ITAR · 22 CFR 120-130
Every foreign person screened.
Every entry on record.
ITAR makes the front desk an export-control checkpoint. LogBook360 screens against OFAC, DDTC Debarred, and Entity Lists in real time, captures citizenship under §120.62, and retains tamper-evident logs for the full 5-year §122.5 window.
A single uncleared foreign-person visit can be a USD 1.27M civil penalty per occurrence.
ITAR / Export Control Screen
Sarah MitchellUS
OFAC ✓ DDTC ✓ EAR ✓
James OkaforNG
OFAC ✓ DDTC ✓ EAR ✓ FN-screen ✓
All visitors cleared · §120.62 documented
Where ITAR meets reception
Four controls every DDTC-registered facility must enforce at the door
Cyber controls protect data on screens. Front-desk controls protect the people who could walk past one.
ITAR control
Foreign person screening
Every non-US-person visitor is a deemed export risk. §120.62 demands you know nationality, dual citizenship, and visa status before granting access.
ITAR control
Denied-party list screening
OFAC SDN, DDTC Debarred, Entity List, Unverified List, all must be checked before a visitor can enter a controlled area. Manually checking 4+ lists is error-prone.
ITAR control
Controlled-area access logs
Who entered which restricted area, when, for how long, escorted by whom. DDTC consent agreements require this to the minute.
ITAR control
5-year record retention
§122.5 mandates 5-year retention of all export-related records. Paper logs disintegrate. Spreadsheets get deleted. Auditable systems don't.
Section mapping
22 CFR sections. LogBook360 controls.
§120.62
Requirement
Foreign person definition
LogBook360 control
Citizenship and visa status captured at check-in, stored against the visit record
§126.1
Requirement
Prohibited country exports
LogBook360 control
Auto-block visitors from §126.1 countries unless a TAA or license is on file
§120.17
Requirement
Defined technical data exposure
LogBook360 control
Restricted-area access requires authorization workflow + foreign-person review
§127.1
Requirement
Unauthorized export prevention
LogBook360 control
Real-time OFAC SDN, DDTC Debarred, and EAR Entity List screening at the kiosk
§122.5
Requirement
Recordkeeping (5 years)
LogBook360 control
Tamper-evident visitor logs retained 5 years minimum with full audit trail
§127.12
Requirement
Voluntary disclosure evidence
LogBook360 control
Exportable incident packets if a violation is identified, preserves DDTC mitigation
Non-compliance risk
ITAR is the only framework with prison time on the table
DDTC enforcement reaches both the company and the Empowered Official personally. Civil penalties have no aggregate cap. Criminal exposure follows willful conduct, including poor record-keeping.
US
United States (Civil)DDTC civil penalty
USD 1.272M per violation
Unauthorized disclosure of ITAR-controlled technical data to a foreign person
Statutory debarment
3-year ban from defense exports
Conviction of any export-related offense
Administrative debarment
Loss of export privileges
Pattern of violations or insufficient controls
US
United States (Criminal)Willful violation
USD 1M per violation + 20 yrs prison
Knowingly exporting controlled tech without authorization
Corporate criminal liability
USD 1M per count
Officers and directors personally exposed
False statement (§127.2)
USD 250K + 5 yrs prison
Inaccurate visitor or export records submitted to DDTC
GL
Contractual & reputationalDoD contract termination
Entire award + back-pay clawback
Loss of DDTC registration ends all defense work overnight
Prime/sub flow-down
Removal from approved supplier list
Primes audit subs annually, one finding ends the relationship
Public DDTC consent agreement
Multi-million remediation costs
Settlements are published; reputational harm compounds penalties
Real enforcement
Honeywell International
USD 13M (DDTC, 2021)
Unauthorized exports of technical data to China, Taiwan, Mexico, Canada, Ireland
Bright Lights USA
USD 400K (DDTC, 2022)
Failure to maintain ITAR records and unauthorized foreign-person access
Keysight Technologies
USD 6.6M (DDTC, 2021)
Defective product disclosures and inadequate visitor screening at controlled facilities
Implementation
ITAR-defensible reception in a few weeks
1
Registration & jurisdiction
1 week
Confirm DDTC registration is current. Identify which products, technologies, and facilities fall under USML.
2
Visitor flow audit
1-2 weeks
Map every entry point to controlled space. Identify where foreign-person access is currently uncontrolled.
3
Deploy LogBook360
1 week
Configure citizenship capture, denied-party list integrations, escort workflows, and 5-year retention.
4
Empowered Official sign-off
1 week
Your EO reviews evidence and signs off. Tabletop a §127.12 voluntary disclosure scenario.
Move uncleared foreign-person risk off your front desk
Our compliance team will walk your Empowered Official through every ITAR control LogBook360 enforces, from §120.62 capture through §122.5 retention, and show you the audit packet your next DDTC inspector will receive.