First the assessment. Then the infrastructure.
Two tracks, one boundary — built to keep capital risk off both sides of the table.
Track one — Assessment Assurance
Scoping Call
Twenty minutes with whoever owns compliance. Where you stand, whether an assessment slot is booked, what the timeline honestly allows. Nothing is priced before this happens.
Gap Assessment
Your environment against all 110 NIST 800-171 controls — with the non-deferrable ones (MFA, encryption, audit logging) pressure-tested first, because any one of them failing fails the whole assessment.
Evidence Build
The core of the sprint. An SSP written for your actual environment, evidence mapped control-by-control, POA&M modeled the way 32 CFR 170 requires. Our AI pipeline runs on private infrastructure, so CUI-adjacent material never touches a commercial cloud.
Mock Assessment
A dry run against real C3PAO methodology before you spend the slot you waited months for. Findings ranked by pass-risk, fixed inside a built-in remediation window.
Assessment Day & Beyond
You walk in with a package built to be assessed. Afterward, Continuous Assurance keeps the certified posture from drifting across the three-year lifecycle — and when you're ready for AI capability inside that boundary, the infrastructure track below picks up.
Track two — Sovereign AI Infrastructure
Hardware Sizing
Cluster spec against your real concurrent load. You procure directly via capex or channel financing — we stay off your balance sheet and off ours.
Compliance & ATO Integration
The deployment integrated into your certified boundary, model track selected for your data tier (US-origin for CUI-restricted lineage, Apache-licensed elsewhere), RAG and tooling built for your workflows.
Deployment, Acceptance, Managed Ops
Live in your facility, acceptance-tested against scope, then operated under a monthly retainer — patching, monitoring, model refresh, audit support.