SECURITY · CUI HANDLING

Security posture for defense work.

Mohave Forge treats every drawing, every cert, and every internal note as covered defense information until proven otherwise.

IDENTITY & ACCESS

MFA enforced. SSO via SAML for prime customers. Role-based access (admin / engineer / customer) with least-privilege defaults and revocation auditing.

DATA PROTECTION

FIPS 140-2 validated cryptography for CUI in transit (TLS 1.3) and at rest. Signed, time-limited URLs for every engineering file download. Service-role keys never leave the server boundary.

INFRASTRUCTURE

U.S.-region only. Hardened serverless workers, automatic patching, no long-lived shell access. Database with row-level security on every user-data table.

AUDIT & MONITORING

Every quote decision, document download, role grant, and AI analysis is recorded in an immutable audit log accessible to admins and assigned engineers.

VULNERABILITY MGMT

Continuous dependency scanning, leaked-password (HIBP) checks at signup, weekly security review. Coordinated disclosure at security@mohaveforge.com.

INCIDENT RESPONSE

72-hour DoD reporting via DIBNet for cyber incidents involving covered defense information. Affected customers notified directly with scope and remediation.

DISCLOSURE

Report a vulnerability.

Email security@mohaveforge.com with reproduction steps. We acknowledge within one business day and coordinate fix windows with affected programs. PGP key available on request.

▸ FULL COMPLIANCE POSTURE