🛡️ ITAR

ITAR Registered Manufacturers for Defense Work Near Salem, Oregon

Defense-controlled manufacturing carries legal weight that ordinary commercial sourcing does not, and ITAR registration is the threshold a Salem-area supplier must clear before touching controlled technical data or hardware. Because the mid-Willamette Valley's industrial base leans commercial, the buyer's job is to identify which precision shops have actually stood up an ITAR compliance program, then verify it holds up. This page walks through how ITAR works in the Salem context and what to check before you transmit a single controlled drawing.

ITARISO 9001AS9100

What ITAR registration actually means for a supplier

ITAR, the International Traffic in Arms Regulations, governs the manufacture, export, and handling of defense articles and technical data on the US Munitions List. Registration with the State Department's Directorate of Defense Trade Controls, the DDTC, is a legal requirement for manufacturers of those articles. It is important to be precise: ITAR registration is not a quality certification audited by a third party the way ISO 9001 is. It is a registration plus an ongoing compliance obligation that the manufacturer is responsible for upholding. For a Salem-area shop, being ITAR registered means it has registered with DDTC and, critically, has built the internal controls to keep controlled technical data and hardware secure. That includes restricting access to US persons, controlling where drawings and models are stored and transmitted, and preventing any unauthorized export, which under ITAR can include simply letting a foreign national view a controlled drawing on a shop network. For the buyer, the distinction matters because a shop can be a superb machinist and still be a compliance liability if it has registered without genuinely implementing the controls. The value you are buying is not just registration, it is a defensible compliance posture that protects you and the program from a violation.

Technical data controls a Salem shop must enforce

The heart of ITAR compliance on the shop floor is control of technical data. When you send a controlled drawing, model, or specification to a Salem supplier, that data has to live inside a controlled environment. The supplier should be able to describe concretely how they segregate ITAR data: access limited to US persons, controlled file storage rather than open shared drives, and secured transmission that does not route controlled files through non-compliant cloud services or foreign-hosted systems. The US-person requirement is the most frequently misunderstood and the most dangerous to get wrong. Under ITAR, allowing a foreign national employee or contractor to access controlled technical data is a deemed export and can constitute a violation even though nothing physically left the country. A serious Salem supplier maintains documented US-person verification for everyone who can touch your data, and trains its staff on what triggers an export. Physical security matters too. Controlled hardware and prints need to be stored where unauthorized personnel cannot access them, and visitor controls should prevent casual exposure. When you qualify a supplier, ask to see the technical control plan, not just hear that one exists. A shop with a real program will have written procedures covering data handling, personnel screening, and incident response.

Verifying and qualifying an ITAR supplier near Salem

Verification of ITAR status differs from ISO verification because there is no public registry you simply look up. DDTC registration information is not openly searchable the way an ANAB certificate is, so you confirm a supplier's status through direct documentation and, often, through your own contractual and program channels. Ask the supplier to confirm their DDTC registration and to share the relevant registration evidence under appropriate terms. Because ITAR is a compliance posture rather than an audited certificate, the qualification leans heavily on the supplier's program documentation and your own assessment. Review their ITAR compliance procedures, their technical control plan, and their US-person verification process. Many defense buyers fold this into a broader supplier assessment alongside the quality system, since most ITAR work also requires AS9100 or at least a strong ISO 9001 foundation. Salem's proximity helps here in the same way it does for any local sourcing: you can conduct an on-site assessment, see the physical controls, and build the working relationship that defense programs depend on. The pitfall to avoid is treating ITAR as a checkbox. A registered shop that cannot walk you through its data controls and personnel screening is a risk to your program, and the consequences of an ITAR violation, civil and criminal, fall on the parties involved, so the diligence is worth the effort.

How ITAR pairs with quality certifications buyers also need

ITAR rarely travels alone. Defense-controlled parts almost always also require a quality system, so the practical pairing a Salem buyer needs is ITAR registration plus AS9100 for flight and defense hardware, or ISO 9001 as a minimum for less critical components. The ITAR registration handles the export-control and security dimension while the quality certification handles the make-it-right dimension, and a defense program typically requires both. For parts involving special processes, the chain extends to NADCAP as well, and every link in that chain that touches controlled technical data must itself be ITAR compliant. This is where flowdown discipline becomes a compliance issue, not just a quality one: if your AS9100 and ITAR supplier near Salem subcontracts a special process, that subcontractor must also handle the controlled data appropriately, and your supplier is responsible for ensuring that. The buyer's clean approach is to specify all applicable requirements together in the PO and quality agreement: ITAR compliance, the relevant quality certification, and any special-process accreditation, with explicit flowdown to sub-tiers. A Salem-area supplier that already holds AS9100 and maintains a real ITAR program is positioned to handle this cleanly, which is exactly why those two credentials so often appear together in the region's small defense-capable supplier pool.

Frequently Asked Questions

No, and treating it like one will lead you astray. ITAR registration is a legal registration with the State Department's Directorate of Defense Trade Controls, the DDTC, combined with an ongoing compliance obligation that the manufacturer maintains internally. It is not a third-party audited certificate issued by an accreditation body, and there is no open public registry where you can search a Salem supplier's ITAR status the way you can verify an ISO 9001 certificate in the ANAB directory. That difference shapes how you qualify a supplier. Instead of a registry lookup, you confirm ITAR status through direct documentation from the supplier and through your own contractual and program channels, then you assess the substance of their compliance program. The real question is not merely whether a shop registered, but whether it actually implemented the controls: US-person access restrictions, secured technical data handling, physical security, and personnel screening. A registered shop without genuine controls is a compliance liability. So plan your diligence around reviewing the supplier's ITAR procedures and technical control plan rather than expecting a downloadable certificate, and fold the assessment into your broader supplier qualification.
Under ITAR, that scenario can constitute a deemed export and a potential violation, even though nothing physically crossed a border. The regulations treat the release of controlled technical data to a foreign national, whether by email, network access, or simply viewing a print, as an export to that person's country. This is one of the most serious and most commonly underestimated ITAR risks on a shop floor. A Salem supplier handling your defense-controlled data must restrict access to US persons and maintain documented verification of who qualifies, because the consequences of getting it wrong are severe and can include civil penalties and, in egregious cases, criminal exposure for the parties involved. When you qualify a local supplier, ask specifically how they screen personnel for US-person status, how they segregate controlled data so unauthorized employees cannot reach it, and how they control contractors and visitors. A serious shop will have written procedures for all of this and will train staff on what triggers a deemed export. If a supplier cannot clearly explain their US-person controls, do not transmit controlled technical data to them, because the liability for an unauthorized release does not stay neatly contained to the shop.
In almost all cases, yes. ITAR and quality certifications address completely different dimensions of a defense part, so they work together rather than substituting for each other. ITAR registration governs export control and the secure handling of defense-controlled hardware and technical data, while a quality certification like AS9100 or ISO 9001 governs whether the part is actually made correctly and traceably. A defense program typically requires both, because a part can be perfectly secure and still out of tolerance, or perfectly made and a compliance disaster. For flight and defense hardware, the common pairing near Salem is ITAR plus AS9100, since aerospace-grade quality controls usually apply. For less critical components, ITAR plus a strong ISO 9001 foundation may suffice. When special processes such as heat treat or nondestructive testing are involved, NADCAP accreditation enters the picture too, and any sub-tier touching controlled data must also be ITAR compliant. The cleanest approach is to specify ITAR compliance, the applicable quality certification, and any special-process requirement together in your PO and quality agreement, with explicit flowdown so the entire supply chain meets every obligation.
Because ITAR is a compliance posture rather than an audited certificate, your assessment of data security carries real weight in the qualification. Start by requesting the supplier's technical control plan and ITAR compliance procedures, then evaluate the substance. Confirm that controlled technical data is stored in a controlled environment rather than open shared drives, that transmission of controlled files does not route through non-compliant or foreign-hosted cloud services, and that access is limited to verified US persons. Ask how they handle controlled data across email, file storage, CAD systems, and any cloud collaboration tools, since each is a potential leak point. Physical security matters as well: controlled prints and hardware should be stored where unauthorized personnel cannot reach them, with visitor and contractor controls in place. Salem's proximity is an advantage here because you can conduct an on-site assessment, walk the floor, and see the controls firsthand rather than relying on a questionnaire. A supplier with a real program will have written data-handling procedures, documented US-person verification, staff training records, and an incident response process. If those elements are missing or vague, the shop is not ready to handle your controlled technical data, regardless of its machining capability.

Last updated: July 2026

Find ITAR-Certified Manufacturers in Salem, OR

Search verified Salem shops that hold ITAR.

No logins. No email gates. Just results.