Xometry values your privacy and security. You always own your data, and Xometry only uses it to estimate, fabricate, and review customer-specific projects. Customer data is not shared outside of Xometry's services. The servers and network where data is stored are isolated by a firewall, and only authorized staff can access it. We conduct regular security scans to look for vulnerabilities. Data is encrypted at rest and in transit.
Xometry is already integrated into the supply chains of federal agencies, large defense contractors, and aerospace manufacturers. In addition to implementing security best practices, we implement:
- DFARS / NIST SP 800-171 audited by authorized C3PAO.
- SPRS score of 110 out of a possible 110 as of October 10, 2024.
- ITAR Registered.
- Xometry expects CMMC Level 2 certification in early 2025.
- Workflows for CUI (Controlled Unclassified Information), including ITAR and EAR
- Joint Certification Program/JCP, and Enhanced JCP (DIBBS cFolders) certified network
- Data is hosted in AWS US GovCloud (FedRAMP High) and Box.com for Government (FedRAMP Moderate)
- DoD Impact Level 4
- Multi-Factor Authentication (MFA)
Ordered projects being fulfilled by Xometry's Manufacturing Supplier Network are given unique internal IDs, which are non-specific to the customer or ultimate project identity. Manufacturing Partners respect Xometry's customers and confidentiality through non-disclosure and service agreements.
Xometry has a dedicated Security Operations team responsible for the following:
- 24/7 monitoring and incident response
- Customer and Supplier engagement
- Real-time compliance checks
- Machine-learning anomaly detection
Would you like to execute an NDA? You can use Xometry's NDA here or send your own to support@xometry.com.
Visit our main capability pages to learn more: