Trust & Compliance

Security Posture

Casimir Systems is built compliance-first. Security and data handling requirements are not afterthoughts — they are baked into the architectural foundation of every system we ship.

Applicable Frameworks

Standards we architect against

NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal Systems
CMMC Level 2
Cybersecurity Maturity Model Certification — Advanced Practices
DFARS 252.204-7012
Safeguarding Covered Defense Information and Cyber Incident Reporting
CUI / FOUO
Controlled Unclassified Information and For Official Use Only handling
OMB M-26-04
Responsible AI use in federal agency decision-making
SBIR Data Rights
IP protection per DFARS 252.227-7018 and applicable SBIR clauses
Platform Controls

How we protect your data

Access Control

  • Role-based access control (RBAC) with least-privilege enforcement
  • Multi-factor authentication required for all platform access
  • Session management with configurable timeout policies
  • Full audit trail on every data access and mutation event

Data Handling

  • CUI and FOUO data handled in accordance with NIST 800-171 §3.1–3.14
  • Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • No commingling of government data with commercial analytics systems
  • Structured retention and deletion policies per contract requirements

AI / LLM Governance

  • All LLM inputs and outputs logged in a tamper-evident audit log
  • Model outputs are advisory only — human-in-the-loop for all decisions
  • No training on government-provided data without explicit authorization
  • OMB M-26-04 compliant AI use documentation maintained per contract

Supply Chain & Vendor Risk

  • Authorized software bill of materials (SBOM) maintained for all components
  • Third-party dependencies reviewed for FOCI exposure and known vulnerabilities
  • Infrastructure hosted on FedRAMP-authorized cloud providers
  • Incident response plan tested and maintained per DFARS 252.204-7012

Security questions or concerns?

For security inquiries, vulnerability disclosures, or compliance documentation requests, contact us at security@casimirsystems.com