With its chief technology officer noting that manufacturers are “major target for cybercrime,” Paperless Parts is introducing data-security capabilities for the job shops and contract manufacturers using its quoting platform. The new Paperless Parts IT Module will help users ensure that sensitive data, especially Controlled Unclassified Information (CUI), is handled appropriately during quoting.
The new capability is particularly suited to operations working in the defense manufacturing supply chain, who frequently handle sensitive intellectual property (IP) and high-security information.
“The U.S. invests more than $100 billion dollars into defense research and development annually. In the private sector, companies spend billions each year developing their intellectual property. Protecting the IP of these organizations is a matter of national security, and maintaining American competitiveness on a global scale,” according to Paperless Parts co-founder and CEO Scott Sawyer.
U.S. DoD contract manufacturers are required to adhere to strict security standards, including multi-factor authentication, tight access control, and detailed audit capabilities. As early as May 2023, such manufacturers will be subject to third-party audits to ensure compliance with the standards outlined in the Cybersecurity Maturity Model Certification (CMMC) 2.0. Individual shops will have to ensure that all of their security and IT control processes are CMMC-compliant.
Boston-based Paperless Parts is a Cloud-based estimated and quoting software that supports a broad range of manufacturing functions, including milling and machining, sheet metal fabrication, and additive manufacturing. The ITAR-registered site is hosted on Amazon GovCloud (also used by DoD), and leverages in-transit data encryption using TLS v1.2 with modern ciphers, at-rest data encryption using AES-256, 100% US-based system administrators and support team, a System Security Plan based on the FedRAMP Moderate baseline (NIST 800-53), nightly data back-ups, and more.
The new Paperless Parts IT Module introduces a layer of security control for shops that require enhanced visibility and access rights management, or any shop bidding for orders connected to DoD programs. With the IT Module, users will be able to use Single Sign-On (SSO) to centralize login and session management via third-party identity providers (including Microsoft Azure Active Directory, Okta, and OneLogin.)
Also, they will be able to restrict users’ ability to access CUI based on individual intelligent permissions or type of role, so that CUI can only be viewed, downloaded, or shared by authorized users. Permissions are enforced at the User Interface, API, and database level.
Additionally, they’ll be able to flag files that contain CUI data so that access is limited to designated users, restrict other users, or set or remove CUI flags. And IT Module users will be able to track who is accessing CUI and create audit reports by downloading an audit log of all access to or modification of data that could potentially contain CUI.
“As critical national infrastructure, manufacturing is a major target for cybercrime, and the average cost of a data breach to a U.S. small enterprise is over $8 million,” Sawyer continued. “We want to arm our customers with the tools they need to ensure that the data they are entrusted with is as secure as possible.”