DAOD 3003-2, Management, Security and Access Requirements Relating to Dual-Use Goods

Table of Contents

  1. Introduction
  2. Definitions
  3. Abbreviations
  4. Overview
  5. Management
  6. Security
  7. Access
  8. Compliance and Consequences
  9. Responsibilities
  10. References

1. Introduction

Date of Issue: 2022-09-28

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: Assistant Deputy Minister (Materiel) (ADM(Mat))

Enquiries: Director General International and Industry Programs (DGIIP) Controlled Technology Access and Transfer (CTAT) Office

2. Definitions

access (accès)

In respect of a controlled good or dual-use good, the ability to examine, possess or transfer the good.

Note In this definition:

controlled good (marchandise contrôlée)

A good referred to in the schedule to the Defence Production Act. (Based on section 35 of the Defence Production Act)

Note Controlled goods include munitions, missile technology, as well as technical data and items that have military significance. (Defence Terminology Bank record number 48276)

controlled technical data (données techniques contrôlées)

In relation to controlled goods and dual-use goods, technical data necessary for their design, development, production, manufacture, assembly, modification, repair, maintenance, testing, operation or use. (Defence Terminology Bank record number 696452)

controlled technology (technologie contrôlée)

In relation to controlled goods and dual-use goods, technical assistance and service associated with their design, development, production, manufacture, assembly, modification, repair, maintenance, testing, operation or use. (Defence Terminology Bank record number 696525)

destruction (destruction)

The act of rendering an item beyond repair, non-restorable or unusable for its intended purpose. (Defence Terminology Bank record number 696453)

dual-use good (marchandise à double usage)

A product or technology that has both civilian and military applications and that is subject to Canadian and/or foreign export regulations. (Defence Terminology Bank record number 696454)

retransfer (retransfert)

The permanent or temporary transfer of a controlled good or dual-use good to a previously unauthorized end-user or destination or for a previously unauthorized end use. (Defence Terminology Bank record number 696456)

technical authority (autorité technique)

The person who has the authority to set technical specifications and standards, manage configurations, provide technical advice and monitor compliance within their area of responsibility. (Defence Terminology Bank record number 43437)

3. Abbreviations

Abbreviation Complete Word or Phrase
CCL (CCL) Commerce Control List 
CG (MC) controlled good
CGCS (SCGC) Canadian Government Cataloguing System
CO (cmdt d’unité) commanding officer
CTAT (ATTC) controlled technology access transfer
DMC (CDM) demilitarization code
DPA (LPD) Defence Production Act
DUG (MDU) dual-use good
ECL (LMTEC) Export Control List
IT (TI) information technology
ITAR (ITAR) International Traffic in Arms Regulations
ITSP (ITSP) Information Technology Services and Projects
L1 (N1) level one advisor
L2 (N2) level two advisor
MA&S (A&SM) materiel acquisition and support
NDSOD (ODSDN) National Defence and Security Orders and Directives
OGD (AM) other government department
U.S. (É.-U.) United States of America

4. Overview

Interpretation

4.1 In this DAOD:

  1. ”business owner” refers to a life cycle materiel manager or a technical authority; and
  2. “procurement practitioner” refers to a procurement authority or a contracting authority.

Context

4.2 Since its inception, the Controlled Goods Program has continued to evolve to reflect changes to statutes and regulations in both Canada and the U.S. A government review of export control regulations in the U.S. resulted in the transfer of many defence articles from the United States Munition List to the “500 and 600” series of the U.S. CCL of the Export Administration Regulations. Concurrently, Canada reviewed the schedule to the DPA, resulting in a reduction to the number of items listed as CGs under part 2 of the DPA. The items that have been removed from the schedule to the DPA are now categorized as DUGs, are still controlled for export under the Export and Import Permits Act and are listed on the ECL.

Note – In this DAOD, “defence article” refers to “defense article” as this term is defined in article 120.6 of the U.S. ITAR.

Purpose

4.3 The purpose of this DAOD is to provide direction on the management, security and access requirements relating to DUGs. It also provides direction on handling DUGs, irrespective of origin, including:

  1. the management and safeguarding of DUGs from unauthorized access;
  2. the outlining of the authorization criteria for access to DUGs;
  3. the disposal of DUGs no longer required by the DND and the CAF;
  4. security policies of the Government of Canada for DUGs, including directives applicable to private sector suppliers under contract with the DND and the CAF; and
  5. DND and CAF security policies and instructions for DUGs.

5. Management

CTAT Advisor

5.1 An L1 or L2 with responsibilities relating to CGs and DUGs must appoint at least one person at the appropriate level as the CTAT advisor for their organization. The CTAT advisor must:

  1. have a thorough knowledge of their organization’s mandate, roles, responsibilities and operations;
  2. have the support of, and access to, senior management;
  3. have a level of expertise that enables the individual to act as a source of information on the requirements of the DAOD 3003 series in their L1 or L2 organization; and
  4. attend CTAT advisor-focused training provided by CTAT Office.

5.2 Additional CTAT advisors may be appointed within an L1 organization at lower levels if required by location, roles or responsibilities.

Planning

5.3 A CO or director with responsibilities relating to DUGs must address the requirements set out in this DAOD in the following documents:

  1. business plans;
  2. security plans;
  3. procurement plans;
  4. project plans;
  5. in-service support plans; and
  6. disposal plans.

Procurement

5.4 The management, safeguarding and access requirements for DUGs must be considered during the entire MA&S process. The potential inclusion of a DUG in a given procurement process must therefore be determined by the business owner or their technical representative as early as possible to ensure that appropriate actions are taken to avoid export control-related delays or issues during the procurement process.

5.5 Foreign authorizations may be required when dealing with DUGs throughout MA&S process. The CTAT Office can advise on foreign authorizations.

5.6 DND employees and CAF members involved in a procurement process must ensure that protective measures are put in place to provide for the return to the DND and the CAF, or full demilitarization, of all DUGs transferred to both the winning bidder and any unsuccessful bidder, including sub-contractors, as applicable. Appropriate measures must be set out in the solicitation and contract documentation, as applicable. See the table in paragraph 6.5 for applicable protective measures.

5.7 The business owner must catalogue DUGs in the CGCS or a similar system that is accessible by the CTAT Office. When notified of DUG requirements by the business owner or their representative, DND employees and CAF members involved in the procurement process must ensure appropriate direction and information relating to the return, disposal or demilitarization of any DUG by a bidder or vendor is included in solicitation and contract documentation, including the statement of requirements or statement of work as required.

DUGs of Foreign Origin

5.8 Before signing any export control-related document for a DUG of foreign origin, DND employees and CAF members must provide the CTAT Office with the document for review and comments.

5.9 After any export control-related document is signed:

  1. the business owner, working in collaboration with the procurement practitioner, must ensure that the signed original or a copy is kept on the equipment file; and
  2. a copy must be sent to the CTAT Office within 30 days.

5.10 Before the re-export of any DUG of foreign origin to a person not listed in the original foreign export authorization, the CTAT Office must be contacted to determine:

  1. the restrictions and conditions associated with the re-export authorization, if necessary; and
  2. any requirement for obtaining specific foreign authorization.

DUG Identification

5.11 A DUG must be identified by a DMC in the CGCS or other pertinent materiel management system.

Disposal

5.12 The disposal of DUGs declared surplus may only occur by:

  1. retransfer to an authorized person, in accordance with Canadian and foreign export control laws, as applicable; or
  2. destruction in accordance with C-02-007-000/AG-001, Controlled Technology Access and Transfer (CTAT) Manual.

5.13 If the disposal of a DUG of foreign origin does not meet the restrictions and conditions of the original foreign export authorization, appropriate foreign authorization must be obtained before the transfer occurs. All re-export requirements must be reviewed by the CTAT Office before being submitted to a foreign government.

5.14 DAOD 3013-0, Disposal of Materiel, provides additional information relating to the disposal of DUGs declared as surplus materiel, and the DAOD 3017 series provides additional information relating to the transfer of DUGs to OGDs.

Destruction

5.15 The disposal of a DUG by destruction is mandatory unless the DUG can be transferred to an authorized person. A DUG must be destroyed in accordance with the instructions of the business owner.

6. Security

Marking and Identification

6.1 The identification and marking of DUGs, as outlined in the CTAT Manual, must be completed upon their acceptance into the DND and CAF inventory.

6.2 All DUG technical data that is held in the DND and CAF inventory must be properly marked and stamped in accordance with the CTAT Manual, based on the applicable highest designation, in accordance with the NDSOD Chapter 6, Security of Information.

6.3 In the event that the identification of a DUG is contested, the CTAT Office serves as the final authority.

6.4 The CTAT Office may be contacted for additional information on the marking and identification of DUGs.

Protective Measures Table for DUGs

6.5 The Government of Canada must protect DUGs and provide or restrict their access. Accordingly, in order to ensure that only authorized persons have access to DUGs and associated controlled technology in the DND and CAF inventory, the protective measures in the following table must be applied, as a minimum, for all DUGs:

With respect to … DND employees, CAF members and embedded contractors working in a DND or CAF facility must …
physical storage,
  • store DUGs in accordance with NDSOD Chapter 6, Security of Information Standards, Standard A, What is Unclassified Information?
transportation or transmission by a third party,
  • transport DUGs in accordance with NDSOD Chapter 6, Security of Information Standards, Standard A, What is Unclassified Information?; and
  • ensure that recipients have the proper authorization to receive DUGs.
electronic transmission or storage,
  • use only the Defence Wide Area Network (DWAN) or a more restrictive IT system;
  • ensure that recipients have the proper authorization to receive DUG technical data; and
  • ensure that controlled technical data being transmitted is marked in accordance with the CTAT Manual, i.e. using e-stamps and disclaimer statements.
destruction of a DUG,
  • contact the applicable business owner and follow their instructions as to destruction.
destruction of DUG data in paper format that is no longer required,
  • use, in order in ensure complete destruction:
    • an approved Type IIIA destruction equipment as set out in the Security Equipment Guide of the Royal Canadian Mounted Police; or
    • a private destruction service using approved Type IIIA destruction equipment, in accordance with the CTAT Manual.
sanitization of DUG IT media that contains or has contained a DUG,
  • comply with Annex B, B.2, Sensitivity “LOW” in the IT Media Sanitization (ITSP.40.006) from Canadian Centre of Cyber Security.

Note - DUGs are unclassified. If a good is designated protected or classified, it is a CG, not a DUG.

7. Access

Access to DUGs

7.1 The DND and the CAF must perform a series of verifications prior to allowing access to a DUG outside of a DND or CAF facility, specifically, a DUG of foreign origin. See the CTAT Manual for additional information.

Access to DUGs within the DND and the CAF

7.2 All DND employees, CAF members, employees of OGDs and agencies working in the DND or the CAF, and embedded contractors working in a DND or CAF facility that have a need to know are qualified to access DUGs.

7.3 Prior to the granting of access to a DUG for persons other than those identified in paragraph 7.2, e.g. visitor or company, a senior officer or manager must ensure that any required foreign retransfer authorization is obtained (see paragraph 5.10).

Access to DUGs by a Person from a Foreign Country

7.4 Any request to provide access to a DUG to a person from a foreign country must be sent to the CTAT Office by the procurement practitioner. This is in addition to the requirements set out in paragraph 5.10.

Note – For DUGs under the ITAR or the Export Administration Regulations, U.S. bidders are exempt from this requirement.

8. Compliance and Consequences

Compliance

8.1 DND employees and CAF members must comply with this DAOD. Should clarification of the policies or instructions set out in this DAOD be required, DND employees and CAF members may seek direction through their channel of communication or chain of command, as appropriate. Managers and military supervisors have the primary responsibility for and means of ensuring the compliance of their DND employees and CAF members, and embedded contractors working in a DND or CAF facility, with this DAOD.

Consequences of Non-Compliance

8.2 DND employees and CAF members are accountable to their respective managers and military supervisors for any failure to comply with the direction set out in this DAOD. Non-compliance with this DAOD may result in administrative action, including the imposition of disciplinary measures, for a DND employee, and administrative or disciplinary action, or both, for a CAF member. Non-compliance may also result in the imposition of liability on the part of Her Majesty in right of Canada, DND employees and CAF members.

Note In respect to the compliance of DND employees, see the Treasury Board Framework for the Management of Compliance for additional information.

9. Responsibilities

Responsibility Table

9.1 The following table identifies the responsibilities associated with this DAOD:

The, a or an … is or are responsible for …
ADM(Mat)
  • issuing MA&S instructions for DUGs.
L1s and ADM(Mat) group L2s
  • issuing the necessary plans, procedures and instructions to ensure compliance in their organizations by DND employees, CAF members, employees of OGDs and agencies working in the DND or the CAF, and embedded contractors working in a DND or CAF facility, with:
    • the U.S. Export Administration Regulations, the CCL and other foreign government export-control statutes and regulations;
    • this DAOD; and
    • other applicable DND and CAF policies, instructions and directives on the management, security and access requirements relating to DUGs.
Director General Defence Security
  • issuing security policies relating to DUGs;
  • ensuring the oversight and compliance of security requirements relating to DUGs; and
  • ensuring the integration of DUG-relating instructions as part of the overall DND and CAF security framework.
Director General Materiel Systems and Supply Chain
  • taking into consideration DUGs when establishing and maintaining the integrated MA&S policy, standards and business processes framework across the DND and the CAF; and
  • seeking subject matter expertise from the CTAT for the review and approval of retransfer requests.
Canadian Forces Provost Marshal
  • issuing military police policies, instructions and directives regarding the investigation of the loss or compromise of DUGs; and
  • issuing policies, instructions and directives, and providing technical advice, regarding the physical security of DUGs.
Director Information Management Security
  • developing, and recommending for approval, IT security control profiles for DND and CAF IT systems for the appropriate safeguarding of DUGs;
  • providing advice on IT security controls and their implementation for DUGs
  • ensuring the safeguarding of controlled technology for DUGs that are accessible on DND and CAF IT systems, based upon IT security threat and vulnerability reports; and
  • performing risk assessments and developing safeguard recommendations within a scope that reflects the sensitivity, criticality and complexity of the IT assets being assessed in light of the allowable access to DUGs.
CTAT Office
  • providing expert advice, support, training and assistance to DND employees, CAF members, employees of OGDs and agencies working in the DND or the CAF, and embedded contractors working in a DND or CAF facility, on the management, security and access requirements relating to DUGs;
  • monitoring the compliance of units and other elements with this DAOD and other applicable policies, instructions and directives relating to DUGs;
  • reporting compliance issues to ADM(Mat);
  • reporting, on behalf of the DND and the CAF, significant cases of loss or compromise of DUGs to the departmental security officer and, as required, to foreign governments;
  • reviewing, approving and submitting all applicable transfer and retransfer documents to foreign governments;
  • liaising with the U.S. Department of State with respect to the authority to execute export licences and submit retransfer approval requests for DUGs; and
  • reviewing, assigning and recording DMCs for DND-catalogued items.
COs and directors
  • ensuring that DND employees, CAF members, employees of OGDs and agencies working in the DND or the CAF, and embedded contractors working in a DND or CAF facility:
    • complete CTAT awareness training; and
    • only have access to DUGs in accordance with this DAOD;
  • ensuring that export control-related documents, e.g. licenses, are not executed before review and approval by the CTAT Office; and
  • ensuring DUGs under their responsibility are handled and safeguarded in accordance with this DAOD.
CTAT advisors
  • acting as the liaison between their unit or other element and the CTAT Office for all questions relating to compliance with this DAOD and all other issues relating to DUGs.
business owners and supply managers
  • validating the DMC assigned to a DUG in accordance with the CTAT Manual;
  • ensuring the DMC has been reviewed by the CTAT Office prior to disposal or transfer of a DUG;
  • identifying to the procurement practitioner any DUG involved in a procurement process;
  • consulting with the CTAT Office to obtain a foreign government transfer or retransfer authorization;
  • ensuring that all controlled technical data in hardcopy and electronic format is marked and treated accordingly;
  • developing, providing and approving destruction instructions;
  • retaining DND Form 2586, Certificate of Destruction/Demilitarization, as specified in the CTAT Manual;
  • ensuring that a supplier provides the export-control classification number of DUGs of U.S. origin;
  • marking associated technical data in accordance with its relevant controlled status; and
  • maintaining a copy of all export control documents on equipment files.
procurement practitioners
  • consulting the CTAT Office if a procurement process involves a DUG;
  • identifying the inclusion of a DUG in a procurement process;
  • ensuring that any applicable foreign authorization is obtained prior to bidders receiving access to any DUG of foreign origin during a procurement process;
  • forwarding all end-user certificates, export licenses and other export control-related documents to the CTAT Office for review and approval prior to their execution; and
  • maintaining the originals of all export control documents on the equipment file until five years after the equipment or any component leaves the DND and CAF inventory.
DND employees and CAF members
  • complying with this DAOD; and
  • completing applicable CTAT awareness training.

10. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

U.S. References

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: