Compliance & Security Certifications
We are building our federal compliance posture deliberately and transparently. This page shows our roadmap — what we have, what we are actively pursuing, and when we plan to achieve each milestone.
Our Compliance Framework
We maintain active certifications and continuous compliance posture across cybersecurity, quality management, and federal-specific frameworks.
Cybersecurity Maturity Model Certification Level 2 — covering all 110 NIST SP 800-171 security practices for the protection of Controlled Unclassified Information (CUI). Assessed by a Certified Third-Party Assessment Organization (C3PAO).
FedRAMP authorization will be required as we offer cloud-hosted services to federal agencies. We are building our technical and documentation posture toward FedRAMP Ready status and will pursue JAB authorization as our cloud service offering matures.
ISO/IEC 27001:2022 certification demonstrates a mature information security management system — a differentiator for federal clients. We are establishing our ISMS documentation and controls now, with a target certification date within 12–18 months.
We plan to undergo our first SOC 2 Type II audit once we have established our internal controls and completed at least one year of operating evidence. This is targeted for our second year of federal operations.
Full compliance with all 110 security requirements in NIST SP 800-171, with a documented System Security Plan (SSP) and Plan of Action & Milestones (POA&M) maintained for every CUI system. Available for CO review.
All software delivered under federal contracts meets Section 508 of the Rehabilitation Act and WCAG 2.1 Level AA accessibility standards. We conduct formal VPAT assessments and automated + manual accessibility testing on every release.