https://www.bluecoat.com/resources/cloud-governance-compliance/manufacturing-and-defense-itar

https://support.mailroute.net/entries/36394163-ITAR-International-Traffic-in-Arms-Regulations-

https://support.mailroute.net/entries/98533857-ITAR-Compliance-FAQ-s

On June 3, 2015, the Department of State issued a Federal Register notice requesting comments on proposed amendments to the ITAR (ITAR, 22 C.F.R. Parts 120 – 130) that would revise certain definitions and update controls on the transmission and storage of technical data in the cloud. In particular, it proposed that data going to a cloud environment would not be treated as an export if it was:

• Unclassified
• Secured using end-to-end data protection
  • With the appropriate encryption strength
  • Using a secure implementation with the required policies and controls
• Not stored in a prohibited country
• No access by non-US citizens