Security & Compliance

Certifications & Registrations

All manufacturing, engineering, and data management facilities maintain active certifications against international aerospace and information security standards.

🏅

AS9100 Rev D

Quality management systems specifically tailored for aerospace manufacturing, design, and service provision. Covers all production and engineering sites.

Valid through 2026

🔒

ISO/IEC 27001:2022

Information Security Management System (ISMS) certification governing data classification, access controls, incident response, and risk assessment protocols.

Valid through 2025

🇺🇸

ITAR & EAR Registered

Fully compliant with International Traffic in Arms Regulations and Export Administration Regulations for defense articles and technical data handling.

Active Registration

🛡️

CMMC Level 2

Cybersecurity Maturity Model Certification validating secure handling of Controlled Unclassified Information (CUI) within the DoD supply chain.

Assessment Complete

📊

SOC 2 Type II

Independent auditor validation of security, availability, processing integrity, confidentiality, and privacy controls across cloud and on-prem infrastructure.

Annual Audit Passed

⚙️

NIST SP 800-171

Implementation of 110 security requirements across 14 families to protect CUI in non-federal information systems used by contractors.

Self-Assessment Score: 110/110

Compliance Frameworks

AeroVance maintains a multi-framework compliance posture to satisfy government, commercial, and international regulatory requirements.

Framework	Scope	Assessment Frequency	Status
NIST SP 800-171	CUI Protection & IT Systems	Annual	Compliant
DoD CMMC 2.0	Supply Chain Cyber Hygiene	Biennial	Level 2 Certified
ISO 27001	Enterprise ISMS	Annual Surveillance	Certified
AS9100 Quality	Manufacturing & Engineering	Annual	Certified
GDPR / CCPA	Personal Data Processing	Continuous	Aligned
FISMA Moderate	Federal Cloud & Data Services	Annual	In Scope

Data Protection & Privacy

Our data governance model enforces strict classification, encryption, and retention policies across all engineering, HR, and operational systems.

🔐 Encryption Standards

All data at rest and in transit is protected using:

AES-256 for storage and databases
TLS 1.3 for network communications
FIPS 140-2/3 validated modules for cryptographic operations
Hardware Security Modules (HSM) for key management

👥 Access Control & IAM

Zero-trust identity management enforced via:

Mandatory MFA for all internal and remote access
Role-Based Access Control (RBAC) with least privilege
Continuous session monitoring and automated revocation
Annual access reviews and recertification workflows

📜 Retention & Disposal

Strict lifecycle management for all digital assets:

Automated data classification tagging
Policy-driven retention schedules (3-10 years)
Certified digital and physical media destruction
Audit trails for all data access and modification

Supply Chain & Vendor Compliance

AeroVance extends security requirements to all tier-1 and tier-2 suppliers. Third-party risk management is continuous and risk-based.

🌐 Vendor Onboarding Requirements

Execution of Mutual NDA and Security Addendum prior to engagement
Submission of valid SOC 2, ISO 27001, or equivalent attestation
Annual cybersecurity questionnaire and penetration test summary
Right-to-audit clause for critical defense and ITAR-scope partners
Mandatory incident disclosure within 24 hours of detection

Vulnerability Disclosure Program

We recognize that independent researchers and ethical hackers play a vital role in securing aerospace infrastructure. If you identify a security vulnerability in our systems, products, or digital properties, please report it responsibly.

Report a Vulnerability

PGP Key available upon request. Response within 48 hours. Bug bounty program active for critical CVEs.