🛡️ ITAR

ITAR Registered Manufacturers in Cedar Rapids, IA

ITAR is the credential buyers most often misunderstand, because it is not a quality certification at all, it is a federal compliance registration governing how defense articles and technical data are handled, and getting it wrong carries criminal liability. In Cedar Rapids, where avionics and defense electronics overlap heavily, a solid base of suppliers is registered and set up to handle controlled work, but registration alone does not mean a supplier has the operational controls your program requires. This page explains what ITAR actually obligates, how to confirm a local supplier is genuinely equipped, and where buyers get burned.

ITARAS9100ISO 9001
The avionics manufacturing that anchors Cedar Rapids is inseparable from defense work. Communication, navigation, and electronic systems that serve commercial aviation frequently have military variants, and the same suppliers machine enclosures, fabricate chassis, build cable harnesses, and assemble electronics for both. That dual-use reality means a large share of the local aerospace tier handles items on the U.S. Munitions List or works with export-controlled technical data, and registration with the Directorate of Defense Trade Controls is part of doing business. For a buyer, this is genuinely useful: the regional supply base is not learning ITAR from scratch. Shops here generally understand the concepts of a defense article, technical data, and the foreign-person access restrictions that govern who may even view a controlled drawing. That cultural familiarity lowers the risk of an accidental violation compared with sourcing into a region with no defense exposure. It does not, however, make any individual supplier automatically right for your program. ITAR is binary registration but graduated capability. A two-person shop and a large avionics contractor can both be registered, yet differ enormously in how rigorously they segregate controlled data, vet personnel, and document exports. The local depth gives you candidates; due diligence still picks the supplier.

What ITAR Registration Actually Obligates, and What It Doesn't

The common misconception is that ITAR registration is a quality stamp like ISO 9001 or AS9100. It is not. Registration with DDTC under the State Department establishes that a manufacturer or exporter of defense articles is enrolled and pays the registration fee; it is a prerequisite for, not a guarantee of, compliant handling. The real obligations live in how the supplier operates: controlling access to technical data so only U.S. persons see it absent a license, securing physical and digital storage of controlled information, and properly licensing or exempting any export, which includes the deemed export of showing a drawing to a foreign national employee. Because violations carry civil and criminal penalties, the operational controls matter far more than the certificate. A capable supplier maintains a technology control plan, screens employees for U.S.-person status on controlled programs, restricts network and file access, and keeps export and shipping records. Ask to understand these, not just to see the registration. Keep ITAR separate from quality in your evaluation. A supplier can be ITAR registered and AS9100 certified, and for flight-critical defense hardware you typically want both, but each answers a different question. ITAR answers 'can they lawfully handle the controlled article and data.' AS9100 answers 'can they build it to aerospace quality.' Confirm both, independently.

Verifying a Supplier Can Genuinely Handle Controlled Work

Unlike ISO certificates, there is no public database where you can look up a supplier's ITAR registration, because the DDTC registrant list is not openly published. Verification therefore relies on the supplier attesting to and demonstrating their registration and controls. Ask for confirmation of current DDTC registration and, more importantly, ask how they operationally protect controlled technical data before you transmit a single drawing. Probe the technology control plan. Who can access controlled files, how is foreign-person access prevented, how is controlled data segregated on the network, and how are physical parts and prints secured on the floor and in shipping? A supplier serious about defense work answers these readily and may have a designated empowered official or compliance lead. Vague answers are a red flag; you are about to share data whose mishandling is a federal crime. Do not transmit controlled technical data during the quoting stage until you have confirmed the supplier is registered and equipped. A frequent and serious mistake is emailing an ITAR-controlled drawing to an unvetted shop to get a quote, which can itself be a violation if that shop is not properly controlled. Establish compliance first, then exchange data through a controlled channel.

Adjacent Credentials Defense Buyers Usually Need Together

ITAR rarely travels alone on a defense sourcing requirement. For flight or mission hardware, you will almost always also require AS9100 Rev D for aerospace quality and, where the part involves heat treat, finishing, welding, or nondestructive testing, NADCAP accreditation on those special processes. In Cedar Rapids the suppliers feeding avionics and defense programs commonly hold AS9100 alongside their ITAR registration precisely because their customers flow down both. Depending on the program, you may also encounter requirements around cybersecurity for controlled unclassified information, since defense technical data increasingly carries DFARS-driven safeguarding obligations on top of ITAR. A supplier handling controlled work for defense primes should be conversant in protecting CUI, not just defense articles. Ask how their IT controls map to those expectations if your contract flows them down. Materials and capability fit round out the picture. Defense electronics enclosures and chassis in this region are frequently machined aluminum or fabricated sheet metal with conductive finishes, and assemblies often combine machining, fabrication, and electronics integration. Sourcing efficiently here usually means finding a supplier that pairs ITAR registration with the specific welding-fabrication, CNC machining, and assembly capabilities your defense part actually needs, rather than treating compliance and capability as separate searches.

Frequently Asked Questions

No, and conflating them is a costly mistake. ITAR registration is a federal export-compliance enrollment with the Directorate of Defense Trade Controls under the State Department. It establishes that a manufacturer or exporter of defense articles is registered and authorized to engage in that business, and it is a legal prerequisite for handling items on the U.S. Munitions List and the associated technical data. It says nothing about whether the supplier can build a part to specification. ISO 9001 and AS9100, by contrast, certify a quality management system, that is, the supplier's ability to consistently produce conforming product. For most defense hardware you need both: ITAR so the supplier may lawfully handle the controlled article and export-controlled data, and AS9100 so they can build it to aerospace quality. They answer different questions and are verified differently. Always evaluate compliance and quality as separate gates, confirming each independently rather than assuming one implies the other.
There is no public, searchable database of ITAR registrants the way there is for ISO or AS9100 certificates, because the DDTC registrant list is not openly published. Verification depends on the supplier confirming their current registration and, far more importantly, demonstrating the operational controls that make registration meaningful. Ask them to confirm active DDTC registration, then ask detailed questions about how they protect controlled technical data: who can access it, how foreign-person access is prevented, whether they maintain a technology control plan, how controlled files are segregated on their network, and how physical parts and prints are secured. A supplier genuinely equipped for defense work, common in the Cedar Rapids avionics base, answers these readily and often has a designated compliance lead or empowered official. Crucially, do not send any ITAR-controlled drawing during quoting until you have confirmed the supplier is registered and controlled, because transmitting controlled technical data to an unvetted recipient can itself be a violation regardless of intent.
It can constitute an export violation even if no part is ever made and even if you acted in good faith. Under ITAR, technical data is itself a controlled item, and disclosing it to a foreign person, including a foreign-national employee at a domestic shop, or to a supplier not authorized to handle it, can be treated as an unauthorized export. Violations carry serious civil and potentially criminal penalties, which is why the handling controls matter as much as the registration. The practical safeguard is process discipline: never transmit controlled technical data during early quoting or supplier-shopping before you have confirmed the recipient is DDTC registered and operationally controlled, and always exchange controlled data through a secured, access-restricted channel rather than ordinary email. In the Cedar Rapids region the supplier base is generally familiar with these requirements, but familiarity on their side does not protect you if you released the data improperly. Establish that the supplier is registered and equipped first, then share data through a controlled method, and document the exchange.
For most defense hardware, ITAR is necessary but far from sufficient on its own. Flight and mission-critical parts almost always also require AS9100 Rev D for aerospace quality, and many local avionics and defense suppliers hold both because their prime customers flow down both. When the part involves heat treatment, chemical processing, special-process welding, or nondestructive testing, you will typically also need those processes performed under NADCAP accreditation. Increasingly, defense work also carries cybersecurity obligations for controlled unclassified information under DFARS-driven safeguarding requirements, so a supplier handling controlled technical data should be able to describe how their IT controls protect that data, not just their physical handling of defense articles. Finally, do not forget capability fit: the credential search and the capability search should converge on one supplier who pairs ITAR registration with the actual CNC machining, welding-fabrication, and assembly your defense part requires. In Cedar Rapids the avionics-driven base makes finding that combination realistic, but you still confirm each credential and capability separately.

Last updated: July 2026

Find ITAR-Certified Manufacturers in Cedar Rapids, IA

Search verified Cedar Rapids shops that hold ITAR.

No logins. No email gates. Just results.