International Traffic in Arms Regulations (ITAR)

The International Traffic in Arms Regulations (ITAR) is United States regulation that controls the manufacture, sale, and distribution of defense and space-related products and services as defined in the United States Munitions List (USML). Besides rocket launchers, torpedoes, and other military hardware, the list also restricts the sale or export of plans, diagrams, photos, and other documentation used to build ITAR-controlled military gear. This is referred to by ITAR as “technical data”.

ITAR requires that ALL access to physical materials or technical data related to defense and military technologies is restricted to US persons. Notice we did not say US Citizens?  There are noted exceptions where for national interest reasons, a company may be able to share technical data with a foreign national employed by the US government.  Likewise, companies are prohibited from sharing ITAR data with US Citizens employed by foreign governments and businesses. 

Companies working with ITAR data must ensure that only US persons have access to that data on a network. Limiting access to the physical materials is straightforward; limiting access to digital data is more complicated.

ITAR exists to track sensitive military and defense materials and to keep that material out of the hands of U.S. enemies. Noncompliance can result in heavy fines (civil and criminal), the loss of government contracts, as well as significant brand and reputation damage.

What does this mean for an SMB?

Essentially, any company that handles, manufactures, designs, sells, or distributes items on the USML must be ITAR compliant. The State Department’s Directorate of Defense Trade Controls (DDTC) manages the list of companies who can deal in USML goods and services, and it is up to each company to establish policies to comply with ITAR regulations.
  • Wholesalers
  • Distributors
  • Computer Software/Hardware vendors
  • Third-party suppliers
  • Contractors

Every company in the supply chain needs to be ITAR compliant. If company A sells a part to company B and then company B sells the same part to a foreign power, company A is also in violation of ITAR.

To learn more about ITAR, watch this 10-minute video going into more depth:

Find out how CyberHoot can secure your business.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.