Overview:
1factory complies with ALL NIST-800-171 security requirements. We maintain a SOC2 Type II certificate, and perform an annual penetration test. We are audited annually, and our most recent audit report is attached along with this email
Hosting:
The system is hosted on AWS GovGloud, an isolated AWS region designed to host sensitive data and regulated workloads in the cloud. This helps customers support U.S. government compliance requirements, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud implements a stricter standard of access control and intrusion detection than ordinary AWS accounts.
Encryption during Transport:
All customer data transfer from client to server is conducted over HTTPS/TLS 1.2 using a 2048-bit RSA public key with 256-bit encryption on a restricted port list. Connection attempts over other protocols and/or ports are rejected.
Encryption at Rest:
- Data: All customer data is encrypted at rest. Data (e.g. Part Numbers, Measurements etc.) are stored in an encrypted Amazon RDS instance. (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html)
- Files: Drawings, Raw Material Certificates etc. are stored on encrypted Elastic Block Storage (EBS) volumes. (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html)
Note: Amazon RDS encrypted DB instances, and Amazon EBS use the industry standard AES-256 encryption algorithm.
Enhanced ITAR /Sensitive-Data Security:
Drawings and other documents for parts designated as ITAR can be optionally encrypted using a customer-controlled encryption key. This further protects drawings in case of breach of access to EC2 servers and encrypted EBS volumes.
User Authentication and Access Controls:
- Access controls can be configured per organization (e.g. Session time-outs, Number of log-in attempts, Password reset interval, IP address restrictions etc.).
- Single Sign-On (SSO): 1factory may be configured to delegate authentication to an organization’s LDAP/SAML 2.0 compliant SSO solution.