BIS Annual Self-Classification Report Generator

To Whom It May Concern:

This website is NOT affiliated with or in any way associated with the Bureau of Industry and Security or National Security Agency.

This website only helps to generate correct formatted CSV files as required per Supp. 8 to Part 742.

Where to report

Reports should be emailed to BIS and the ENC Encryption Request Cordinator at crypt-supp8@bis.doc.gov and enc@nsa.gov.

When to report

An annual self-classification report for applicable encryption commodities, software and components exported or reexported during a calendar year (January 1 through December 31) must be received by BIS and the ENC Encryption Request Cordinator no later than February 1 of the following year.

Example

The table in this sample annual self-classification report provides an example of the various fields required within the Annual Self-Classification Report as required per Supp. 8 to Part 742, section (b) and demonstrates how various instructions & tips published in Supplement 8 to part 742 works out in practice.

App Store Connect Example

If your app uses exempt forms of encryption, you might alternatively be required to submit a year-end self-classification report to the U.S. government. To learn more, see How to file an Annual Self Classification Report and the exempt App Store sample.

Enable JavaScript

JavaScript is reuqired to generated BIS Annual Self-Classification Report.

Submitter

Relate to the company as a whole, and thus should be entered the same for each product.

Submitter Name Name of company or individual submitting the report

Telephone Number

E-Mail Address

Mailing Address

Non-U.S. Components With respect to your company's encryption products, do they incorporate encryption components produced or furnished by non-U.S. sources or vendors?

Non-U.S. Manufacturing locations With respect to your company's encryption products, are any of them manufactured in non-U.S. locations?” If yes, list the non-U.S. manufacturing locations by city and country. If necessary, enter 'NONE' or 'N/A'

Product

Product Name

Model Number

Manufacturer

Export Control Classification Number ECCN

Authorization Type

Item Type

Annual Self Classification Report.csv

PRODUCT NAME	MODEL NUMBER	MANUFACTURER	ECCN	AUTHORIZATION TYPE	ITEM TYPE	SUBMITTER NAME	TELEPHONE NUMBER	E-MAIL ADDRESS	MAILING ADDRESS	NON-U.S. COMPONENTS	NON-U.S. MANUFACTURING LOCATIONS

Share and enjoy!

Share link to Self-Classification Report Generator on WhatsApp, Facebook, Twitter, Pinterest, LinkedIn, Bufferapp, Tumblr, Reddit, Wordpress, or Pocket.

Reminder

A yearly calendar appointment with an alert 14 days before February 1.

Privacy Policy

We never transfer or share your reports. Everything is done on your trusted device.

Usage data — when you visit our site, we will store: the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics for statistical purposes, to improve our site and to recognize and stop any misuse.

Tracking cookies are disabled.

A	“END ITEMS,” “EQUIPMENT,” “ACCESSORIES,” “ATTACHMENTS,” “PARTS,” “COMPONENTS,” AND “SYSTEMS”
I. CRYPTOGRAPHIC “INFORMATION SECURITY”
5A002	NS AT EI	“Information security” systems, equipment and “components” .a – Designed or modified to use 'cryptography for data confidentiality' having 'in excess of 56 bits of symmetric cryptographic strength key length, or equivalent', where that cryptographic capability is usable without "cryptographic activation" or has been activated, as follows: a.1 Items having "information security" as a primary function; a.2 Digital communication or networking systems, equipment or components, not specified in paragraph 5A002.a.1.; a.3 Computers, other items having information storage or processing as a primary function, and components therefor, not specified in paragraphs 5A002.a.1. or 5A002.a.2.; N.B. For operating systems, see also 5D002.a.1. and 5D002.c.1. a.4 - Items, not specified in paragraphs 5A002.a.1. to a.3., where the 'cryptography for data confidentiality' having 'in excess of 56 bits of symmetric cryptographic strength key length, or equivalent' meets all of the following: a. It supports a non-primary function of the item; and b. It is performed by incorporated equipment or "software" that would, as a standalone item, be specified by ECCNs 5A002, 5A003, 5A004, 5B002 or 5D002.. .b – designed/modified to enable, by means of “cryptographic activation,” an item to achieve/exceed the controlled performance levels for functionality specified by 5A002.a that would not otherwise be met. .c – designed/modified to use or perform “quantum cryptography” (Quantum Key Distribution - QKD) .d – designed/modified to use cryptographic techniques to generate channelizing codes, scrambling codes or network identification codes, for systems using ultra-wideband modulation techniques and having a bandwidth >500 MHz; or “fractional bandwidth” of 20% or more .e – designed/modified to use cryptographic techniques to generate the spreading code for “spread spectrum” systems, not controlled in 5A002.d, including the hopping code for “frequency hopping” systems.
5A992	AT	Equipment not controlled by 5A002 .c – Commodities classified Mass Market – 740.17(b)
II. NON-CRYPTOGRAPHIC “INFORMATION SECURITY”
5A003	NS AT	“Systems’ “equipment” and “components,” for non-cryptographic “information security” .a – Communications cable systems designed/modified using mechanical, electrical or electronic means to detect surreptitious intrusion (See Note re: physical layer security) .b – “Specially designed” or modified to reduce the compromising emanations of information-bearing signals beyond what is necessary for health, safety or electromagnetic interference standards.
III. DEFEATING, WEAKENING OR BYPASSING “INFORMATION SECURITY”
5A004	NS AT EI	“Systems,” “equipment” and “components” for defeating, weakening or bypassing “information security” .a – Designed /modified to perform ‘cryptanalytic functions’ including by means of reverse engineering
B	TEST, INSPECTION AND “PRODUCTION EQUIPMENT”
5B002	NS AT	“Information Security” test, inspection and “production” equipment .a – Equipment “specially designed” for the “development” or “production” of equipment controlled by 5A002, 5A003, 5A004 or 5B002.b; .b – Measuring equipment “specially designed” to evaluate and validate the “information security” functions of equipment or “software” controlled by 5A002, 5A003 or 5A004, or 5D002.a or 5D002.c respectively
C	“MATERIAL” – [RESERVED]
D	“SOFTWARE”
5D002	NS AT EI	“Software” .a – “Software” “specially designed” or modified for the “development,” “production” or “use” of a.1 - equipment specified by 5A002 or “software” specified by 5D002 c.1; a.2 – equipment specified by 5A003 or “software” specified by 5D002 c.2; a.3 equipment specified by 5A004 or “software” specified by 5D002 c.3. .b – “Software” designed or modified to enable, by means of “cryptographic activation”, an item to meet the criteria for functionality specified by 5A002.a, that would not otherwise be met; .c – “Software” having the characteristics, or performing or simulating the functions of c.1 - the equipment controlled by 5A002.a, .c. .d or .e; , c.2 – the equipment controlled by 5A003; c.3 - equipment specified by 5A004. Note: does not apply to “software” limited to tasks of “OAM” implementing only published or commercial cryptographic standards
5D992	AT	“Information Security” “software” not controlled by 5D002 .c – Commodities classified Mass Market – 740.17(b)
E	“TECHNOLOGY”
5E002	NS AT EI	“Technology” .a – “Technology” according to the General Technology Note for the “development,” “production” or “use” of equipment or “software” controlled by 5A002, 5A003, 5A004 or 5B002, or 5D002.a or 5D002.c respectively .b – “Technology” to enable, by means of “cryptographic activation,” an item to achieve/exceed the controlled performance levels for functionality specified by 5A002.a that would not otherwise be met.
5E992	AT	“Information Security” “technology” according to the General Technology Note, not controlled by 5E002 .b – “Technology” for the “use’ of Mass Market commodities or “software” controlled by 5A992.c or 5D992.c respectively