COMPLIANCE · DEFENSE POSTURE

Built for ITAR, CMMC, and AS9100 from the first chip.

Mohave Forge runs a defense-grade compliance program from day one — not as a bolt-on. Every RFQ, file, quote, and download is screened, signed, and audited.

EXPORT CONTROL

ITAR / EAR

Active DDTC registration roadmap. Technical data segregation, U.S. Persons access controls, deemed-export screening on every RFQ, and ITAR/EAR pre-screen on AI manufacturability analysis.

  • 22 CFR 120–130 (ITAR) registration in progress
  • 15 CFR 730–774 (EAR) classification per drawing
  • U.S. Persons access enforced on controlled tech data
  • Empowered Official designation in policy
CYBERSECURITY

CMMC 2.0 Level 2

CUI handling under DFARS 252.204-7012 / -7019 / -7020. NIST SP 800-171 Rev 2 control set implemented; SPRS score tracked; C3PAO assessment on roadmap before Level 2 cutover.

  • 110 NIST 800-171 controls mapped and tracked
  • FIPS 140-2 validated cryptography for CUI in transit and at rest
  • MFA on every account; SSO-ready
  • POA&M maintained; SSP versioned and audited
QUALITY

AS9100 Rev D · ISO 9001

Aerospace/defense quality management system. AS9102 FAI on first articles, full traceability from raw material heat-lot to inspection record, calibrated metrology under ISO/IEC 17025-equivalent control.

  • AS9102 First Article Inspection on every new part number
  • Material traceability: heat-lot → operation → CoC
  • PPAP / FAIR on demand for prime subcontracts
  • Calibration records, gauge R&R, MSA documented
DATA RESIDENCY

NIST 800-171 / DFARS

All Controlled Unclassified Information stays inside U.S.-region infrastructure with audit logging on every read, write, and download. Service-role keys never leave the server boundary.

  • U.S.-only data residency for CUI artifacts
  • Audit log: every download, role change, and quote decision
  • Signed, time-limited URLs for engineering files
  • Row-level security enforced on every table
REGISTRY · IDENTIFIERS

Federal procurement readiness.

NAICS 332710
Machine Shops
NAICS 336413
Aircraft Parts Mfg
NAICS 541330
Engineering Services
CAGE
Pending
DUNS / UEI
Registered
SAM.gov
Active Entity
INCIDENT RESPONSE

Disclosure & reporting.

DFARS 252.204-7012(c)

Cyber incidents involving covered defense information are reported to DoD via DIBNet within 72 hours. Customers with active programs receive direct notification with affected scope and remediation status.

Coordinated vulnerability disclosure: security@mohaveforge.com. PGP key available on request.

DOCUMENTS

Request controlled documents.

NDA-GATED ARTIFACTS

Quality manual, SSP excerpts, NIST 800-171 self-assessment summary, ITAR compliance program overview, and supplier code of conduct are available to qualified prime and government customers under mutual NDA.

Request compliance package