🛡️ ITAR

ITAR Registered Manufacturers in Santa Fe, NM

When a part touches the US Munitions List or comes with controlled technical data, the conversation has to start with export compliance before it ever reaches price or lead time. In Santa Fe, where defense and research-adjacent work runs through a handful of precision shops near Los Alamos, ITAR registration is the credential that lets a buyer lawfully share drawings and place orders for controlled hardware. This page lays out what ITAR registration actually means, how to confirm a Santa Fe supplier holds it, and the compliance footwork that has to happen before any controlled data changes hands.

ITARAS9100ISO 9001
1

What ITAR Registration Means for a Santa Fe Supplier

ITAR, the International Traffic in Arms Regulations, is administered by the State Department's Directorate of Defense Trade Controls. Any US manufacturer or exporter of defense articles or services on the US Munitions List must register with DDTC. Important nuance: ITAR registration is not a certification or an accreditation. There is no audit, no certificate from a third party, and no quality-system implication. It is a registration that establishes a company is enrolled with DDTC and pays the annual fee, and it is a prerequisite for, not proof of, compliant handling of controlled items. For Santa Fe shops, ITAR enters the picture because of the region's defense and research orientation. Precision machine shops that make components for defense primes, or that handle technical data tied to Los Alamos and Sandia programs, frequently register because their customers require it before sharing controlled drawings, models, or specifications. The practical effect on a buyer is gating: you cannot transmit ITAR-controlled technical data to a supplier that is not registered and does not have an export-compliance program in place. Because registration alone says nothing about how well a shop actually controls technical data, the real diligence is in the compliance program behind the registration. A serious ITAR shop has a Technology Control Plan, restricts access to controlled data to US persons, controls its network and physical access, and trains its staff. That program, not the registration number, is what protects you from an export violation.
2

Confirming Registration and Real Export Controls

Verifying ITAR is different from verifying ISO. DDTC registration information is not openly searchable the way IAF CertSearch lists ISO certificates, so confirmation happens through the supplier directly. Ask for the registrant's DDTC registration code and the expiration of their current registration, and require it in writing as part of your supplier onboarding. Many buyers fold this into a signed compliance representation in which the supplier attests to current ITAR registration and agrees to flow-down export-control obligations. The more important verification is of the supplier's actual export-compliance posture. Ask whether they maintain a written Technology Control Plan, how they segregate ITAR-controlled data on their network and shop floor, whether all personnel with access to controlled data are US persons as ITAR defines them, and whether they have an Empowered Official responsible for export decisions. A shop that machines controlled parts but cannot describe how it keeps a foreign-national contractor or an offshore IT vendor away from your drawings has a registration but not control. Red flags include vague answers about who can access data, use of consumer cloud tools for controlled drawings without proper safeguards, and any suggestion of subcontracting controlled work to an unregistered shop. In Santa Fe's small market, where shops lean on out-of-town subcontractors for special processes, confirm that any subcontractor who will see controlled data or hardware is itself ITAR registered and bound by flow-down terms.
3

Compliance Footwork Before You Share Controlled Data

Before a single controlled drawing leaves your hands, several things must be in place. First, confirm the supplier's current ITAR registration and capture it in your records. Second, execute the appropriate agreements: a nondisclosure agreement with explicit export-control language, and flow-down clauses obligating the supplier to handle the data per ITAR and to extend those obligations to any subcontractor. For some scenarios involving foreign persons or exports, a Technical Assistance Agreement or other DDTC authorization may be required, and that is a determination to make deliberately, not after the fact. Make the export classification explicit. Tell the supplier in writing that the data is ITAR-controlled, identify the relevant USML category if known, and mark the documents accordingly. Ambiguity here is dangerous; a supplier who does not know a drawing is controlled cannot protect it. Use secure, compliant transmission methods rather than ordinary email or consumer file-sharing, and confirm the supplier can receive and store the data within their controlled environment. Keep records of the whole chain. Export-control diligence is something you may have to demonstrate to the government, so document the registration confirmation, the agreements, the classification, and the transmission method. In Santa Fe's defense and research-adjacent ecosystem, where parts and data move between a local machine shop and Albuquerque or out-of-state subcontractors, this recordkeeping is what lets you prove the controlled chain stayed compliant end to end.

Frequently Asked Questions

No, and this is one of the most misunderstood points about ITAR. Unlike ISO 9001 or AS9100, ITAR registration is not a third-party certification with an audit and a certificate, and it is not listed in an openly searchable registry the way IAF CertSearch or OASIS list quality certifications. ITAR registration is an enrollment with the State Department's Directorate of Defense Trade Controls, required of US manufacturers and exporters of defense articles and services on the US Munitions List. Verification therefore happens directly with the supplier rather than through a public lookup. Ask for the registrant code and the current registration expiration date in writing, and incorporate a compliance representation into your supplier agreement in which the company attests to current registration and agrees to flow-down obligations. More importantly, because registration alone says nothing about how the company actually safeguards controlled data, verify the substance of their export-compliance program: their Technology Control Plan, US-person access controls, network and physical segregation of controlled data, and their Empowered Official. The registration is the entry ticket, but the compliance program is what actually keeps you out of an export violation.
Nothing at all, and treating it as a quality signal is a mistake. ITAR registration is purely an export-control enrollment with DDTC; it involves no quality-system audit, no certificate from an accreditation body, and no assessment of manufacturing capability or process control. A shop can be ITAR registered and produce poor parts, or be an excellent manufacturer that simply has no reason to register because it does not handle controlled items. The two domains are entirely separate. To assess quality on a Santa Fe defense component, look to the quality credentials that actually measure it: ISO 9001:2015 for a baseline quality management system, and AS9100 Rev D if the part is aerospace or flight related, plus NADCAP for any special processes. In practice, defense work in northern New Mexico often requires the full stack together, ITAR for the export-control dimension and AS9100 or ISO 9001 for quality, because the defense customer flows down both kinds of requirements. When you qualify a supplier, evaluate the export and quality credentials independently and confirm each on its own terms rather than assuming one implies the other.
Several steps, all before any controlled data leaves your hands. First, confirm the supplier's current ITAR registration with DDTC and record the registrant code and expiration. Second, put the right agreements in place: a nondisclosure agreement that includes explicit export-control language, and flow-down clauses requiring the supplier to handle the data in accordance with ITAR and to bind any subcontractor to the same obligations. Third, make the control status explicit in writing, telling the supplier the data is ITAR-controlled, identifying the relevant US Munitions List category if you know it, and marking the documents accordingly, because a supplier who does not realize a drawing is controlled cannot protect it. Fourth, transmit the data only by secure, compliant means rather than ordinary email or consumer file-sharing, and confirm the supplier can store it within their controlled environment. If foreign persons or actual exports are involved, determine whether a Technical Assistance Agreement or other DDTC authorization is needed before proceeding. Finally, document the entire chain, the registration confirmation, the agreements, the classification, and the transmission method, since you may have to demonstrate this diligence to the government.
They complicate it, because Santa Fe shops routinely rely on out-of-town subcontractors for special processes like heat treat, plating, and nondestructive testing, and any subcontractor that will see controlled hardware or controlled technical data must itself be ITAR registered and bound by flow-down obligations. You cannot let a prime machine shop quietly route your controlled drawing or part to an unregistered subcontractor, even one across the mountain in Albuquerque, without breaking the controlled chain. So when you qualify a Santa Fe supplier for ITAR work, do not stop at the machine shop; map the full process chain and confirm that every link that touches controlled data or hardware is registered and contractually obligated. Ask the shop directly which subcontractors will be involved, whether each is ITAR registered, and how the shop ensures controlled data does not leak to a noncompliant party. In a thin market where the same handful of special-process houses serve everyone, this diligence is essential, and it is one reason buyers value Santa Fe shops that keep more processes in-house or that have a pre-vetted, registered subcontractor network already in place.

Last updated: July 2026

Find ITAR-Certified Manufacturers in Santa Fe, NM

Search verified Santa Fe shops that hold ITAR.

No logins. No email gates. Just results.