An Aerospace & Defense TSA exit is governed less by technology than by control. Security clearances, ITAR and EAR boundaries, facility accreditation, and program continuity dictate what can move, when, and to whom. Every move in it ties back to the broader TSA exit strategy a disciplined buyer runs.
In most carve-outs the long pole is systems. In aerospace and defense it is the security infrastructure. A Newco that performs classified work needs its own facility clearance, its own cleared personnel, and a foreign ownership, control, or influence posture that the Defense Counterintelligence and Security Agency will accept. None of that moves on a software timeline, and none of it can be rushed by spending money.
The facility clearance is the gating item. A Newco cannot perform on classified contracts until its facility is accredited and its key management personnel are cleared in the new entity. If the buyer has private equity ownership with foreign limited partners, the FOCI mitigation arrangement, often a proxy agreement or special security agreement, has to be negotiated and approved before the entity can operate. That approval timeline drives the entire exit.
The buyer-side discipline is to start the clearance and FOCI work the day the deal signs, not when the TSA exit approaches. These approvals take months and depend on government counterparties the buyer does not control. Every other workstream can be perfectly executed and the exit still slips if the cleared environment is not ready. Sequence everything else behind this.
The TSA itself often has to cover classified IT services longer than a commercial carve-out would tolerate, because the seller's accredited environment cannot be replicated quickly. That extended dependency makes the commercial terms of the security related TSA services unusually important. The buyer negotiates these knowing it has limited ability to accelerate the exit.
Export control turns ordinary separation tasks into compliance events. Technical data covered by ITAR cannot be transferred to a system, a person, or a jurisdiction without the right authorization. A routine data migration that would be a weekend task in a commercial carve-out becomes a controlled transfer that has to be scoped against the export control classification of every dataset involved.
The buyer maps the export control landscape before any data moves. Which programs are ITAR controlled, which are EAR, which technical data packages are involved, and which personnel are authorized to handle them. That map governs how the migration is designed. Cleared and controlled data may need to move through accredited channels while commercial data moves on the normal track.
Personnel access is the trap. During a TSA the seller's administrators often retain access to systems holding controlled technical data. Every one of those administrators has to be authorized, and access by anyone who is not is a violation, not just a risk. The buyer audits seller side access to controlled environments and closes any gap before it becomes a reportable event.
The exit is not complete when the data has moved. It is complete when the Newco can demonstrate an export control compliance program of its own: a technology control plan, trained personnel, and the empowered official structure the regime requires. The seller provided that umbrella during the TSA. Standing up the Newco's own program is a named workstream, not an assumption.
Defense programs run on contracts with delivery milestones, government oversight, and customers who do not absorb disruption gracefully. A TSA exit that interrupts production on a program of record is not a cost problem. It is a customer and reputation problem with a government counterparty that has a long memory. Continuity is the constraint the entire exit is designed around.
The buyer maps every active program against the systems and services the TSA covers. Production planning, supply chain, quality management, and earned value management systems all touch program delivery. The exit sequence has to ensure that no program loses the systems it depends on during a delivery critical window. That often means timing cutover around program milestones rather than around the buyer's preferred schedule.
Quality and configuration management deserve specific attention. Defense manufacturing runs on controlled processes and traceable records. Migrating a quality management system or a product lifecycle management system without preserving full record integrity can put certifications and program compliance at risk. The migration is validated against record completeness, not just system function.
Government customers may need to be notified of the ownership change and the operational transition. Novation of contracts to the new entity is its own legal and administrative track that runs in parallel with the operational exit. The buyer does not treat novation as a back office formality. An incomplete novation can leave the Newco unable to invoice or perform under contracts it believes it owns.
Aerospace and defense supply chains carry obligations that flow down from prime contracts: cybersecurity requirements, counterfeit parts prevention, country of origin rules, and quality standards. When the Newco takes over vendor relationships from the seller, it inherits the responsibility to flow those obligations down correctly. A procurement separation that ignores the compliance overlay creates exposure that surfaces in the next audit.
Cybersecurity maturity is now a contractual requirement on much defense work. The Newco has to meet the assessment level its contracts demand, on its own systems, by the time the TSA exits. If the seller provided the compliant environment, the Newco's standalone environment has to reach the same bar before it can perform. This is a gating dependency that buyers routinely underestimate.
Vendor consents matter more here because many suppliers hold their own clearances and program authorizations. Assigning a supplier contract to the Newco may require the supplier to recognize the new entity in the program security context, not just sign a commercial novation. The buyer scopes vendor transition with the security dimension in view, not as a pure commercial exercise.
The buyer-side move is to treat supply chain separation as a compliance migration, not a contract reassignment. Each critical supplier relationship is checked against the flow down obligations the Newco must maintain. The procurement discipline that supports this is covered in our note on the matching Aerospace and Defense carve-out.
The aerospace and defense exit sequence inverts the commercial playbook. Commercial carve-outs lead with systems and treat compliance as a workstream. Defense carve-outs lead with the cleared environment, export control, and program continuity, and treat systems as the thing that has to fit inside those constraints. The buyer who sequences the other way around will miss the date.
Practically, the critical path runs through facility clearance and FOCI approval, then the standup of the Newco's own export control and cybersecurity compliance programs, then program by program system cutover timed around delivery milestones. Commercial IT separation, the bulk of an ordinary carve-out, is often the easiest part here because it sits outside the controlled environment.
The governance has to include government and program parties, not just the buyer and seller. Decisions about cutover timing on a program of record are not purely commercial. They involve the program office and sometimes the customer. A governance structure that excludes them will make commitments it cannot keep. The exit plan is socialized with the program office and the customer early.
Defense carve-outs reward buyers who respect the constraints and punish those who treat them as friction to be optimized away. The clearances take what they take. The compliance programs have to be real. The programs cannot be disrupted. A buyer who plans the exit around those truths lands it. A buyer who plans around an idealized systems timeline pays for the difference in extension fees and program risk.
The cleared environment, not the technology, sets the timeline. Facility clearance, FOCI mitigation, ITAR and EAR controls, cybersecurity requirements, and program continuity all gate the exit. Commercial IT separation is often the easy part. The hard part is standing up the Newco's own controlled environment to government standards.
A Newco performing classified work needs DCSA to accept its foreign ownership, control, or influence posture before it can operate. With private equity ownership that includes foreign limited partners, a proxy or special security agreement has to be negotiated and approved. That government dependent timeline runs to months and cannot be accelerated by spending.
ITAR controlled technical data cannot transfer to a system, person, or jurisdiction without authorization. A routine migration becomes a controlled transfer scoped against the export classification of every dataset and the authorization of every person with access. Seller side administrator access to controlled environments has to be audited and closed.
Government contracts must be novated to the new entity, a legal and administrative track that runs parallel to the operational exit. An incomplete novation can leave the Newco unable to invoice or perform under contracts it believes it owns. It is a named workstream, not a back office formality.
The diligence and separation view of a defense carve-out under a TSA.
Read the article →Where regulatory approval and data controls govern a financial carve-out exit.
Read the article →Regulated assets and operational technology in an energy carve-out exit.
Read the article →The 90-day governance, IT, finance, HR and procurement separation plan we run on live carve-outs. Get the playbook plus the bi-weekly Day One Letter — short, signal-heavy, buyer-side.
No spam. Unsubscribe in one click. · Read the overview first →

Fixed-fee scope to sequence the exit around clearances, export control, and program continuity. Senior team on day one. The first conversation is always free.
Seven buyer-side moves to exit a Transition Services Agreement on time and below budget. The mark-up, the extension-fee curve, exit sequencing, and the 11-month calendar.
A representative $200M-revenue manufacturing carve-out runs a Transition Services Agreement across nine functions while three plants keep shipping. The moves below cut the exit from an 18-month drift to an 11-month managed exit and remove $3.0M of mark-up and stranded cost — without stopping a single production line.
One tactic, one benchmark, or one pattern from a recent buyer-side engagement. Short. Signal heavy. Free.
Subscribe to The Day One Letter →