Reading time ( words)
If you work for a U.S. defense prime contractor, do you have concerns that the controlled unclassified information (CUI) for your printed circuit boards, your printed circuit board assemblies, and your cable and wire harnesses is safe? What about the design and the development process for your products? Is the controlled technical information (CTI) safe and protected? Are the suppliers that your company selected maintaining a quality system, a supply chain risk management process, a security system to protect products and services from unauthorized access, and a Chain of Custody policy for electronic and physical materials?
Once again, if you work for a U.S. defense prime contractor, how do you know that your suppliers are following the ITAR and EAR regulations?
CUI and CTI
Your company needs trusted suppliers that can demonstrate the ability to meet or exceed industry standards to ensure that your CUI and CTI is protected. You deserve to have those questions answered.
Let us define some terms. Controlled unclassified information (CUI) is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies, but is not classified. Controlled technical information (CTI) is a subset of CUI and is technical information with military or space applications that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. In other words, CUI and CTI are especially important to protect and, at all costs, prevent the theft of this confidential information.
Why do CUI and CTI need protection? The answer is simple. Defense companies spend substantial amounts of money and countless hours developing the next generation of technology and equipment to protect our country. U.S. citizens/persons take comfort knowing that their way of life is protected by our military and government institutions. If critical information (CUI or CTI) is stolen and sold to another organization or country, our security comes into question. The ability of the U.S. military and our government to protect us becomes a concern. That is why protecting CUI and CTI becomes so important.
The Birth of IPC-1791 and the QML
There is concern within the Department of Defense (DoD) that the trustworthiness of printed board and assembly designers and manufacturers for national defense systems is not consistently sufficient. As a result, requirements for defense systems, including all products on the U.S. Munitions List (USML) using electronics are vulnerable to tampering with malicious intent, supply chain disruptions, counterfeit parts and materials, physical security, cybersecurity, and substandard quality and product assurance. Although requirements are available to protect defense electronics, they are not consistently applied by the program managers and DoD contractors.
About six years ago, IPC and the Executive Agent for Printed Circuit Boards and Interconnect Technology worked together to form an IPC Committee (2-19b Trusted Supplier Task Group) that was tasked with developing a trusted supplier standard. The team, comprised of industry and government representation, defined the four pillars of trust as: quality, supply chain risk management, security, and chain of custody. The standard was developed to assure that the requirements were practical, clear, and measurable. In August 2018, the IPC-1791 Trusted Electronic Designer, Manufacturer and Assembler Requirements standard was released. Today the standard is at revision B with the committee actively working on revision C. In fall 2019, the Executive Agent and IPC Validation Services developed the IPC-1791 QML (Qualified Manufacturers List) program. IPC Validation Services continues to qualify company locations and displays the trusted suppliers on the QML.
To read this entire article, which appeared in the July 2022 issue of SMT007 Magazine, click here.