5D002 (ECCN — Information Security Software) 5D002
ECCN 5D002 covers software that implements, uses, or enables cryptographic functionality controlled under Category 5, Part 2 of the Commerce Control List (CCL). This includes software employing symmetric algorithms exceeding 56 bits (e.g., AES-256), asymmetric algorithms exceeding 512 bits (e.g., RSA-2048, ECC P-256), or cryptographic protocols providing confidentiality (encryption), authentication, or key exchange beyond mass-market thresholds. Items classified 5D002 may require an export license depending on the destination country, end user, and end use. License exceptions (such as ENC for encryption items) may apply after filing a classification report with the Bureau of Industry and Security (BIS). 5D002 classification reflects the presence of controlled encryption, not the overall sensitivity of the system.
How XO Defense Addresses This
Three XO Defense protocols carry 5D002 classification: Sealed Comms (fail-closed encrypted communication), SatPay CP (encrypted transaction processing with credential isolation), and Camouflage Protocol (adversarial traffic analysis resistance). These protocols implement cryptographic functionality exceeding EAR99 thresholds and are restricted to qualified U.S. Persons with verified clearance status. XO Defense's access request workflow includes U.S. Person verification as defined under ITAR (22 CFR 120.15) and EAR (15 CFR 772.1) before granting access to 5D002-classified protocol libraries and documentation.
Learn how XO Defense's 25-byte protocol stack operates in the most constrained environments.
View Protocol Stack →