🛡️ ITAR
ITAR Registered Manufacturers in Concord, NH
Defense parts carry a layer of risk that has nothing to do with tolerances: the export-control regime. When a machined component or its drawing falls under the U.S. Munitions List, the Concord shop cutting it must be ITAR registered and must control who can even see the technical data. For buyers placing defense-controlled work in central New Hampshire, ITAR posture is a gating question that comes before quality scoring, and this page explains how to evaluate it.
ITARAS9100ISO 9001
1
What ITAR registration actually means for a supplier
ITAR, the International Traffic in Arms Regulations, controls the export of defense articles, defense services, and related technical data on the U.S. Munitions List. A key point buyers often miss: ITAR is not a certification audited by a third party. There is no ITAR certificate equivalent to an ISO registration. What exists is registration with the State Department's Directorate of Defense Trade Controls (DDTC), which any U.S. manufacturer or exporter of defense articles is required to maintain. Self-claimed 'ITAR certified' language is technically imprecise; the real question is whether the supplier is DDTC registered and runs a compliant export-control program.
For a Concord shop, that means an active DDTC registration, an empowered official responsible for compliance, and internal controls that restrict access to ITAR-controlled technical data to U.S. persons. 'Export' under ITAR includes a deemed export, meaning disclosure of controlled technical data to a foreign person inside the United States, so the shop's hiring, IT access, and visitor controls are all part of compliance.
The practical takeaway: registration is necessary but not sufficient. You want evidence of the program behind it.
2
How a buyer verifies ITAR posture in Concord
Because there's no public ITAR certificate to look up, verification is done through documentation and direct questions. Ask the Concord supplier to confirm current DDTC registration and to identify its empowered official. Request a summary of the export-compliance program: how technical data is segregated, how U.S.-person status is verified for anyone with access, how controlled files are stored and transmitted, and how the shop screens against the prohibited and debarred parties lists.
Probe the data-handling chain specifically. Controlled drawings and models should live in access-restricted systems, not general file shares or unscreened cloud storage. Email of controlled data should be encrypted or routed through a controlled mechanism. If the shop uses a cloud environment, ask whether it meets the controls expected for ITAR data. Many defense buyers also map this against CMMC and NIST SP 800-171 expectations when controlled unclassified information is involved.
Red flags include vague answers about who can access drawings, foreign-national access without a documented authorization, controlled data sitting in ordinary email or consumer cloud tools, or a supplier that markets itself as 'ITAR certified' without being able to speak to its actual DDTC registration and program.
3
Where ITAR intersects quality and special processes
ITAR governs export control, not part quality, so it sits alongside the quality credentials a defense part needs rather than replacing them. Most defense-controlled machined parts moving through Concord also require AS9100 for the quality system and, wherever the routing includes heat treat, plating, coating, or NDT, NADCAP accreditation at the special-process house. A buyer placing ITAR work is effectively managing three threads at once: export control, quality, and special-process accreditation.
The intersection matters because subcontracting touches all three. When a Concord machining shop sends an ITAR-controlled part out for a special process, the controlled technical data and the physical part both move, and the receiving processor must itself handle ITAR data appropriately and, for aerospace, hold NADCAP. The prime contractor's flow-downs typically require the entire supply chain to be controlled, so confirm that every node in the routing is ITAR-aware, not just the shop you contract with directly.
A mature Concord defense supplier manages this as one integrated program and can show you how export control, quality, and accredited special processes connect across the routing.
4
Regional advantages for defense work out of Concord
Keeping ITAR-controlled machining local in central New Hampshire reduces the surface area for export-control risk. Short New England freight legs mean controlled parts and data move within a tight, domestic supply network, and a buyer can run an on-site review of data-handling controls in person rather than relying on attestations. For controlled work, that hands-on verification is worth a great deal.
Concord's capability base of precision CNC machining and inspection fits a large share of defense component work, and the surrounding region offers ITAR-aware special-process houses for the steps that must be subcontracted. Because all of it stays inside the U.S. and within a couple hours' drive, the deemed-export and chain-of-custody risks are easier to contain than a geographically dispersed supply chain.
On cost and schedule, factor in the compliance overhead. Controlled work carries documentation and access-control burden that adds to lead time, and qualifying a new defense part runs longer once first articles, special-process qualification, and data-handling setup are included. New Hampshire's tax environment helps overhead modestly, but the defining cost driver is the disciplined, controlled workflow that defense buyers require.
Frequently Asked Questions
No. ITAR compliance is not a third-party certification like ISO or AS9100, so there is no ITAR certificate and no public registry of accredited 'ITAR certified' shops. What exists is registration with the State Department's Directorate of Defense Trade Controls (DDTC), which U.S. manufacturers and exporters of defense articles on the U.S. Munitions List are required to maintain. When a Concord supplier markets itself as 'ITAR certified,' treat that as marketing shorthand and dig into the substance: ask whether it holds current DDTC registration, who its empowered official is, and how its export-compliance program works. Verification is therefore done through documentation and direct inquiry rather than a lookup. Request a description of how the shop segregates and protects ITAR-controlled technical data, how it confirms U.S.-person status for anyone with access, and how it screens against debarred and prohibited parties. A supplier that can speak fluently to its DDTC registration and program is far more credible than one that simply repeats 'ITAR certified.'
Under ITAR, an export isn't limited to shipping a part overseas. A deemed export occurs when ITAR-controlled technical data is disclosed to a foreign person even inside the United States, including showing a controlled drawing or model to a non-U.S.-person employee, contractor, or visitor at a domestic facility. That makes a Concord shop's internal access controls a core part of compliance, not a back-office detail. When you place controlled work, you need confidence that only U.S. persons can access your technical data, that the shop verifies U.S.-person status, and that foreign-national access, if any, is covered by a proper authorization such as a license or exemption. Practically, ask how controlled drawings and CAD files are stored, who can open them, how visitors and the cleaning crew are kept away from controlled data on screens and benches, and how IT access is restricted. A deemed-export violation is a serious matter for both the supplier and potentially the buyer, so this is one of the first things to verify before transmitting any controlled file.
Yes, because ITAR and the quality credentials cover entirely different things. ITAR registration with DDTC governs export control of defense articles and technical data; it says nothing about whether the part is made correctly. For a defense-controlled aerospace part out of Concord, you typically need AS9100 for the quality management system and NADCAP accreditation at any special-process house in the routing, such as heat treat, plating, coating, or nondestructive testing. Think of them as three independent threads you manage together: export control, quality, and special-process accreditation. A shop can be DDTC registered but lack AS9100, which would make it unsuitable for flight-quality work, or AS9100 certified but not handling ITAR data properly, which would make it unsuitable for controlled work. The strongest defense suppliers in central New Hampshire integrate all three, controlling technical data per ITAR while running an AS9100 quality system and flowing accredited special processes through NADCAP-qualified subcontractors. Verify each thread explicitly rather than assuming one implies the others.
When a Concord machining shop subcontracts a step such as a special process, both the physical part and the controlled technical data often move to the subcontractor, and that subcontractor must handle ITAR data with the same rigor as the prime supplier. The technical data needs to travel through controlled channels, encrypted or otherwise protected rather than ordinary email or consumer cloud tools, and the subcontractor must restrict access to U.S. persons and store the data in access-controlled systems. Prime contractor flow-downs typically require the entire supply chain to be export-control compliant, so it isn't enough that the shop you contract with is registered; every node that touches the controlled data must be too. When you qualify a Concord supplier, ask how it vets and controls its subcontractors for ITAR, whether those subcontractors are on a managed approved-supplier list, and how controlled data is transmitted to and stored by them. For aerospace work the special-process subcontractor will also need NADCAP, so the export-control and quality controls have to ride together through the routing.
Last updated: July 2026
Find ITAR-Certified Manufacturers in Concord, NH
Search verified Concord shops that hold ITAR.
No logins. No email gates. Just results.