Many ASA members have established automated systems to check their business partners against US sanctions and restricted parties lists. This is to ensure their continued compliance with US export laws.
For those who have established such automatic protocols, you may need to know that the Treasury Department will be implementing new computer security protocols that could impact the way that your own software interfaces with Treasury Department restriction lists.
A 2015 White House Office of Management and Budget (OMB) mandate required internet security and recommended reliance on HTTPS protocols. In accordance with this mandate, the Treasury Department will be implementing HTTP Strict Transport Security (HSTS) headers on the Treasury.gov website on Thursday, January 12th during an evening maintenance window.
There is no anticipated downtime associated with this change; however, the change affects multiple domains and sub-domains, and will force users to the HTTPS site, as opposed to allowing browsers to redirect from HTTP to HTTPS. This has the potential to impact scripts that users may have developed to poll Treasury.gov for data, like OFAC compliance lists (e.g. specially designated nationals). The integrity of these scripts should be verified (or updated) to ensure that they continue to work properly after the change.
In addition to this change, the Treasury Department will also be updating the HTTPS certificate it uses for the Treasury.gov domain during the aforementioned maintenance window. Treasury warns that users may have to reinstall the root certificate for the site if they experience connection problems. Treasury has stated that the root certificate (the G3 certificate) can found at the following URL:
https://www.geotrust.com/resources/root-certificates/index.html
Please contact OFAC technical support at 1-800-540-6322 Option #8 or O_F_A_C@treasury.gov with any questions that you may have about this change.