Ensuring the Security of Controlled Technical Information
Infinite Electronics strictly adheres to the US Government cyber security controls required on Department of Defense programs via DFARS 252.204-7012 and on other US government contracts via FAR 52.204-21. These regulations impose NIST SP 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations. Although Infinite Electronics already protects all forms of company, customer and supplier data, additional controls are implemented for all government contracts or subcontracts for all applicable data.
What is the Requirement?
NIST SP 800-171 documents cyber security requirements within the following Security Control Families:
Infinite Electronics has evaluated all forms of information described in the CUI Registry and determined that the only applicable information that is transmitted to us or held within our systems is the Unclassified Controlled Technical Information (UCTI) related to our ITAR programs. This information is held only within an approved cloud environment marketed by Microsoft called Azure. All other technical information is specifically related to Commercial Off the Shelf (COTS) products or dual-use products. All of our COTs data is excluded from these enhanced requirements. Regarding the few dual-use items sold by us, the related UCTI is held exclusively by Infinite Electronics OEM suppliers.