Get Started Book a Demo

International Traffic in Arms Regulations (ITAR)

21st April 2021 | Cybrary International Traffic in Arms Regulations (ITAR)


ITAR

The International Traffic in Arms Regulations (ITAR) is United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services as defined in the United States Munitions List (USML). Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the sale or export of plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.

ITAR requires that ALL access to physical materials or technical data related to defense and military technologies is restricted to US persons. Notice we did not say US Citizens?  There are noted exceptions where for national interest reasons, a company may be able to share technical data with a foreign national employed by the US government.  Likewise, companies are prohibited from sharing ITAR data with US Citizens employed by foreign governments and businesses. 

Companies working with ITAR data must ensure that only US persons have access to that data on a network. Limiting access to the physical materials is straightforward; limiting access to digital data is more complicated.

ITAR exists to track sensitive military and defense materials and to keep that material out of the hands of U.S. enemies. Noncompliance can result in heavy fines (civil and criminal), the loss of government contracts, as well as significant brand and reputation damage.

What does this mean for an SMB?

Essentially, any company that handles, manufactures, designs, sells, or distributes items on the USML must be ITAR compliant. The State Department’s Directorate of Defense Trade Controls (DDTC) manages the list of companies who can deal in USML goods and services, and it is up to each company to establish policies to comply with ITAR regulations.

  • Wholesalers
  • Distributors
  • Computer Software/Hardware vendors
  • Third-party suppliers
  • Contractors

Every company in the supply chain needs to be ITAR compliant. If company A sells a part to company B and then company B sells the same part to a foreign power, company A is also in violation of ITAR.

To learn more about ITAR, watch this 10-minute video going into more depth:

https://www.youtube.com/watch?v=LLWdg5QjFvY&t=11s

Sources: 

Varonis

Additional Reading:

Regulations Like The CCPA Don’t Stop At California

Canada Rules Clearview AI Illegal

Related Terms:

Personal Information Protection and Electronic Documents Act (PIPEDA)

General Data Protection Regulation (GDPR)

California Consumer Protection Act (CCPA)

Find out how CyberHoot can secure your business.


Schedule a demo

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

CyberHoot Newsletter – June 2025
17th June 2025 | Blog, Newsletters

CyberHoot Newsletter – June 2025

CyberHoot June Newsletter: Stay Informed, Stay Secure Welcome to the June edition of CyberHoot’s newsletter,...

Read more
Make Phishing Training Count with HootPhish
10th June 2025 | Blog

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats
15th May 2025 | Advisory, Blog

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
Get Started All Posts