Your Data Never

Leaves Your Boundary.

Every signal ingested, every AI inference run, every report generated — all within your security perimeter. This is not a marketing claim. This is the architecture.

Bytes Sent to External AI APIs

On-Boundary AI Inference

0 %

Encryption at Rest

AES- 0

All Data in Transit

TLS 0

Built for the Most Sensitive
Government Environments

Aegis was designed from day one for deployment in environments where data sovereignty is non-negotiable. Every architectural decision reflects that constraint.

🏗️

Airgapped Deployment

Aegis runs entirely within your Azure or Azure Government VNet. No outbound internet traffic required for platform operation. Security data never transits a public network.

🤖

Private AI — Zero External Calls

LLM inference runs on dedicated GPU compute inside your boundary. Zero calls to OpenAI, Anthropic, Google, or any external AI service. Your security data never trains any external model.

🔐

Data Sovereignty

You own your data. We operate within your subscription. No xAQUA systems have access to your security data, your AI inference results, or your platform outputs.

Every Framework You're
Required to Satisfy

🏛️ Federal & California Government

NIST SP 800-53 Rev 5

Native

FIPS 199 — Impact Classification

Native

StateRAMP Moderate Baseline

Aligned

FedRAMP Moderate Baseline

Aligned

FISMA Annual Reporting

Supported

SIMM 5305-F (CA GenAI Risk)

Native

SIMM 5310-C (CA Privacy)

Supported

🤖 AI & Enterprise

NIST AI RMF 1.0

Native

ISO 42001 — AI Management

Aligned

OWASP LLM Top 10

Native

EU AI Act — Risk Classification

Supported

SOC 2 Type II

Aligned

ISO 27001

Aligned

HIPAA (Healthcare deployments)

Supported

CIS Benchmarks (AWS, Azure, GCP)

Native

Role-Based Access Control
for Government Teams

10 Built-In RBAC Roles

CISO

Full platform access · board reports · all dashboards

SMGR

Security manager · incident & action card management

CMGR

Compliance manager · framework & evidence management

GRCA

GRC analyst · controls, evidence, audit prep

AUDT

Auditor · read-only access · evidence export

+ AIGL, COWN, SAIR, PADM, VIEW roles

SSO / IdP Integration

Aegis uses Keycloak as an identity broker, integrating with your existing identity provider. No new user directory to maintain — your existing governance applies.

SAML 2.0 / OIDC / OAuth 2.0
Active Directory / Azure AD / Entra ID
Okta / PingIdentity / ADFS
Multi-factor authentication enforced
PIV / CAC card support (government)
Session management and audit logging

Every Action.
Immutably Logged.

Every user action, every automated intelligence event, every data ingestion, and every report generation is written to an append-only audit log with cryptographic integrity verification. Your auditors can trace any finding back to its original raw signal.

Append-only PostgreSQL audit table with timestamp and user attribution
Full chain of custody: raw signal → RIE job → score → action card → remediation
Exportable in PDF, CSV, JSON for auditor delivery
AI inference logs — every prompt/response pair retained
Evidence lineage traceable for SA&A/ATO packages

SAMPLE AUDIT TRAIL ENTRIES

EVIDENCE_UPLOADED

[email protected] · 09:14 UTC

ACTION_CARD_REVIEWED

[email protected] · 09:47 UTC

DRIFT_ALERT_TRIGGERED

RIE Job 03 · AWS Hub · 02:15 UTC

REPORT_GENERATED

[email protected] · Narratix · 14:02 UTC

AI_INFERENCE_COMPLETE

ConverseDataIQ · gpt-oss-120b · 14:03

Have a Security Architecture
Question?

Our security team can walk you through the deployment architecture, answer SIMM compliance questions, and provide written security documentation for your procurement package.

Your Data Never

Leaves Your Boundary.

Built for the Most SensitiveGovernment Environments

🏗️

Airgapped Deployment

🤖

Private AI — Zero External Calls

🔐

Data Sovereignty

Every Framework You're Required to Satisfy

🏛️ Federal & California Government

NIST SP 800-53 Rev 5

Native

FIPS 199 — Impact Classification

Native

StateRAMP Moderate Baseline

Aligned

FedRAMP Moderate Baseline

Aligned

FISMA Annual Reporting

Supported

SIMM 5305-F (CA GenAI Risk)

Native

SIMM 5310-C (CA Privacy)

Supported

🤖 AI & Enterprise

NIST AI RMF 1.0

Native

ISO 42001 — AI Management

Aligned

OWASP LLM Top 10

Native

EU AI Act — Risk Classification

Supported

SOC 2 Type II

Aligned

ISO 27001

Aligned

HIPAA (Healthcare deployments)

Supported

CIS Benchmarks (AWS, Azure, GCP)

Native

Role-Based Access Control for Government Teams

10 Built-In RBAC Roles

CISO

Full platform access · board reports · all dashboards

SMGR

Security manager · incident & action card management

CMGR

Compliance manager · framework & evidence management

GRCA

GRC analyst · controls, evidence, audit prep

AUDT

Auditor · read-only access · evidence export

SSO / IdP Integration

Every Action. Immutably Logged.

SAMPLE AUDIT TRAIL ENTRIES

EVIDENCE_UPLOADED

[email protected] · 09:14 UTC

ACTION_CARD_REVIEWED

[email protected] · 09:47 UTC

DRIFT_ALERT_TRIGGERED

RIE Job 03 · AWS Hub · 02:15 UTC

REPORT_GENERATED

[email protected] · Narratix · 14:02 UTC

AI_INFERENCE_COMPLETE

ConverseDataIQ · gpt-oss-120b · 14:03

Have a Security ArchitectureQuestion?

Our security team can walk you through the deployment architecture, answer SIMM compliance questions, and provide written security documentation for your procurement package.

🔒 AES-256 at Rest

🔐 TLS 1.3 in Transit

🏗️ Private VNet

📋 Full Audit Trail

🤖 Zero External AI APIs

Built for the Most Sensitive
Government Environments

Every Framework You're
Required to Satisfy

Role-Based Access Control
for Government Teams

Every Action.
Immutably Logged.

Have a Security Architecture
Question?