Compliance solution
An ERP that keeps ITAR-controlled data inside the boundary.
Cortrova is an ITAR-aware manufacturing ERP for defense and aerospace suppliers that handle export-controlled technical data. Controlled documents are marked and access-scoped by permission, every action is audit-trailed, and the whole platform deploys on-premises or fully air-gapped so ITAR technical data never leaves the boundary or US-person control. CMMC 2.0 Level 2 ready and DFARS-aligned.
The challenge
- !ITAR technical data spread across email, shared drives, and disconnected shop-floor tools, with no reliable way to prove who accessed what
- !Cloud ERPs that cannot guarantee export-controlled data stays inside the facility or inside US-person control
- !Manual, document-by-document access control that fails under audit and slows the floor
- !Separate systems for quality, documents, and finance, so an ITAR or DFARS audit becomes a multi-week evidence hunt
How Cortrova answers
- ✓Export-controlled documents and records are marked and access-scoped by attribute-based permission, so only cleared users reach controlled technical data
- ✓The full platform deploys in the cloud, on-premises, or fully air-gapped, keeping ITAR technical data inside the boundary it must stay in
- ✓Every read, edit, signature, and disposition is attributed and time-stamped, so access history is a query, not a reconstruction
- ✓Trunnion AI agents can run on on-premises models, so AI assistance never sends controlled data to an external API
- ✓Quality, documents, maintenance, and finance run on one data model, so the evidence an ITAR or DFARS audit needs is already connected
How Cortrova contains controlled data
Marked, scoped, and kept inside the boundary.
ITAR compliance is an access-and-audit problem before it is a paperwork problem. Cortrova treats it that way.
Document marking
Export-controlled and ITAR content is marked at the document level with a controlled copy of record and full revision history.
Attribute-based access
Access is scoped by role and attribute, so controlled technical data is visible only to permitted, cleared users.
Air-gapped deployment
Run the entire platform on-premises or fully air-gapped, with no external calls, so technical data never leaves the facility.
Provable audit trail
Every action against a controlled record is attributed and time-stamped for a defensible access history.
How it works
Adopting ITAR-compliant ERP.
Deploy inside your boundary
Stand Cortrova up in the cloud, on-premises, or fully air-gapped, matched to your ITAR and CUI data-handling requirements.
Mark and scope controlled data
Controlled documents and records are marked and access is scoped by attribute, so only cleared users reach export-controlled technical data.
Work is captured and audited
Inspections, signatures, dispositions, and cost records are logged against the record of origin, each one attributed and time-stamped.
Prove it on demand
Access history, revision history, and the CAPA and cost-accounting trail pull in minutes for an ITAR, DFARS, or customer audit.
FAQ
Questions, answered.
Is Cortrova ITAR compliant?
Cortrova is built to support ITAR compliance for manufacturers handling export-controlled technical data. It provides document-level marking of controlled content, attribute-based access control so only permitted users reach ITAR data, full audit trails, and cloud, on-premises, or fully air-gapped deployment so technical data stays inside the boundary. ITAR compliance is ultimately a function of your program and controls; confirm your specific registration and data-handling requirements with our team.
Can Cortrova run fully air-gapped for ITAR technical data?
Yes. The entire platform, including its embedded Trunnion AI agents running on on-premises models, can be deployed on-premises or fully air-gapped with no external network calls, so ITAR-controlled technical data never leaves your facility or US-person control.
How does Cortrova control who can see export-controlled data?
Access is governed by attribute-based access control. Controlled documents and records are marked and scoped so only cleared, permitted users can view or act on export-controlled technical data, and every access is logged for a defensible audit trail.
Does ITAR overlap with CMMC and DFARS in Cortrova?
Yes. The same access control, document marking, and audit infrastructure that supports ITAR also supports DFARS 252.204-7012 and CMMC 2.0 Level 2 readiness for CUI, and the finance module supports DCAA and FAR/DFARS cost accounting, so one platform covers the overlapping defense requirements.
Get started
Bring this into your compliance boundary.
We'll tailor a demo to your program, controls, and deployment constraints.