Built for ITAR, CMMC, and AS9100 from the first chip.
Mohave Forge runs a defense-grade compliance program from day one — not as a bolt-on. Every RFQ, file, quote, and download is screened, signed, and audited.
ITAR / EAR
Active DDTC registration roadmap. Technical data segregation, U.S. Persons access controls, deemed-export screening on every RFQ, and ITAR/EAR pre-screen on AI manufacturability analysis.
- ▸22 CFR 120–130 (ITAR) registration in progress
- ▸15 CFR 730–774 (EAR) classification per drawing
- ▸U.S. Persons access enforced on controlled tech data
- ▸Empowered Official designation in policy
CMMC 2.0 Level 2
CUI handling under DFARS 252.204-7012 / -7019 / -7020. NIST SP 800-171 Rev 2 control set implemented; SPRS score tracked; C3PAO assessment on roadmap before Level 2 cutover.
- ▸110 NIST 800-171 controls mapped and tracked
- ▸FIPS 140-2 validated cryptography for CUI in transit and at rest
- ▸MFA on every account; SSO-ready
- ▸POA&M maintained; SSP versioned and audited
AS9100 Rev D · ISO 9001
Aerospace/defense quality management system. AS9102 FAI on first articles, full traceability from raw material heat-lot to inspection record, calibrated metrology under ISO/IEC 17025-equivalent control.
- ▸AS9102 First Article Inspection on every new part number
- ▸Material traceability: heat-lot → operation → CoC
- ▸PPAP / FAIR on demand for prime subcontracts
- ▸Calibration records, gauge R&R, MSA documented
NIST 800-171 / DFARS
All Controlled Unclassified Information stays inside U.S.-region infrastructure with audit logging on every read, write, and download. Service-role keys never leave the server boundary.
- ▸U.S.-only data residency for CUI artifacts
- ▸Audit log: every download, role change, and quote decision
- ▸Signed, time-limited URLs for engineering files
- ▸Row-level security enforced on every table
Federal procurement readiness.
Disclosure & reporting.
Cyber incidents involving covered defense information are reported to DoD via DIBNet within 72 hours. Customers with active programs receive direct notification with affected scope and remediation status.
Coordinated vulnerability disclosure: security@mohaveforge.com. PGP key available on request.
Request controlled documents.
Quality manual, SSP excerpts, NIST 800-171 self-assessment summary, ITAR compliance program overview, and supplier code of conduct are available to qualified prime and government customers under mutual NDA.
Request compliance package