Security & Compliance
Built on AWS GovCloud for defense manufacturers who handle ITAR-controlled data and need CMMC Level 2 compliance.
Why Security Matters for Manufacturers
If you manufacture parts for the Department of Defense, you handle Controlled Unclassified Information (CUI) — technical drawings, specifications, and production data that falls under ITAR and DFARS regulations. RSA Manufacturing ERP is built from the ground up on government-authorized infrastructure. Every component — from the database to file storage to user authentication — runs on AWS GovCloud, the same platform used by defense agencies.
Security at Every Layer
Government-grade infrastructure, access control, and audit readiness.
AWS GovCloud (US)
All data hosted exclusively in AWS GovCloud us-gov-east-1 — FedRAMP High authorized, the same infrastructure used by the Department of Defense.
US-Only Data Residency
Data never leaves the United States. AWS GovCloud data centers are physically located in the US and operated exclusively by US persons.
AES-256 Encryption
All data encrypted at rest via AWS KMS with customer-managed keys. TLS 1.3 enforced for all connections in transit.
Multi-Factor Authentication
TOTP-based MFA required for all users. No SMS fallback. 30-minute session timeout per CMMC AC.L2-3.1.10.
Role-Based Access Control
Granular permissions by role: Admin, Manager, Operator, Customer. Enforced at middleware and API level.
Citizenship Verification
ITAR-controlled data is restricted from foreign national access with automatic enforcement at the application level.
Isolated Database per Customer
Each customer gets their own Aurora PostgreSQL database in a private subnet. Data is never commingled between organizations.
Complete Audit Trail
Every action logged with user, timestamp, IP, and before/after values. AWS CloudTrail and VPC Flow Logs for infrastructure-level visibility.
Web Application Firewall
AWS WAF with OWASP rules, SQL injection protection, rate limiting, and geographic restriction to US-only access.
Built by Manufacturers, Secured for Defense
110
NIST 800-171 Controls
All 14 control families implemented
AES-256
Encryption Standard
KMS-managed keys at rest & in transit
30 min
Session Timeout
CMMC AC.L2-3.1.10 compliant
US Only
Data Residency
AWS GovCloud us-gov-east-1
Ready to Secure Your Shop Data?
If you handle ITAR-controlled data or need CMMC compliance, RSA ERP is built for you. See the platform and talk to our team about your security requirements.