Architecture
1factory is a web application (written in Java) and uses a relational database as the backend. The web application server runs in an EC2 AWS instance. The data (files) are stored in 2 redundant EBS volumes attached to that instance. The data is stored in an RDS database hosted by AWS. File data is backed up daily into another AWS region, database is mirrored with a failover instance in a separate AWS availability zone. In addition, database data is continuously replicated into a different AWS region.
Compliance
1factory complies with ALL NIST-800-171 security requirements. 1factory maintains a SOC2 Type II certificate, and performs an annual penetration test. We are audited annually, and our most recent audit report is available upon request.
The system is hosted on AWS GovGloud, an isolated AWS region designed to host sensitive data and regulated workloads in the cloud. This helps customers support U.S. government compliance requirements, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud implements a stricter standard of access control and intrusion detection than ordinary AWS accounts.
Encryption
HTTPS
All customer data transfer from client to server is conducted over standard HTTPS/TLS 1.2, using a certificate with 2048-bit RSA public key / SHA-256 with RSA encryption.
RDS Database
All customer data is encrypted at rest. Data (e.g. Part Numbers, Measurements etc.) are stored in an encrypted Amazon RDS instance. EC2 instances and RDS are located within the same VPC (Virtual Private Cloud).
(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html)
File System
Drawings, Raw Material Certificates etc. are stored on encrypted Elastic Block Storage (EBS) volumes. (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html)
Note: Amazon RDS encrypted DB instances, and Amazon EBS use the industry standard AES-256 encryption algorithm.
Additional ITAR / Sensitive Document Security
1factory provides a configuration whereby an organization (and individual part masters within that org) can be designated as “ITAR”.
Drawings and other documents for parts designated as ITAR can only be accessed by the users that are also designated as having “ITAR” access. (This also applies to objects shared across organizations).
“ITAR” documents can be optionally encrypted using a randomly generated data encryption key per individual parent plan. Such data keys are generated and stored encrypted using AWS KMS service. AWS KMS utilizes HSM hardware, and encryption keys used by KMS never leave the underlying HSM. (A separate KMS key is used for each customer to encrypt their data keys, and it is possible to independently regenerate / delete keys as required by a customer, rendering their encrypted data unreadable if required). Whenever a file needs to be encrypted or decrypted, the encrypted data key is sent over to KMS for decryption and the returned data key in plain text is used to encrypt/decrypt the file.
https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
The data key in plain text is kept in server memory only for the duration required to perform a cryptographic operation on a file (typically a few milliseconds) and in the unlikely case when an EC2 server is compromised and memory dump is performed, there is a very small chance that this happens exactly at the time when the data key is in memory. Furthermore, even in unlikely event when an individual data key is compromised, it would allow access to only one object, all other objects/plans remaining safe.
This further protects drawings in case of breach of access to EC2 servers and encrypted EBS volumes.
Access Control
Login Settings
1factory can be configured per organization (session time-outs, number of log-in attempts, password reset interval).
2FA / SSO
1factory may be configured to delegate authentication to an organization’s LDAP/SAML 2.0 compliant SSO solution.
IP Address Restriction
1factory may be configured with a list of IP addresses from which access is allowed.
User Roles
1factory features a set of user roles and permissions that govern access to various parts of the applications, ranging from “Admin” that has full control to “Read Only” that allows read-only access to any object in the system.
1factory employees have an ability to impersonate user accounts (for troubleshooting / account set up). Impersonation access is “read-only”. 1factory employees do not have access to parts marked “ITAR” during impersonation for troubleshooting.
Data Sharing
Data (Plans, FAIs, Inspections) can be shared from the supplier to the buyer. And in the near future (work in progress) vice versa - from buyer to supplier.
URL / Access Log
1factory maintains a URL access log that records every URL accessed by the users (with timestamp and IP address).
Audit History
1factory records modifications to each object (Plan, Specifications etc) with timestamp and user id. Also whenever any object is deleted - it is recorded in the “delete history” log.
Internal Access Control
Internal access to AWS requires 2FA (through Google Authenticator) and is restricted to very few staff members. Access to EC2 is only from a predefined IP address (defined in “Security Groups”) only using RDP protocol.