We design segmented network architectures that isolate production equipment from corporate IT systems, implement access controls, and deploy continuous monitoring to protect both CAD design data and plant-floor devices. This approach supports compliance with NIST 800-171, DFARS, and export control requirements while avoiding production downtime.