SOLUTIONS // ITAR COMPLIANCE

Defense export controls, enforced at runtime.

ITAR governs defense articles, services, and technical data under USML categories. EAR governs dual-use. Both require US-persons-only access enforcement and clear-text deemed-export controls. PolicyCortex enforces these at the cloud layer continuously — and produces the disclosure trail your export compliance officer needs.

Book 30-min demo Defense contractors
PolicyCortex governance — ITAR scope enforcement with US-persons-only access controls
Application view · /governance · ITAR scope
MISSION READINESS
REGIME
ITAR · EAR
ENFORCED
ACCESS
US-PERSONS ONLY
CONTROLLED
DEPLOYMENT
GOVCLOUD · GCC-H
BOUND
OPERATIONS
24 / 7 LIVE
ACTIVE
LIVE OPS // SAMPLE TENANT
STREAM
14:22:09okaccess.enforced subject=user-foreign action=DENIED reason=non-US-person
14:22:11infoitar.evidence.captured usml-category=VIII status=PASS
14:22:14warndeemed-export.flagged subject=user-7a3b context=cad-file disposition=REVIEW
14:22:15okremediation.applied target=share/tech-data action=enforce-region-lock
14:22:18infoaudit.log.captured action=tech-data-access duration=00:02:14
14:22:21okdisclosure-trail.maintained retention=ITAR-7y status=current
CAPABILITIES
  1. CAP-01
    US-persons-only enforcementAccess automatically gated; foreign-person attempts logged + blocked.
  2. CAP-02
    Deemed-export detectionSharing patterns analyzed; export-significant moves flagged.
  3. CAP-03
    Disclosure trailTamper-evident audit log · 7y retention.
  4. CAP-04
    GovCloud / GCC-H onlyResources outside US-controlled regions blocked.
  5. CAP-05
    Auto-remediationMisconfigured shares rolled back automatically.
  6. CAP-06
    USML category-awareCategories I-XXI mapped to scope policies.
OPERATIONS · 30-DAY PILOT
  1. 01
    ScopeTech-data + USML-categorized resources identified.
  2. 02
    EnforceAccess policies bound to US-person attribute. Region locks applied.
  3. 03
    DiscloseAudit trail maintained, exportable for DDTC inquiries.
FIELD-TESTED · FOUNDER OPERATED AT
  1. DOE National LabActive consultant
  2. MITRECybersecurity engineering
  3. USAAFinancial-grade ops
  4. FrontierProduction cloud architecture
CLEARANCES · PATENTS
DoD SECRETDoE Q

Founder runs every engagement personally. 4 U.S. patent applications filed.

FAQ

How is US-person attribute verified?

Identity provider integration. PolicyCortex consumes attestation from Entra ID / Okta / AWS IAM Identity Center — your IdP carries the US-person flag, we enforce based on it.

What about cleared foreign persons?

USML category-specific. Some categories allow access by foreign persons in covered countries with proper licensing. PolicyCortex tracks licensing state and adjusts gating per category.

Deemed-export detection — what triggers it?

Sharing patterns: tech data moved to a region or principal where a non-US person could access. We surface the pattern, the disposition (allowed / review / blocked) flows through your compliance officer.

Does this satisfy DDTC?

PolicyCortex produces the disclosure trail. DDTC inquiries respond from the audit log. The platform is a control + evidence layer, not a DDTC submission tool.

PROCUREMENT · NEXT STEP

Defense exports. Enforced at runtime, not at audit.

$15,000 flat for the 30-day pilot. US-persons-only access, GovCloud-only deployment, audit-grade evidence.

Book 30-min demo Full pricing
SYS: ONLINE
FOCUSCMMC L2 / L3
BUILD0aed52
CMMC DEADLINET-d
©2026 POLICYCORTEX, INC.