Dirac Now Supports ITAR Compliance with AWS GovCloud

At Dirac, we recognize that security is not a supplementary feature but a foundational requirement for any viable digital solution in the manufacturing space. Our flagship product BuildOS doesn’t only digitize and automate the creation of assembly work instructions; it is also designed to be a secure and robust platform which manufacturers can use to digitize their workflows with confidence. 

To kick off 2025 we’d like to announce that Dirac now offers a version of BuildOS hosted on AWS GovCloud. Our team has been working to integrate our product with AWS GovCloud for several months and we’re thrilled to offer this option to all our customers. Aside from our integration with GovCloud we’d also like to update you on the other security features that make BuildOS a secure, robust digital solution for manufacturers. 

Cybersecurity Risks in Manufacturing

The manufacturing industry is now a prime target for a wide range of sophisticated cyberattacks and the consequences of a successful cyberattack can be catastrophic. 

High-level incidents such as the Hexion/Momentive/Norsk Hydro ransomware attacks  and the Mondelez NotPetya incident serve as stark reminders of the potential for significant operational disruptions, financial losses, and reputational damage. It is imperative that manufacturers adopt a proactive and comprehensive approach to cybersecurity, not only to mitigate immediate threats but also to ensure long-term resilience.

Furthermore, manufacturers must comply with an increasingly complex web of regulatory requirements, including ITAR (International Traffic in Arms Regulations), CMMC (Cybersecurity Maturity Model Certification) and others. Compliance with these regulations is not merely a legal obligation; it is a crucial step in establishing a robust security posture. In particular, SOC 2 (System and Organization Controls 2) provides a comprehensive framework for managing data security and ensuring the confidentiality, availability, and integrity of systems and data. While compliance is essential, it's not a guarantee of security. The dynamic nature of cyber threats requires a commitment to continuous monitoring, assessment, and improvement.

Dirac’s Security-First Approach to Building Software

Dirac recognizes that security is not a "bolt-on" feature for our customers; instead it must be deeply integrated into the fabric of the BuildOS platform. We  are committed to connecting engineering insights and automated workflows with the manufacturing floor in a smart, simple, and secure way.

BuildOS employs a multi-layered security architecture designed to protect data at every stage of its lifecycle:

• Data Encryption: We encrypt data at rest and in transit in the core BuildOS product. In addition, AWS GovCloud requires using Federal Information Processing Standards (FIPS).
• Access Controls: Strict access controls are implemented to ensure that only authorized personnel can access sensitive data.
• Authentication and Authorization: Robust authentication mechanisms, including multi-factor authentication, are used to verify user identities and prevent unauthorized access.
• Vulnerability Management: A comprehensive vulnerability management program is in place to identify, assess, and remediate security vulnerabilities in the BuildOS platform and its underlying infrastructure.
• Incident Response: A well-defined incident response plan outlines the procedures to be followed in the event of a security incident, enabling rapid detection, containment, and recovery.
• Regular Security Audits: Independent security audits are conducted on a regular basis to assess the effectiveness of security controls and identify areas for improvement.

Dirac adheres to industry best practices and holds an ISO 27001:2022 certification, along with SOC 2 Type 1 and Type 2 attestations, demonstrating our commitment to internationally recognized security standards.

BuildOS Now Supports AWS GovCloud 

For organizations operating in highly regulated industries, such as defense and aerospace, security requirements are even more stringent. To meet these stringent security standards, Dirac now offers a version of our BuildOS platform hosted on AWS GovCloud, a dedicated cloud environment specifically designed to host sensitive government data and other regulated workloads. 

AWS GovCloud comprises two physically and logically isolated regions of the AWS specifically designed to meet the stringent security and compliance requirements of U.S. government agencies, contractors, and educational institutions.

AWS GovCloud offers extra layers of protection including:

• ITAR Compliance Enablement:
  • Storage and Processing: AWS GovCloud enables customers to store and process ITAR-controlled data, facilitating compliance with U.S. export control regulations. This is essential for manufacturers handling defense articles, services, and related technical data on the U.S. Munitions List (USML).
  • Isolated Region: AWS GovCloud (US) is a physically and logically isolated region, separate from other AWS cloud regions. There is a separate console, IAM and authentication stack and endpoints, and FIPS 140-2 endpoints are supported.
• Access and Use of Sensitive Data:
  • Comprehensive Monitoring: Enables auditing of access and use of sensitive data with keys in Amazon CloudTrail, the AWS API logging service.
  • Controlled Access: Improves identity management by limiting access to sensitive data by individual, time, and location. It also restricts which API calls that users are able to make with identity federation, easy key rotation, and other powerful access control testing tools.
  • Enhanced Data Residency: Ensures that data remains within the United States, meeting data residency requirements for regulated industries.
• Data Protection Measures:
  • Server-Side Encryption: Protect data with server-side encryption in Amazon S3 and store and manage security keys with AWS CloudHSM or use our one-click AWS Key Management Service (KMS).
  • Stringent Access Controls: Implements strict access controls based on the principle of least privilege, ensuring that only authorized personnel can access sensitive data.

Examples of ITAR Data

• Explosives and Energetic Materials, Propellants, Incendiary Agents, Launch Vehicles, Guided Missiles, Ballistic Missiles, Rockets, Torpedoes, Bombs, and Mines
• Surface Vessels of War and Special Naval Equipment and Submersible Vessels
• Propellants and Incendiary Agents, Toxological Agents, Fire Control, Range Finder, Optical and Guidance and Control Equipment
• Firearms, Close Assault Weapons, Combat Shotguns, Ammunition, Guns and Armament
• Nuclear Weapons
• Aircraft and Related Articles and Related Articles, Directed Energy Weapons
• Technical Data, Military Electronics, Military Training Equipment and Training
• Ground Vehicles, Spacecraft and Related Articles

BuildOS's integration with AWS GovCloud provides our customers with the most advanced level of security for cloud-based SaaS products. By leveraging the comprehensive security controls and compliance certifications of AWS GovCloud, BuildOS enables manufacturers to confidently manage sensitive data, meet stringent regulatory requirements and ensure they remain ITAR-compliant. 

BuildOS SOC 2 Type 2 Compliance: Rigorous Independent Validation

In addition to supporting AWS GovCloud, we have been SOC 2 Type 2 compliant for over a year, providing independent validation of our security posture. SOC 2 Type 2 compliance is a rigorous auditing process conducted by an independent third-party that assesses the design and operating effectiveness of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. This means:

• Independent Audit: An independent auditor has meticulously examined BuildOS's security controls and processes.
• Established Standards: The audit was conducted against the stringent Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
• Ongoing Monitoring: Compliance is not a one-time event but an ongoing process that requires continuous monitoring and improvement.

This achievement underscores our unwavering commitment to protecting our customers' sensitive data. 

Mini-FAQ on BuildOS Security and AWS GovCloud

• Is Dirac SOC 2 Type 2 Compliant? Yes.
• Is Dirac ISO 27001:2022 certified? Yes.
• Does BuildOS support AWS GovCloud? Yes.
• Does BuildOS support ITAR compliance? Yes, when deployed via our AWS GovCloud instance.
• What other security certifications does BuildOS have? We’re working on several more that we’ll announce over the next year.
• How is my data protected in BuildOS? BuildOS uses encryption, access controls, vulnerability management, and other security measures to protect your data.
• What are the benefits of AWS GovCloud? Enhanced security and supports ITAR compliance for highly regulated industries.
• Where is customer data in BuildOS stored? All customer data is stored in the US on AWS.
• How can I see BuildOS's security and compliance documentation? Security documentation and posture can be found on the Dirac security page.

Future Security Initiatives at Dirac

Dirac has been committed to a security-first approach to building manufacturing software from day one. From achieving SOC 2 Type 2 compliance to now offering an AWS GovCloud version of BuildOS that supports ITAR-compliance, we’re committed to keeping security at the core of our products. 

With BuildOS, you can confidently digitize your manufacturing workflows, knowing that BuildOS and your data is protected by a multi-layered security architecture. More importantly our security initiatives so far are just the beginning. We're committed to continuous improvement and have multiple security initiatives planned for the future, ensuring that we continue hardening our products against future cybersecurity risks.

To learn more about how BuildOS can transform your manufacturing operations or to learn more about our security and compliance infrastructure, schedule a demo with our team today.