The unified standard for AI auditing & federal governance.
AiTail bridges the gap between Fortune-500 enterprise agility and federal regulatory rigor. Deploy autonomous audit layers that satisfy board-level risk committees and agency ATO panels — from the same control plane.
- For boardrooms
- SOC 2 · ISO 27001 · GDPR
- For agencies
- FedRAMP High · FISMA · CJIS
- For defense
- IL5 · IL6 · CMMC 2.0 L3
- For regulators
- NIST AI RMF · EO 14110
The record, in numbers.
Figures reflect production tenants under signed BAAs and IAAs as of the filing date. Per-agency totals are auditable through the ledger and published quarterly in the AiTail Transparency Bulletin (PDF, 47pp).
Twenty frameworks. One control plane. Evidence on demand.
| Framework | Control / scope | Status | Evidence pointer |
|---|---|---|---|
| FedRAMP | High baseline (NIST 800-53 Rev 5, 421 controls) | In process | Package FR2200000XXX · 3PAO: Coalfire |
| FISMA | Moderate & High system categorization (FIPS 199 / 200) | Met | SSP §3, POA&M current |
| NIST 800-53 Rev 5 | AU-2, AU-3, AU-9, AU-10, AU-12 (audit & accountability) | Met | Continuous attestation log |
| NIST AI RMF 1.0 | GOVERN · MAP · MEASURE · MANAGE | Met | Profile crosswalk, model cards |
| OMB M-24-10 | §5(c) minimum practices for rights- and safety-impacting AI | Met | Inventory API + IA artifacts |
| EO 14110 | Dual-use, content provenance, watermark attestation | Mapped | C2PA manifest co-anchoring |
| FIPS 140-3 | Cryptographic Module Validation (Level 2) | Met | CMVP cert. #4623 |
| FIPS 199 / 200 | Security categorization & minimum baseline | Met | Categorization memo on file |
| DoD CC SRG | Impact Level 5 (IL5) controlled unclassified | Met | DISA PA in place |
| DoD CC SRG | Impact Level 6 (IL6) classified up to SECRET | In process | Sovereign tier · enclave install |
| CMMC 2.0 | Level 3 — Advanced (DIB contractors) | Met | C3PAO assessed, Q1 FY26 |
| CJIS Security Policy | v5.9.5 — criminal justice information | Met | Signed agreement template |
| IRS Pub 1075 | Federal Tax Information (FTI) safeguards | Met | Safeguard Security Report |
| StateRAMP | High Authorization | Met | Authorized · listing #SR-00481 |
| HIPAA / HITECH | Covered entity audit logging | Met | BAA template, IRR audit |
| TIC 3.0 | Trusted Internet Connections (CISA) reference architecture | Met | PEP/MTIPS aligned |
| Zero Trust (CISA ZTMM) | Pillars: Identity · Devices · Networks · Apps · Data | Met | ZTMM Stage 3 |
| Section 508 / WCAG 2.1 AA | Operator surfaces accessibility | Met | VPAT 2.4 Rev (NDA) |
| Federal Records Act | Records scheduling & NARA disposition | Met | GRS 5.2, 6.5 mapping |
| Privacy Act / E-Gov §208 | SORN & PIA support | Met | Template + reviewer workflow |
Six layers. Every one inspectable. None of them able to rewrite history.
PII, PHI, FTI, CUI, classified markers, code-secret patterns and 312 custom detectors run in a side-car proxy inside the agency VPC. The raw prompt never crosses the FedRAMP boundary. Detection runs on CPU-only Rust binaries; no model weights leave the enclave.
The redacted record is canonicalized (JCS, RFC 8785), reduced to a 32-byte SHA-256 digest, and signed Ed25519 inside a FIPS 140-3 Level 2 HSM (cert. #4623). The signature, not the content, becomes the artifact of record.
Digests are batched into a per-tenant Merkle root every 1.6 seconds and submitted to the Stellar public ledger as a memo entry. Submission cost is paid out of a federated wallet; agencies hold zero crypto exposure.
An independent verifier process replays the chain against the agency archive every 30 seconds. Divergence raises a counter-signed alert to the agency SOC and to the AiTail trust desk within seconds, with a tamper-evident audit packet.
Sealed records live in an append-only, customer-keyed object store (S3 Object Lock in GovCloud, or on-prem MinIO with WORM). Every write is counter-signed at the storage layer; no operator role can mutate or delete history.
Customer-managed keys via AWS KMS for GovCloud, Azure Government Key Vault, or on-prem Thales / Entrust nShield HSMs. CNSA 2.0 / post-quantum co-signing (ML-DSA / SLH-DSA) available on Sovereign tier.
- Edge redaction p50
- 12 ms
- Edge redaction p99
- 38 ms
- Signing throughput
- 9,400 / s · per HSM
- Ledger anchor p50
- 1.74 s
- Ledger anchor p99
- 3.10 s
- Verifier reconciliation
- 30 s polling, 4 s alert
- AWS GovCloud (US-East/West)
- Primary
- Azure Government (USGov-VA/TX)
- Mirror
- On-prem (RHEL 9 STIG)
- Sovereign tier
- IL5 enclave
- DISA PA in place
- IL6 enclave
- In process (Q3 FY26)
- Egress
- TIC 3.0 PEP / MTIPS
- Operator role
- Read-only on hashes
- Agency role
- Read on archive (RBAC)
- IG / OIG role
- Read on hashes + verifier
- AiTail SRE
- No content access (math)
- Key custody
- Customer-managed (HSM)
- Break-glass
- M-of-N quorum, on-record
One annotated record, from operator prompt to public proof.
What follows is a real ingestion event from a state benefits-eligibility workflow, redacted at the agency boundary, hashed on the wire, and counter-signed by the public ledger within two seconds. The Inspector General can independently verify it with the published CLI.
Caseworker reviews application for claimant [NAME], SSN [SSN], residing at [ADDR]. Internal note: escalate per §1902(a)(10) and verify eligibility category against case [CASE-ID].
- Tx
- bf91…a07e
- Ledger
- #54,228,901
- Memo
- HASH (32B)
- Signer
- HSM-CMVP-4623
- Latency
- 1.74 s
- Cost (agency)
- $0.00004
Inspector General note. The hash above can be recomputed from the agency archive using the open-source aitail-verify CLI. A mismatch — even by a single byte — produces a counter-signed alert and freezes that Trace ID from further processing.
From a 14-week IG audit cycle to ledger-direct attestation.
When a state HHS agency deployed an LLM-assisted eligibility triage workflow, its OIG required a verifiable record of every model call touching benefits decisions. AiTail replaced quarter-end manual reconciliation with a continuously witnessed ledger — and cut OIG response time from 14 weeks to 11 minutes.
Read the case file"The first piece of AI infrastructure I have presented to the Governor's office without a single follow-up question from counsel."
What the principals tell us.
It is the only AI audit trail our OIG has accepted without amendment.
Boundary redaction means CUI never leaves our enclave in the clear. That ended a two-year procurement debate in one meeting.
We replaced an eighteen-person reconciliation team with a public ledger. The arithmetic was not subtle.
Three tiers. Five vehicles. No surprises at option-year renewal.
- Up to 25M anchored records / mo
- FedRAMP Moderate boundary
- Single-region GovCloud
- NIST AI RMF artifact pack
- Unlimited anchored records
- FedRAMP High boundary
- Multi-region · IL4 / IL5
- Named ATO liaison + 24×7
- Dedicated single-tenant deploy
- IL5 / IL6 enclave install
- Air-gap + offline anchoring
- CNSA 2.0 post-quantum option
Available directly or through prime integrators. SAM.gov UEI and CAGE code provided on request to verified contracting officers.
- GSA Multiple Award Schedule (MAS) · SIN 518210C
- SEWP V · Group A
- CIO-SP3 Small Business
- OASIS+ Unrestricted
- State cooperative purchasing (NASPO ValuePoint)
What general counsel, the CIO, and the IG ask — in order.
No. Only a 32-byte SHA-256 digest of the redacted record is submitted as a memo entry. Content remains inside the agency tenant — typically a FedRAMP High enclave or an on-premises archive. The ledger holds proof of existence, never the artifact itself.
Open the public ledger for your agency's AI.
Briefings run 45 minutes with our federal program office. We will scope your model inventory, OMB M-24-10 reporting posture, FedRAMP boundary fit, and the exact evidence packet your Authorizing Official expects to receive.