Tempo Automation Achieves ITAR Compliance with Modern Cloud Infrastructure

May 5, 2017 , in News

ITAR stands for International Traffic in Arms Regulations and deals with the import and export of defense related articles on the United States Munitions List (USML).  The original ITAR regulations were introduced in 1976 during the Cold War with the USSR. The regulation states that items on the USML can only be shared with “US persons”.

The aerospace industry requires ITAR registration

You’d think that unless you are working on a rocket launcher this regulation wouldn’t concern you, but since the US Government added more restricted articles in 1996 to the USML like strong cryptography, it’s best to double check.  Your new satellite, drone, autonomous vehicle or a self-driving rover could all be subject to ITAR which dictates who is able to handle, download and manufacture your electronics.

Files and data required for PCB fabrication and assembly can be ITAR restricted if the related design is for an article on the USML.  Since ITAR was conceived before “The Cloud”, some of its 70’s-era best practices are no longer sufficient to guaranty security. At Tempo Automation we are rethinking manufacturing in the age of cloud computing, web services, cryptography and cyber security. Last month, we deployed and made available to our customers an end-to-end, fully ITAR-compliant PCB assembly process.

Unfortunately, most electronics contract manufacturers (CMs) today are not aware of what it takes to be truly cyber secure. Have you ever emailed your BOM or GERBER files?  Chances are that you compromised your ITAR compliance. Popular email providers like Google (even the corporate version) are not ITAR compliant.  Saving or sharing files on Google Drive or DropBox doesn’t comply either.

Although some CMs offer a secure FTP site for ITAR orders, a lack of documented process typically creates confusion among their staff about file handling procedures. This method is very error prone since it’s not scalable and you can’t always trust that people will remember to do the right thing every time. To address these and other potential failings, we decided to build an ITAR-compliant system from the ground up. Now when ordering PCBA on the Tempo platform, https://secure.tempoautomation.com, from the moment you upload a design, your file is securely transferred to AWS GovCloud where it’s stored on US soil and managed by US persons.

Overview of the AWS GovCloud

For ITAR-compliant PCB assembly, our machines are loaded from a server that’s behind a firewall and locked down to a security-cleared group of US citizens. The servers are accessible only through VPN that is restricted to approved personnel only. To share data with vendors, we transfer customer files via Secure FTP that’s limited to connections with IP addresses located within the continental United States. The files are unshared after 14 days in order to eliminate the risk of third party access after the job is completed.

As your prototype CM, Tempo Automation is committed to providing the very latest technology to keep you ITAR-compliant and to protect your IP from corporate and foreign government espionage. So if your designs must be ITAR-compliant, you can be sure that Tempo’s got you covered.

References:

Tempo Automation ITAR Registration Letter

https://en.wikipedia.org/wiki/International_Traffic_in_Arms_Regulations

http://www.pmddtc.state.gov/regulations_laws/documents/official_itar/ITAR_Part_121.pdf

https://www.dropbox.com/en/help/238

https://support.google.com/google

The latest PCB news delivered to your inbox.