The Defense Industrial Base (DIB) sector is an industrial complex that enables research and development, design, production, delivery, and maintenance of military weapons systems, subsystems, and components, to meet the requirements of the US military.
The DIB partnership consists of more than 220,000 companies and their subcontractors who perform under contract to the US Department of Defense (DoD). The DoD leverages the best technologies and innovations through procurements from private-sector sources.
The DIB is now constantly under cyberattack. Foreign hackers/actors are stealing sensitive data, trade secrets, and intellectual property every day from the DIB firms, potentially harming the US defense organization.
The DoD has taken steps to ensure internal systems and networks are secure against cyberattacks. But most of these efforts are focused on highly classified information, leaving room for adversaries to target the Controlled Unclassified Information (CUI). To address this problem the DoD has increased regulations and introduced new security controls.
Usage of CAD files in the Defense Industry
Any organization that is involved in making or processing machine parts, especially those in the precision metalworking industry, often subcontractors, is also part of the DIB. CAD is extensively used in both product development and manufacturing. It is essential to create 3D Models of parts and assemblies and engineering drawings.
These organizations receive drawings, 3D CAD Models, BOMs, or any other important data related to the parts they make, and such information is often called Controlled Unclassified Information (CUI). This information must be protected and shared only under strict guidelines to prevent harmful release; therefore, contractors must meet the CMMC 2.0 requirements specified by the DoD.
Importance of Controlled Unclassified Information (CUI)
One of the important requirements for a DoD contractor is demonstrating information security expertise and best practice. This includes protecting CUI. Even small firms are expected to meet these requirements.
CUI is the information that government owns or creates, or that a firm or organization possesses or creates for the government, that needs to be safeguarded and protected. This means using information security controls meeting government laws, regulations, and policies.
Over the last few decades, the department has made concerted efforts to publish improved standards on how to safeguard sensitive information. This is to ensure that all contractors are aware of what is expected from them to safeguard CUI in response to a dramatic increase in cyberattacks and data breaches.
The government introduced the CMMC (Cybersecurity Maturity Model Certification) program which mandates latest information security requirements for all the organizations interacting with the DIB. The CMMC program is a verification mechanism to ensure that firms working with the DoD implement effective cybersecurity practices to protect CUI.
How HALOCAD enables marking CUI sensitivity labels for CAD applications
Exporting data from CAD is necessary for business purposes. Trusting an employee with access to CUI, should not allow him to copy or disseminate the information. But when CAD data is downloaded for this purpose it loses its security.
To address this problem, SECUDE has teamed with Microsoft to provide a Zero Trust security approach to CAD data exports. SECUDE’s HALOCAD® is a unique enhancement for Microsoft Purview Information Protection (MPIP, aka MIP or AIP), the leading platform for Enterprise Digital Rights Management (EDRM).
Like a gatekeeper, HALOCAD® automatically protects your CAD files whenever they leave your secured Product Lifecycle Management (PLM) repository or even your network perimeter.
CAD applications can seamlessly consume MPIP-protected files while the user experience is preserved. HALOCAD® is available as plug-ins or “add-ins” to the major CAD systems. Since it is now mandatory for DIB contractors to include CUI designation labels, and as this cannot be achieved natively in MPIP, here is where HALOCAD comes in.
With HALOCAD it is now possible to include CUI labeling with ease. When the CUI sensitivity label is applied and encrypted in Microsoft Purview and the file is saved, the CUI label is embedded in the file and the file is protected.
DIB organizations need to be certified to the appropriate CMMC level to be awarded contracts with DoD. The DoD has taken steps to publish standards for information security to address the dramatic surge in cyberattacks. The CMMC program ensures that companies within the DIB implement proven cybersecurity practices to protect CUI. CUI designation labels cannot be natively applied to CAD files with MPIP. This is where HALOCAD makes it easy to apply the CUI labels.