Security & Compliance
Built Into Every Layer
Sit(x) was designed from the ground up for government and defense use. Every component — from infrastructure to application — implements defense-in-depth security controls that meet the most demanding requirements.
AWS GovCloud (US) Infrastructure
Sit(x) runs exclusively on AWS GovCloud (US), an isolated cloud region designed to host sensitive workloads and meet the most stringent U.S. government security and compliance requirements.
U.S. Data Residency
All data is stored and processed within the continental United States. AWS GovCloud (US) regions are physically and logically isolated from commercial regions.
Operated by U.S. Persons
AWS GovCloud infrastructure is managed by employees who are U.S. citizens on U.S. soil.
Isolated Government Cloud
AWS GovCloud (US) is a dedicated cloud region built for sensitive workloads, with stricter access controls than commercial AWS regions.
Purpose-Built for Government
Designed from the ground up to host the workloads of U.S. federal, state, and local government agencies and their partners.
Security Principles We Build To
Least Privilege
Access Control
Defense in Depth
Layered Controls
Zero Trust
Verify Everything
Encrypt Everywhere
At Rest & In Transit
Strong Identity
MFA & SSO
Audit by Default
Every Action Logged
Tenant Isolation
Hard Boundaries
U.S. Residency
Data Stays Domestic
Defense-in-Depth Security Architecture
Multiple overlapping security controls ensure that no single point of failure can compromise the system.
Network Security
- VPC isolation with private subnets
- AWS WAF and Shield protection
- TLS 1.2+ for all connections
- Security group least-privilege rules
- DDoS mitigation
Identity & Access
- Multi-factor authentication (MFA)
- SSO integration (SAML 2.0, OIDC, OAuth)
- OAuth 2.0 API authentication
- Role-based access control (RBAC)
- Session management with timeouts
- IP-based login origin restrictions
Certificate & Device Security
- Mutual TLS (mTLS) for TAK clients
- Automated certificate lifecycle
- Device authorization workflows
- Device sequestration for unknowns
- Device banning capabilities
Data Protection
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.2+)
- Tenant-level data isolation
- Automated encrypted backups
- Data residency within US borders
Audit & Monitoring
- Comprehensive user action logging
- Login and authentication tracking
- Failed login attempt monitoring
- Admin action audit trail
- Searchable security event logs
Organizational Controls
- Multi-tenant schema isolation
- Org-level security policies
- Password complexity enforcement
- Banned email and device lists
- Login origin country restrictions
Multi-Tenant Data Isolation
Each organization on Sit(x) operates within a fully isolated database schema. There is no co-mingling of data between organizations, even within the same deployment.
AWS GovCloud (US) Region
Encrypted • Isolated • U.S. Data Residency
Organization A
Isolated Schema
Separate Users
Own Certificates
Own Policies
Organization B
Isolated Schema
Separate Users
Own Certificates
Own Policies
Organization C
Isolated Schema
Separate Users
Own Certificates
Own Policies
Enterprise Security Standards
Mutual TLS Authentication
TLS 1.2+ Enforced
AES-256 Encryption
Zero Trust Architecture
US Data Residency
Have Security Questions?
Our team can provide detailed security documentation, architecture diagrams, and walk you through how Sit(x) fits into your agency’s security program.