logo
Request Beta Access

System Security Policy

Infab Softworks' commitment to security is integral to delivering high-quality software solutions that meet the highest standards of integrity, confidentiality, and availability. We prioritize the protection of our clients' sensitive information and ensure that our systems, processes, and personnel operate within a robust cybersecurity framework.

Security Roadmap

With the new CMMC ruling released by the Department of Defense, we are putting controls in place to ensure future compliance at each phase of the CMMC rollout.
  • Mar. 2024
    ITAR Compliance

    Infab Softworks is DDTC Registered and ITAR compliant. All of our employees are U.S. citizens and we have implemented the necessary security controls to protect ITAR data. All stored ITAR data is encrypted on AWS GovCloud.

  • Sept. 2024
    System Security Plan (SSP) & Information Security Management System (ISMS)

    In anticipation of a future ISO 27001 certification, we are developing a System Security Plan (SSP) and Information Security Management System (ISMS) to ensure that our security policies, procedures, and controls are aligned with international standards.

  • Nov. 2024
    CMMC Level 1 and 2 Self Assessment

    We plan to complete CMMC Level 1 and 2 self-assessments to ensure that our systems and processes meet the necessary security requirements to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

  • Q1-Q2 2025
    CMMC Level 1 and 2 Self Assessment Certification

    Once the self-assessments are complete, we will engage a CMMC Third-Party Assessment Organization (C3PAO) to schedule and certify our CMMC Level 1 and 2 compliance.

  • Q3-Q4 2025
    ISO 27001 Certification

    We plan to undergo an ISO 27001 audit to achieve certification and demonstrate our commitment to information security management.

  • Q3-Q4 2025
    FedRAMP Moderate Equivalency

    During the C3PAO audit, we will also undergo an assessment to prove FedRAMP moderate equivalency. Our systems are not yet in direct use by the Federal Government, so FedRAMP certification is not required. However, in cases where Infab users are contracturally bound to meed FedRAMP moderate controls, we will be able to provide documentation to prove equivalency.

CMMC Compliance

Compliance with CMMC and DFARS 252.204-7012 is critical for our customers in the defense and aerospace sectors, as these regulations ensure the protection of CUI. CMMC establishes a set of cybersecurity practices that Infab Softworks and its clients must adhere to, safeguarding the systems and data of customers working with the Department of Defense. DFARS 252.204-7012 further mandates specific security requirements for contractors, ensuring that Infab's clients remain compliant when handling CUI within their operations.
As we move forward with our SSP and ISMS rollout, we will continue to update our compliance roadmap to reflect our commitment and dedication to meeting the highest standards of cybersecurity.

FedRAMP Moderate Controls

Compliance with FedRAMP is particularly essential for Infab Softworks' customers working with federal agencies. FedRAMP provides a standardized set of security controls that both Infab and its clients must follow, safeguarding systems and data for clients working with the U.S. government. By leveraging FedRAMP-compliant cloud services, such as AWS GovCloud, Infab helps its clients remain compliant while ensuring the integrity and security of their cloud environments.
While Infab Softworks is considered a Cloud Service Provider (CPO) by FedRAMP standards, we are not yet in direct use by the Federal Government, thus not required to be FedRAMP certified. However, we are committed to achieving FedRAMP moderate equivalency to ensure that our systems meet the necessary security requirements for clients who are contractually bound to meet FedRAMP moderate controls.
logoCAGE 06V71© 2024 Infab Softworks, LLC
Legal
Social
All Rights Reserved.