🛡️ ITAR

ITAR Registered Manufacturers in Burlington, VT

When your part involves defense articles or controlled technical data, ITAR registration is not a quality credential, it is a legal requirement that governs who may even see your drawing. In Burlington, the aerospace-defense supply chain around GE Aviation has produced shops fluent in controlled-data handling. This guide explains what ITAR registration actually means and how to source it responsibly in Vermont.

ITARAS9100ISO 9001

Defense Work in the Burlington Corridor

The defense thread in Vermont manufacturing runs through aerospace. GE Aviation's engine programs include military propulsion work, and the suppliers feeding those programs in Chittenden County have had to build controlled-data practices into how they operate. That makes Burlington one of the more defense-literate small manufacturing markets in Northern New England, with shops that understand the difference between a commercial drawing and one carrying defense-controlled technical data. For a buyer placing defense work, that literacy matters. ITAR is unforgiving: a single unauthorized disclosure of technical data to a foreign person, even an employee, can trigger serious penalties for both the supplier and you as the exporter of the data. Sourcing from a Vermont shop that already lives inside this regime, rather than one learning it for the first time, materially reduces your compliance exposure.

What ITAR Registration Is, and What It Is Not

ITAR, the International Traffic in Arms Regulations, is administered by the U.S. State Department's Directorate of Defense Trade Controls. Any U.S. manufacturer or exporter of defense articles or defense services on the U.S. Munitions List must register with DDTC. Registration is an annual obligation and a prerequisite for export licensing; it is not, by itself, a certification that someone audited the shop's quality system. This distinction trips up buyers. ITAR registration tells you a shop is legally enrolled to handle defense articles and controlled technical data; it does not tell you the shop makes good parts. That is why ITAR almost always travels alongside AS9100 and ISO 9001 in this market, because the defense aerospace work that requires ITAR also demands aerospace quality discipline. Treat ITAR registration as the gate that determines who may receive your data, and the quality certifications as the measure of whether they can actually deliver.

Verifying ITAR Status and Controlling Technical Data

Unlike a public ISO certificate, DDTC registration is not posted in an open directory you can search. To verify, ask the supplier for its DDTC registration code and confirm the registration is current, and require a written representation of ITAR compliance in your purchase order or supplier agreement. Many primes also require evidence of a technology control plan and documented procedures for screening employees who access controlled data. The operational core of ITAR is controlling who sees the technical data. Before releasing a drawing, confirm the supplier restricts access to U.S. persons as required, has a process for handling foreign-person employees, and stores controlled data on systems that meet the security expectations of your program. For sensitive programs you may also need to confirm the supplier's compliance with cybersecurity requirements like NIST 800-171 and CMMC, which increasingly accompany ITAR work in the defense industrial base. A shop that cannot describe its technology control plan should not receive controlled data, period.

Records, Markings, and Program Discipline

Defense work generates obligations beyond the part itself. Expect your supplier to mark and handle controlled drawings according to their classification, maintain access logs for technical data, and apply distribution-statement and export-control markings consistently. On delivery, the standard quality records still apply: certificate of conformance, inspection data, material certs, and special-process certifications where the part requires them. Where defense work differs is the chain of custody around information and the handling of any defense article. If your part is itself on the Munitions List, movement and storage carry export-control implications even domestically. A disciplined Burlington defense supplier will be able to show you its procedures for receiving, marking, storing, and returning or destroying controlled data, and will fold those controls into the same documented system that governs its aerospace quality work. Sloppiness here is not a cosmetic flaw; it is a compliance liability you inherit.

Frequently Asked Questions

ITAR registration cannot be checked in an open public directory the way an ISO certificate can, because the State Department's Directorate of Defense Trade Controls does not publish registrant lists for general search. To verify, ask the supplier directly for its DDTC registration code and confirm the registration is current, since it must be renewed annually. Build a written ITAR compliance representation into your purchase order or supplier agreement so the obligation is contractual, not just verbal. For controlled programs, go further and request evidence of the supplier's technology control plan, its procedures for restricting technical-data access to U.S. persons, and how it screens or segregates any foreign-person employees. Many defense primes also now require the supplier to demonstrate cybersecurity compliance such as NIST SP 800-171 and CMMC certification, because controlled unclassified information must be protected on the supplier's IT systems. A Burlington shop genuinely operating in the defense space will answer these questions readily and have documented procedures; a shop that treats ITAR as a checkbox and cannot describe its technology control plan should not receive your controlled data until it can.
No, and conflating them is a meaningful mistake. ITAR registration is a legal and regulatory status: it means a manufacturer of defense articles or services on the U.S. Munitions List has enrolled with the State Department's DDTC and is authorized to handle defense-controlled technical data and pursue export licensing. It says nothing about whether the shop produces conforming parts. Quality certifications like AS9100 Rev D and ISO 9001, by contrast, are the result of an accredited third party auditing the shop's quality-management system. In the Burlington defense aerospace supply chain these credentials almost always travel together, because the military propulsion and aerospace work that requires ITAR also demands aerospace quality discipline, but they answer different questions. Think of ITAR as the gate that controls who is legally permitted to see your drawing and handle your part, and AS9100 or ISO 9001 as the measure of whether that supplier can actually machine, inspect, and document the part to flight standards. When you place defense work, require both: ITAR for the compliance gate and the appropriate quality certification for delivery confidence.
The heart of ITAR compliance is controlling who can access technical data and how it moves. A disciplined Burlington defense supplier operates a technology control plan that restricts access to defense-controlled drawings, models, and specifications to U.S. persons as ITAR requires, and it has explicit procedures for any foreign-person employees so that an unauthorized disclosure, which counts as an export even if it happens inside the building, cannot occur inadvertently. Controlled data is stored on IT systems that meet the security expectations of the program, increasingly governed by NIST SP 800-171 and CMMC requirements, with access logging so the shop can show who viewed what. Physically, controlled drawings carry appropriate distribution-statement and export-control markings, and the shop maintains procedures for receiving, marking, storing, and ultimately returning or destroying that data. If the part itself is a Munitions List defense article, even its domestic movement and storage carry export-control implications. Before you release a drawing, confirm the supplier can describe all of this concretely, because as the party transmitting the technical data you share responsibility for any compliance failure that follows.
ITAR rarely stands alone in this market because the work that requires it sits inside aerospace and defense programs with their own quality and security demands. The most common companion is AS9100 Rev D, since defense propulsion and airframe hardware must meet aerospace quality requirements around configuration management, first-article inspection, and counterfeit-parts prevention. ISO 9001 underlies AS9100 and is sometimes held for the supplier's commercial work. For parts requiring special processes like heat treat, plating, or non-destructive testing, NADCAP accreditation on the processing chain becomes relevant. On the cybersecurity side, defense work involving controlled unclassified information increasingly requires the supplier to meet NIST SP 800-171 and to pursue or hold CMMC certification, because protecting controlled technical data on IT systems is now an explicit contractual obligation in much of the defense industrial base. When sourcing in the Burlington corridor, map your program's full requirement set first, then look for a supplier whose ITAR registration, quality certifications, special-process chain, and cybersecurity posture all line up, rather than assuming ITAR registration alone makes a shop ready for your defense work.

Last updated: July 2026

Find ITAR-Certified Manufacturers in Burlington, VT

Search verified Burlington shops that hold ITAR.

No logins. No email gates. Just results.