Similar to the dormant encryption decontrol note, Note 4 was moved to 5A002.a and stated in a positive manner. Instead of saying what is not controlled in Category 5 Part 2, 5A002.a now specifies that, to be controlled, the item must have “information security” as a primary function, it must be a digital communications or networking system, or it must be a computer or have information storage or processing as a primary function. This change does not impact the scope of Note 4.