ITAR

Everlaw provides a secure, compliance-focused platform designed to support government agencies and legal teams in managing sensitive data while adhering to stringent security and regulatory requirements.

International Traffic in Arms Regulations (ITAR)

International Traffic in Arms Regulations (ITAR) governs the export and handling of defense-related articles, services, and technical data, restricting access to authorized U.S. persons.

There is no compliance certification program for ITAR. Customers may choose to upload ITAR-protected materials into the Everlaw platform, and such data cannot be accessed, released, or transferred outside the U.S. or to foreign persons. When using Everlaw, consider how your ITAR obligations may be impacted.

ITAR at Everlaw

Enhanced Access Control
FedRAMP Authorized
Shared Responsibility
Encryption

Enhanced Access Control

Everlaw allows customers to restrict devices by IP address and/or location. This whitelisting capability includes access control tools including both location and IP whitelisting that can help restrict a customers’ access to the United States and approved IP addresses only.

FedRAMP Authorized

Everlaw holds FedRAMP Moderate Authorization and undergoes continuous audits by an accredited FedRAMP independent third-party assessment organization (3PAO).

By leveraging Everlaw’s FedRAMP Moderate Authorized Government Community Cloud (GCC), customers ensure their data is stored exclusively within U.S. locations, maintaining control over data residency while meeting stringent federal security standards.

Shared Responsibility

Everlaw maintains the security and compliance of our cloud infrastructure and core services, while customers manage their own security obligations. This includes overseeing account provisioning within their Everlaw-hosted projects, managing employee access locations, and ensuring secure data transmission into and out of the Everlaw platform. We’re here to provide a secure foundation while giving you the flexibility to manage your organization’s unique compliance needs.

Encryption

Everlaw protects customer data with encryption both in transit and at rest. All communications within the Everlaw platform—whether between customers, their clients, Everlaw, or third-party applications—are secured using HTTPS with Transport Layer Security (TLS). Additionally, where possible, we have implemented and enabled FIPS-validated encryption to further enhance security.