<img src="https://ad.doubleclick.net/ddm/activity/src=11631230;type=pagevw0;cat=pw_allpg;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1;num=1?" width="1" height="1" alt=""> ITAR Compliant Email and File Sharing | Virtru
itar compliance

ITAR Compliant Email and File Sharing

Prevent non-US entities from accessing ITAR technical data throughout cloud-based sharing workflows with data-centric protection and powerful key management capabilities.

Virtru hosts everything in the U.S., uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.

Enable ITAR Compliant File Sharing Workflows for Technical Data

Manufacturing and aerospace and defense organizations with ITAR technical data related to items on the United States Munitions List (USML) must protect it from access by non-U.S. entities, but gaps in native cloud security capabilities limit your visibility, presenting a dilemma.

The ITAR Encryption “Carve Out” Rule states that:

  • Cryptographic protection must be applied prior to data being sent outside of the originator’s security boundary and remain undisturbed until it arrives within the security boundary of the intended recipient. This means encrypting data prior to emailing or sharing it.
  • Encryption must be certified by the U.S. National Institute for Standards and Technology (NIST) as compliant with the Federal Information Processing Standards Publication 140-2 (FIPS 140-2), or meet or exceed a 128-bit security strength.
  • Information that can be used to decrypt (access) the technical data may not be shared with a third party (such as a cloud or email provider).

Virtru helps support ITAR compliance by protecting ITAR technical data from access by non-U.S. entities wherever it’s shared, unlocking the cloud’s efficiency and cost-saving benefits. With end-to-end encryption, enforceable security settings, granular access controls, and customer-hosted key management capabilities, Virtru helps prevent foreign access to technical data in the cloud.

Unlock ITAR Compliant Digital Supply Chain Workflows


True Privacy

Prevent foreign entities, hackers, cyber-spies, and cloud vendors from accessing data or the keys protecting it with end-to-end encryption and customer-hosted keys.


Secure Sharing

Keep ITAR technical data protected wherever it’s shared throughout cloud-based supply chain workflows and maintain persistent control and visibility at all times.


Expanded Innovation

Create limitless collaboration workflows with partners that support new service and product innovation to drive growth while you maintain ITAR compliance.

Data Protection and Control to Prevent Access by Non-US Entities

End-to-End Encryption

Encrypt Gmail and Outlook messages and Drive files directly within the client, before they reach cloud servers to avoid concerns regarding geolocation and access by non-U.S. personnel. Prevent human error by automatically adding encryption for users who handle ITAR-protected data to protect emails and files (including drafts).


Persistent Protection and Control,
Seamless Access

Disable forwarding, set expiration, and revoke access immediately. Watermark files to deter technical data leaks. Apply persistent protection to maintain control wherever files are shared, while giving supply chain partners seamless, secure access through the Secure Reader.

Granular Audit Trails

View when and where email messages, attachments, and files containing ITAR technical data have been accessed during their lifecycle. Adapt controls as access requirements evolve throughout supply chain workflows.


Data Loss Prevention (DLP)

Configure DLP rules that scan emails and attachments to detect private data, then automatically enforce encryption and access controls that persistent throughout collaboration workflows to ensure privacy.

Proven Platform to Support ITAR Compliance

Trusted Data Format (TDF)

U.S. government-approved data protection standard that binds encrypted data to policies and metadata to protect technical data.

Software Development Kit (SDK)

Embed data protection and access controls into the apps and systems that power your sensitive, digital supply chain workflows.

Key Management

Host your own keys so unauthorized parties can never access your data. Integrate with existing processes and Hardware Security Modules.

Ready to take the next step?


Tower Semiconductor Logo Winchester Interconnect Logo
National Oceanic and Atmospheric Administration Verizon Logo