scope:

This standard provides minimum requirements, policies and procedures for printed board design, fabrication, assembly, and cable and wire harness assembly organizations and/or companies to become trusted sources for markets requiring high levels of confidence in the integrity of delivered products. These trusted sources shall ensure quality, supply chain risk management (SCRM), security and chain of custody (ChoC).

Trusted source certification of non-U.S. printed board design, fabrication, assembly, and cable and wire harness assembly organizations requires a sponsor and to meet the requirements in Section 6, in lieu of section 3.3 and Section 4.

Cybersecurity Maturity Model Certification (CMMC) is scheduled to be fully implemented by the end of Fiscal Year 2025. The rollout starts gradually, accelerating in Fiscal Year 2023. During this period there will be instances in which a U.S. Department of Defense (DoD) supplier may not be required to meet CMMC but may be required to meet NIST SP 800-171 compliance. Therefore, this revision of IPC-1791 contains reference to CMMC, and Section 5 provides clarification on the relationship between CMMC and NIST SP 800-171.

Demonstration of the ability to meet and maintain the requirements of this standard as trusted design, fabrication, assembly, or cable and wire harness assembly organizations benefits customers that provide end-products for markets desiring a high level of integrity assurance (e.g., commercial, industrial, military, aerospace, automotive and medical).

In the context of this standard, the terms trust and trusted are used to reflect a commitment to product and process integrity assurance by printed board designers, fabricators, assemblers, and cable and wire harness assemblers. The user should not confuse this certification with defense-microelectronics-specific "Trusted Supplier" accreditation administered by the Defense Microelectronics Activity (DMEA) Trusted Access Program Office. IPC-1791 certification does not include DoD facility clearance unless compelled by customer-specific requirements and pursued independent of this standard.

Source Technology and Capability

Design, fabrication, assembly, and cable and wire harness assembly organizations have different levels of capability in terms of technology, materials, product complexity, capacity and lead times. This standard assumes the customer has certified the capability of their chosen supplier.

Interpretation of Requirements for the Purposes of this Standard

This standard covers requirements for quality, SCRM, security and ChoC:

• Quality and performance requirements (e.g., IPC-2200 series, IPC-6010 series, IPC-A-600, IPC-A-610, MIL-PRF-31032, AS9100, National Aerospace and Defense Contractors Accreditation Program Nadcap) shall be as defined in this standard for the type of organization.

• Requirements for SCRM shall be as defined in this standard for the type of organization.

• Security requirements shall be the same for all types of organizations.

• The requirements for ChoC shall be the same for all types of organizations.

Benefits of Using Organizations Certified to this Standard

By using designers, printed board fabricators, printed board assemblers, and cable and wire harness assemblers that are certified to this standard, customers will be assured that their supplier(s):

• Maintains a quality system

• Maintains a SCRM system to ensure any threats related to disruption in supply are understood and managed

• Manages a security system to protect products and services from unauthorized access, particularly in support of export control

• Provides an ensured ChoC system for electronic and physical materials

Additional Detail

See Appendix A for additional explanatory material.