What is ITAR Compliance?

The Department of State is responsible for ITAR.

ITAR Defined

International Traffic in Arms Regulations (ITAR) control the export and import of defense-related articles and services on the United States Munitions List (USML). According to the U.S. Government, all manufacturers, exporters, and brokers of defense articles, defense services, or related technical data must be ITAR compliant. Therefore, more companies are requiring their supply chain members to be ITAR compliant as well. In General:

For a company involved in the manufacture, sale or distribution of goods or services covered under the USML, or a component supplier to goods covered under the United States Munitions List (USML), the stipulation or requirement of being “ITAR certified (compliant)” means that the company must be registered with the State Department’s Directorate of Defense Trade Controls (DDTC) if required as spelled out on DDTC’s web site and the company must understand and abide by the ITAR as it applies to their USML linked goods or services. The company themselves are certifying that they operate in accordance with the ITAR when they accept being a supplier for the USML prime exporter.

In other words, companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.

What Does the ITAR Mean For My Company?

Overall, it is important to understand that registering with the DDTC to sell your products or services in the ITAR industry is not enough; you must be sure not to violate ITAR compliance regulations. The expectation is that you are educated and trained in ITAR regulations. Keep in mind that ITAR violations may result in criminal or civil penalties, being barred from future exports, and/or imprisonment, including:

  •  Civil fines as high as $500,000 per violation
  •  Criminal fines of up to $1,000,000 and 10 years imprisonment per violation

ITAR Compliance and Manufacturing Companies

As an important U.S. export control law, the ITAR affects the manufacture, sale, and distribution of technology. The goal of the legislation is to control access to specific types of technology and their associated data. Overall, the government is attempting to prevent the disclosure or transfer of sensitive information to a foreign national. As a result, ITAR can be challenging for global corporations, since data related to specific technologies may need to be transferred over the internet or stored locally outside of the United States in order to make business processes flow smoothly. The obligation lies with the manufacturer or exporter to take the necessary measures and steps to certify that they are, in fact, meeting ITAR compliance requirements.

Specifically, ITAR [22 CFR 120-130]:

  •  Covers military items or defense articles
  •  Regulates goods and technology designed to kill or defend against death in a military setting
  •  Includes space-related technology because of application to missile technology
  •  Includes technical data related to defense articles and services
  •  Involves strict regulatory licensing and does not address commercial or research objectives

ITAR Data Security Recommendations

Now that you know the significance of ITAR Compliance and the penalties of failing to comply, it is important to understand how to secure your ITAR-controlled data. While data security will have different requirements for every company, here are some best practices to follow in securing ITAR data:

  •  Maintain a formal information security policy
  •  Build and maintain a secure network by installing and maintaining firewall configuration to protect data and avoiding the use of vendor-supplied passwords and other security defaults
  •  If your company is owned, or has investors from outside of the United States, you must ensure that their access is strictly limited
  • Assign a unique ID to each person with computer access
  •  Regularly test security systems and processes
  •  Protect sensitive data with encryption
  •  Regularly monitor and test networks
  •  Implement strong access control measures
  •  Track and monitor all access to network resources and sensitive data
  •  Maintain a vulnerability management program
  •  Implement measures to prevent the loss of ITAR-controlled data

This list is not exhaustive, but is meant to provide a starting point for securing sensitive data and meeting ITAR compliance. By following and adopting these measures to your company’s needs, you can ensure that ITAR data is still accessible where it needs to be while staying protected against loss or unauthorized access.

Diverse Tech Services has significant experience in assisting companies with ITAR compliance. We work with manufacturers to ensure their company meets the stringent documentation and security requirements.

Call 317-524-5700 or e-mail Sales@DiverseTechServices.com to learn more.


Going VPN with Your iPad

If you’re like many modern workers, you enjoy or find it necessary to do work from home or other locations besides the office. Often, this means carrying around a laptop and depending on where you work and the type of work you do, this could mean carrying around a heavy laptop. It’s no secret that many workplaces are turning to tablets to get work done by allowing workers to be more productive in remote locations. But how does your iPad actually connect to the internal network? If you’re an Apple user, you can use the VPN with your iPad.

Read more

Using Twitter Without Being Logged In

Twitter is one of the best ways to stay up-to-date with friends, news, and industry trends in real time. Sometimes, you need information quickly, though, and that means being able to access tweets and profiles without actually being logged in to Twitter. You can’t deny the power of Twitter as a social media and new platform, but that doesn’t mean you want to be logged in all the time or join the community. Thankfully, there are several ways you can be using Twitter without being logged in.

Read more

How to Recover Your Lost Computer Files – Inexpensively and Easily

happywomanatlaptopWe maintain our computers similarly to how we maintain our own health – rarely do we take the time to learn about preventing health complications, and instead work to repair our health once we’ve become ill! We take care of our computers the same way, in that we rarely think about the safety or well-being of our data until something happens that leads to data loss or corruption. And when that does happen, how do you recover your lost computer files? Read more

Password Strength is Key in Business and Personal Information Security

mouse-creditcardIn today’s technologically driven business marketplace one of most often overlooked points of vulnerability to your business and personal information security is the strength or weakness of the passwords that you define for usage when logging into: your computer network, email provider, online banking, and accounting or payroll applications. To underestimate the importance of strong passwords is to leave the door wide open to identity theft and corporate piracy. Your passwords must be a robust combination of all the characters that are available, must be unique for different applications and must not be a word commonly found in any dictionaries, in any language. Read more