception for baggage described in Part 740.14(f)(1) and 740.14(f)(2) of the Export Administration Regulations (EAR)). This exception can be used by all users to export and re-export hardware tokens and Kerberos kits, except for citizens of embargoed countries (Cuba, Iran, North Korea, Sudan, and Syria), and except for exports or re-exports to and from those countries by anyone.
Policy for accessing HPCMP resources while traveling outside the United States
Users may access HPCMP resources while traveling outside the United States only with prior HPCMP approval. The process for acquiring this approval is done through the Portal to the Information Environment (pIE). Under the “User Information Environment” in pIE, the user should select “Submit an International Access Authorization Request” and follow the instructions. pIE will pre-populate the user information and resource information (systems where the user already has an active account). The user must complete the dates of travel, destination, and phone number of the location where computer access will occur. The request must be approved by the user’s S/AAA and the HPCMP security officer at least five (5) business days prior to the date when access from outside US and Canada will commence. Users who attempt to access the HPCMP resources from outside the United States without prior approval will be deactivated immediately and may be denied access to the HPCMP resources when they return to the United States.
Non-US citizens living outside the United States may access HPCMP resources with the approval of their government sponsor, for a limited time (less than one year). These requests must follow the same procedures as outlined in the paragraph above.
* Citizens of embargoed countries may not run on HPCMP resources.
Visit Request Procedures for Accessing HPCMP Resources
DISS Account: W03GAA
Visit Dates: [Current Date] - [not to exceed 1 year]
Reason For Visit: Other
POC: Security Specialist
POC Phone: 601-634-4291
FAX: The Visit Request must be faxed from user's FSO or SM to the Primary SM at the ERDC Security Office:
FAX: 601-619-5173 (Call 601-634-3177 before faxing)
Processing International Visit Requests
Visit Requests should no longer be sent "Embassy to Embassy." The foreign national's agency should now send the visit request via email or fax directly to Judy Yost (ERDC Security) with basically the same information that would have been sent to the embassy. The user's government POC will be contacted by Judy Yost prior to granting the access to confirm that the access request is legitimate. An official government to government agreement must be in place prior to Judy processing the visit request. Regardless of the clearance/investigation level that is submitted by the foreign national's agency, the foreign national's information in pIE will be annotated in pIE as merely having a NACI and this user will only be allowed access to unclassified HPC resources.
HPC Training - https://centers.hpc.mil/users/HPCTraining.html