🛡️ ITAR
ITAR Registered Forging Suppliers for Defense Programs
ITAR is not a quality certification at all, and confusing it for one is the fastest way to a compliance problem. It is a US export-control regime, and for a forging shop making defense articles on the United States Munitions List, ITAR registration with the State Department's DDTC is a legal prerequisite, not a quality badge, governing who may touch the part, the drawing, and the technical data behind it.
ITARAS9100NADCAP
What ITAR Registration Actually Means for a Forger
The International Traffic in Arms Regulations (ITAR, 22 CFR Parts 120-130) are administered by the Directorate of Defense Trade Controls (DDTC) within the US Department of State. Any US person who manufactures defense articles, whether or not they export, is required to register with DDTC under 22 CFR Part 122. So an ITAR registered forging shop has filed Form DS-2032, paid the registration fee, and received a registration code. That registration is the entry ticket; it does not by itself authorize any export, which requires a separate license or exemption.
For a forger, the controlled items are defense articles enumerated on the United States Munitions List (USML, 22 CFR Part 121). Forged components for missiles (Category IV), firearms and cannon (Categories I and II), military aircraft structures (Category VIII), and naval vessels (Category VI) are common examples. A forging is a defense article if it is specially designed for a USML end item or appears in a USML entry, and the technical data, the drawing, the forging process spec, the model, travels with the same control.
Critically, ITAR controls technical data and defense services, not just the physical part. Sharing a controlled drawing with a foreign-person employee, or even allowing one to observe a controlled process, can be a deemed export requiring authorization. This is why an ITAR registered forger runs US-person controls on the floor and locks down engineering data, a discipline that has nothing to do with whether the forging itself is metallurgically sound.
ITAR Is Not ISO 9001: Two Different Questions
Buyers routinely conflate ITAR registration with quality certification, but they answer entirely separate questions. ISO 9001 and AS9100 ask 'can this shop make the part right and prove it?' ITAR asks 'is this shop legally allowed to make and handle this controlled defense item?' A forger can be flawless on quality and still be non-compliant on ITAR, and vice versa. A defense forging program needs both, plus typically NADCAP for the special processes.
Because ITAR is a legal status rather than an audited quality system, there is no surveillance audit, no scope statement of capabilities, and no registrar. There is a DDTC registration that must be renewed annually and kept active. The practical sourcing implication is that you verify ITAR very differently from how you verify ISO 9001: you confirm the registration is current and you confirm the shop has an export-compliance program, rather than reading a certificate scope.
The two regimes do interact. AS9100 clause 8.1 and supplier-control clauses push the forger to control information and flow down requirements, which dovetails with ITAR's technical-data controls. But meeting AS9100 does not make a shop ITAR compliant, and being ITAR registered says nothing about whether the heat treat met AMS 2750. For a defense forging you should require AS9100 for quality, the relevant NADCAP accreditations for special processes, and ITAR registration plus a compliance program for export control, treating each as a distinct gate.
Verifying ITAR Status and the Red Flags to Watch
DDTC registration is not publicly searchable the way an ISO certificate database is, so verification works differently. The standard practice is to obtain a copy of the supplier's DDTC registration confirmation or a self-certification of their registration code and renewal date, and to require it contractually. Many primes require the subtier to attest to ITAR registration in the supplier agreement and to flow the obligation down further to its own subcontractors, including any outside heat treat or NDT processor that will see the controlled part or data.
The biggest red flag is a forger that subcontracts the heat treat, NDT, or machining of an ITAR-controlled forging to an unregistered or foreign-owned processor without controls. The defense article and its technical data must stay inside compliant hands the entire route. Another red flag is foreign-person access: ask how the shop screens employees and controls access to controlled drawings, and whether it has ever obtained authorization for foreign-person access or relied on an exemption. A shop that cannot describe its US-person controls is a liability.
Also confirm the shop maintains the records ITAR requires (22 CFR Part 122.5), retained for five years, and has a written technology control plan and empowered official. Foreign ownership, control, or influence (FOCI) matters: a forger under foreign ownership may face additional mitigation requirements. None of this shows up on a quality certificate, which is exactly why ITAR must be verified as its own discipline.
Frequently Asked Questions
No, and treating it as one causes real compliance failures. ITAR (the International Traffic in Arms Regulations, 22 CFR Parts 120-130) is a US export-control regime administered by the State Department's Directorate of Defense Trade Controls. It governs who may manufacture, handle, and export defense articles and technical data on the United States Munitions List. ISO 9001, by contrast, is a quality management system standard that addresses whether a shop can produce a conforming part repeatably and prove it. They answer completely different questions. An ITAR registered forging shop has filed DDTC Form DS-2032 and holds a current registration, which is a legal status, not an audited quality result. There is no ITAR scope statement of capabilities, no surveillance audit, and no registrar issuing a certificate. For a defense forging you need both regimes satisfied independently: a quality system (typically AS9100 plus NADCAP for the special processes) to prove the part is sound, and ITAR registration plus an export-compliance program to prove the shop is legally allowed to make and handle the controlled item and its technical data. Never accept ITAR registration as evidence of quality, or a quality certificate as evidence of ITAR compliance.
DDTC registration is not publicly searchable like an ISO certificate database, so verification is contractual rather than online. The accepted practice is to require the supplier to provide a copy of its DDTC registration confirmation, or a written self-certification stating its registration code and the current renewal date, and to make that a condition of the purchase order. ITAR registration must be renewed annually, so confirm the renewal is current rather than lapsed. Beyond the registration itself, verify the shop actually runs an export-compliance program: a written technology control plan, a designated empowered official, US-person access controls on the floor and on engineering data, and record retention for five years per 22 CFR 122.5. Ask specifically how the forger handles subcontracted heat treat, NDT, or machining, because the controlled defense article and its technical data must remain inside compliant, registered hands throughout the route. Many defense primes require the subtier to attest to ITAR registration in the supplier agreement and to flow the obligation down to its own subcontractors. If a shop cannot produce its registration and cannot describe its compliance program, treat it as non-compliant regardless of its quality certifications.
A forging is ITAR-controlled if it is a defense article under the United States Munitions List (USML, 22 CFR Part 121). That happens when the forging is specifically enumerated in a USML category or is specially designed for a USML end item. Common examples for forgers include forged components for missiles and missile systems (Category IV), firearms and their forged receivers, frames, or barrels (Categories I and II), structural forgings for military aircraft (Category VIII), and forged components for naval vessels of war (Category VI). The control follows the part and, just as importantly, the technical data behind it: the drawing, the forging process specification, dimensions, and any model or know-how. If your forging is a commercial item or falls under the Commerce Control List rather than the USML, it is governed by the Export Administration Regulations (EAR) instead, not ITAR. Because the line between ITAR (State/DDTC) and EAR (Commerce/BIS) jurisdiction can be subtle, especially after the export-control reform that moved many less-sensitive items to the EAR, the prime or design authority should provide a jurisdiction and classification determination. The forger then handles the part and its data according to that determination.
Yes, but only to processors that can lawfully receive an ITAR-controlled defense article and its technical data, and this is one of the most common places defense forging compliance breaks down. When a forger subcontracts heat treat, nondestructive testing, machining, or coating on an ITAR-controlled forging, the physical part and any accompanying controlled drawings or specs move to that subtier, which is itself handling a defense article and technical data. The subtier generally must also be a US person operation with appropriate controls, and the ITAR obligations must be flowed down in the subcontract. Sending the part or its data to a foreign-person operation, or even allowing foreign-person access at a domestic processor without authorization, can constitute an unauthorized export or deemed export. The major red flag to screen for is a forger that routes special processes to unregistered or foreign-owned processors without controls. Ask your forger to identify which operations are subcontracted, confirm those subtiers are inside compliant hands, and confirm the ITAR flow-down is documented. Separately, those special-process subtiers should also hold the relevant NADCAP accreditation so the heat treat and NDT meet aerospace and defense quality requirements, since ITAR compliance says nothing about metallurgical quality.
It can, and it is worth screening early. ITAR itself does not prohibit a foreign-owned US entity from registering with DDTC and manufacturing defense articles, but foreign ownership, control, or influence (FOCI) raises the stakes and can trigger additional scrutiny and mitigation. The core ITAR concern is access: foreign persons, including foreign-person owners, managers, or employees, generally may not access ITAR-controlled defense articles or technical data without authorization, because that access can be a deemed export. A foreign-owned forger therefore needs robust controls to wall off foreign-person access to controlled drawings, process specs, and the production floor, and may need a technology control plan that specifically addresses its ownership structure. For defense contracts that also involve classified work or DoD facility clearances, FOCI mitigation under the National Industrial Security Program (such as a Special Security Agreement or proxy arrangement) can come into play, though that is a separate clearance regime from ITAR registration. When sourcing a defense forging, ask about the shop's ownership, how it controls foreign-person access to controlled data and processes, and whether it has any FOCI mitigation in place. A forger that cannot clearly answer these questions is a compliance risk on the program.
Last updated: July 2026
Find ITAR-Certified Forging Suppliers
Search verified forging shops that hold ITAR.
No logins. No email gates. Just results.