Meet your ITAR export requirements in the cloud

The SafeShare solution for the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR) helps customers leverage private and public Clouds for regulated business processes.
“All in all our employees are really thrilled at how easy to use the site is in comparison with FTP sites they’ve had to use in the past.”

SafeShare for ITAR is a secure enterprise file sync and sharing solution deployed in Amazon GovCloud and offered as a multi-tenant SaaS. SafeShare for ITAR allows small to medium businesses to migrate regulated data to the Cloud without impacting their employees’ ability to access and securely share sensitive information. This platform automatically and transparently secures files with end-to-end encryption, granular access controls, and multi-factor authentication. Unlike commercial cloud offerings (Office 365, Google Drive, Dropbox, and Box), SafeShare for ITAR allows businesses to adopt the cloud without compromising their compliance requirements.

If your organization is planning on or is currently working on material defined within Part 121, the USML it is very likely you are required to be compliant with ITAR regulation 22 CRF 120-130.

Please refer to the Enumeration of Articles published by the Electronic Code of Federal Regulations (e-CFR) for the reference to materials.


Cloud Based

‘SafeShare for ITAR’ is a secure, ITAR and EAR complaint cloud-based system with files stored in a US sovereign cloud.

End-to-End Encryption

Files are protected according to the end-to-end encryption definition in the EAR

Zero Installation

Access SafeShare for ITAR from any device or web browser

Two Factor Authentication

Strong authentication of users to prevent breaches due to stolen passwords

Audit Trail

Reporting on usage and logging of all access

Identity Provider Integration

Integrates with services such as Microsoft ADFS for identity management and authentication

Share with Partners

Easily grant access and share information with external users

First Class Support

US-based customer support for quick responses to your questions

SafeShare for ITAR

Sensitive Data is Protected

Because the files are encrypted end-to-end, then even
if the system is compromised your documents are protected from being read by anyone that you have not authorized.

The encryption keys are strictly managed by the ‘SafeShare for ITAR’ system to enforce access control according to permissions set by the document owner.

Even your IT systems administrator cannot access the files or encryption keys.

Data-Centric Security

‘SafeShare for ITAR’ is a file storage system that encrypts files as hey are uploaded into the system. Access is controlled by the Document Owner who assigns individuals permissions such as download, view-only or edit online.

Documents are then automatically un-encrypted when accessed by authenticated and authorized individuals.

This approach to high security data management is called ‘Data-Centric Security’, where the focus is on protecting the data itself, as the key asset, rather than depending on network security or blocking intruders at the perimeter.

Easy-to-use System for Compliant ITAR Record Keeping

‘SafeShare for ITAR’ provides a secure, structured records storage system for compliance with ITAR record keeping requirements.

These include the ‘Office of Export Compliance’ and ‘e-CFR’ (Electronic Code of Federal Regulations) record keeping requirements for ITAR companies, where all shipping and export transaction documents are to be securely stored and organized for quick retrieval during audits.


SafeShare for ITAR’ is a cloud-based, highly secure and easy-to-use file storage and sharing system that has been packaged specifically for ITAR and EAR regulated data.

You can restrict access to any location or country – just set the coordinates!

USA Geofence restriction
SafeShare - restricting file access by country.
Positive User Experiences

‘SafeShare for ITAR’ has been developed to be intuitive and easy-to-use, recognizing that system users want to focus on their business rather than how to correctly use the file sharing system.

The system has been designed to deliver maximum practical automation and the least possible dependence on manual user processes.

To the greatest extent possible, ‘SafeShare for ITAR’ operates automatically in the background in a way that minimises user impact while ensuring the effective application of security controls.

“I would recommend SafeShare to any organization that needs to be in compliance with ITAR, and am confident the product and company will stand up to that reference.”

Cary Glover
Cast-Rite Corporation | US Defense Contractor

Download Your Free Whitepaper 

ITAR and EAR Compliance in the Cloud

Find out how to create a ITAR and EAR compliant infrastructure for data.

  • Describes 4 main challenges
    • Most commercial cloud offerings are non ITAR compliant
    • Technical Data can be hard to define
    • Encryption of data in transit and at rest is not the same as End-to-End Encryption
    • Native permissions management capabilities are insufficent
  • Discover specfic controls SafeShare can address
Cover of Whitepaper on ITAR and EAR


Cocoon Data maintains an ISO 27001 certification, adheres to NIST 800-171 guidelines and we are in the process of adopting CMMC prior to this new regulation going live. 

Data ownership by default is linked to the user that created the data. Each piece of data is encrypted with its own AES-256 bit key and the key is owned by the owner of the data.

All data is stored in AWS GovCloud.

All data is encrypted prior to transit in and out of SafeShare in GovCloud. Data at rest is encrypted with AES-256 bit encryption keys which are only accessible by the data owner (user). Each document is encrypted with its own unique AES-256 bit encryption key (100 documents have 100 unique keys. Our patented approach to encryption and policy association the data owner identity allows for more granular and secure controls then traditional volume encryption which only employs 1 encryption key and relies solely on policy to protect sensitive data.

All Cocoon Data engineering staff are required to pass a background check. Engineers that work on our GovCloud Operations Team have additional requirements such as being a US citizen and going through extensive training on ITAR regulation and security protocol for such regulated data.

All GovCloud operations follow strict security guidelines including, but not limited to, change control of all system configurations, internal audits, internal penetration testing, formal review processes, C3PAO audits and C3PAO penetration testing. In the event of a data breach we will employ our critical security response team to shut down the breach, gather forensic evidence and notify our customer base of such an incident.

All support is conducted in house. Most development is conducted in house. All development that is conducted by third parties is reviewed and audited prior to merge with any of our products.

All data is backed up for 35 days.

SafeShare is built on modern high availability cluster architecture that allows for a high degree of flexibility and uptime. All data is stored in a database independently from infrastructure. Backups are done daily and stored for 35 days. The following conditions are made:
a) Determine Process and System Criticality 
b) Identify Outage Impacts and Estimated Downtime
             i) Outage Impacts
             ii) Estimated Downtime
Maximum Tolerable Downtime (MTD)
                    2: Recovery Time Objective (RTO)
                    3: Recovery Point Objective (RPO)
c) Identify Recovery Priorities for System Resources
             i) Recovery Time Objective (RTO)

Cocoon Data requires all GovCloud engineers to sign an NDA requiring them to not divulge or disclose sensitive information about Cocoon Data, Cocoon Data clients or sensitive information about any party learned under their employment.

Cocoon Data updates and/or performs routine maintenance on SafeShare infrastructure at least quarterly. 

Please see Cocoon Data’s SLA documentation. 

(99.9%?, 95%?) Cocoon Data offers a minimum of 99.9% uptime of our SaaS offerings.