International Traffic in Arms Regulations (ITAR) is a set of US Government regulations that deals with the export and temporary import of defense articles and services.
ITAR regulations dictate that information and material pertaining to defense and military related technologies, including technical data may only be shared with U.S persons. This includes but is not limited to technology pertaining to satellites and launch vehicles, software developed for the management and use of military applications. Basically, ITAR governs the people, data and systems involved in arms and defense manufacturing and contracting.
Penalties for ITAR Violations include: Criminal fines for corporations or individuals of up to $1 million per violation and/or imprisonment of up to ten years for willful violations. Civil penalties for corporations or individuals of up to $500,000 per violation relating to unauthorized exports of defense articles or defense services and Debarment from export of defense articles or defense services.
Achieving ITAR compliance is really about having a good data security strategy and defensive technology implementation in place. On a basic level, this strategy will address the access requirements (Only US persons can have access to the ITAR information), the exporting or transmitting limitations (Defense information cannot be exported or transmitted to non-authorized personnel without explicit permission from the Federal Government) and the internal security requirements (ITAR governed businesses need to do due diligence and invest in the security of ITAR regulated information).