Sovereign deploy

Sur place, sans téléphone‑maison.

The same platform, in your facility, on your hardware, on your network.

What "sovereign" means here

• No phone-home. No telemetry to Osage or any third party. The platform runs in your facility under your audit.
• Air-gap capable. Full functionality with zero outbound network access. Updates ship as signed bundles.
• Customer-owned crypto. Your HSM, your keys, your trust root.
• Customer-owned IAM. Your IAM tenant; we don’t see your users.
• FIPS-aligned by default. AES-GCM, ML-KEM/DSA, SHA-2/3 from FIPS-validated modules.

Reference deploys

• DoD IL2 / IL4 / IL5 / IL6 — framing per the DoD Cloud Computing Security Requirements Guide; sovereign single-tenant deploys.
• IC-adjacent enclaves — JWICS-adjacent and SCIF-resident deploys with documented attestation and audit posture.
• Treasury / FinCEN financial-mission — air-gapped sanctions and AML workloads.
• DOE National Labs — HPC-adjacent inference and cryptographic-research deploys.
• Allied defence ministries — cross-border sovereign deploys with International Counsel coordination.

Operational model

1. Scope & readiness. Capability-statement review, facility assessment, hardware sizing.
2. Bundle build. Signed, attested platform bundle assembled to your control matrix.
3. Install. On-site install by cleared engineers, or air-shipped bundle for self-install.
4. Cutover. Documented runbook, paired with your operations team.
5. Operate. Ongoing support by reference; software updates shipped as signed bundles.

Compliance posture (sovereign deploys)

• NIST SP 800-171 controls implemented; SSP and POA&M maintained.
• CMMC Level 2 / Level 3 roadmap on award-triggering DoD work.
• FISMA Moderate / High framing per customer’s control set.
• FedRAMP roadmap on managed-region tier (see /capabilities).
• ITAR / EAR registration on award where the work requires.
• FAR / DFARS clause flow-down on every instrument.

Sovereign capture: [email protected] · Security: [email protected].