This sounds pretty broad to me. Despite purportedly being targeted at "intrusion" software, the copy below seems to include supporting tooling and resources.

  ...systems, equipment or components specially designed for the generation,
 operation or delivery of, or communication with, intrusion software; software
 specially designed or modified for the development or production of such systems,
 equipment or components; software specially designed for the generation,
 operation or delivery of, or communication with, intrusion software; technology
 required for the development of intrusion software; Internet Protocol (IP) 
  network communications surveillance systems or equipment and test, inspection,
 production equipment, specially designed components therefor, and development
 and production software and technology therefor. BIS proposes a license
 requirement for the export, reexport, or transfer (in- country) of these
 cybersecurity items to all destinations, except Canada.