Security & Compliance
Built Into Every Layer
Sit(x) was designed from the ground up for government and defense use. Every component — from infrastructure to application — implements defense-in-depth security controls that meet the most demanding requirements.
AWS GovCloud (US) Infrastructure
Sit(x) runs exclusively on AWS GovCloud (US), an isolated cloud region designed to host sensitive workloads and meet the most stringent U.S. government security and compliance requirements.
ITAR Compliant Data Residency
All data is stored and processed within the continental United States. AWS GovCloud (US) regions are physically and logically isolated from commercial regions.
Operated by Cleared U.S. Persons
AWS GovCloud infrastructure is managed by employees who are U.S. citizens on U.S. soil, supporting ITAR and EAR regulated workloads.
FedRAMP High Baseline
AWS GovCloud maintains FedRAMP High authorization, covering over 300 security controls across 17 control families. Sit(x) leverages these inherited controls.
DoD Impact Level 4 & 5
AWS GovCloud supports DoD IL4 and IL5 workloads, enabling processing of Controlled Unclassified Information (CUI) and National Security Systems data.
Compliance Frameworks Supported
FedRAMP
High Baseline
DoD SRG
IL4 / IL5
ITAR
Compliant
NIST 800-53
Rev 5 Controls
NIST 800-171
CUI Protection
FIPS 140-2
Validated Crypto
SOC
1, 2 & 3
CJIS
Security Policy
Defense-in-Depth Security Architecture
Multiple overlapping security controls ensure that no single point of failure can compromise the system.
Network Security
- VPC isolation with private subnets
- AWS WAF and Shield protection
- TLS 1.2+ for all connections
- Security group least-privilege rules
- DDoS mitigation
Identity & Access
- Multi-factor authentication (MFA)
- SSO integration (SAML 2.0, OIDC, OAuth)
- OAuth 2.0 API authentication
- Role-based access control (RBAC)
- Session management with timeouts
- IP-based login origin restrictions
Certificate & Device Security
- Mutual TLS (mTLS) for TAK clients
- Automated certificate lifecycle
- Device authorization workflows
- Device sequestration for unknowns
- Device banning capabilities
Data Protection
- Encryption at rest (AES-256)
- Encryption in transit (TLS 1.2+)
- Tenant-level data isolation
- Automated encrypted backups
- Data residency within US borders
Audit & Monitoring
- Comprehensive user action logging
- Login and authentication tracking
- Failed login attempt monitoring
- Admin action audit trail
- Searchable security event logs
Organizational Controls
- Multi-tenant schema isolation
- Org-level security policies
- Password complexity enforcement
- Banned email and device lists
- Login origin country restrictions
Multi-Tenant Data Isolation
Each organization on Sit(x) operates within a fully isolated database schema. There is no co-mingling of data between organizations, even within the same deployment.
AWS GovCloud (US) Region
Encrypted • Isolated • ITAR Compliant
Organization A
Isolated Schema
Separate Users
Own Certificates
Own Policies
Organization B
Isolated Schema
Separate Users
Own Certificates
Own Policies
Organization C
Isolated Schema
Separate Users
Own Certificates
Own Policies
Enterprise Security Standards
FIPS 140-2 Validated
TLS 1.2+ Enforced
AES-256 Encryption
Zero Trust Architecture
US Data Residency
Have Security Questions?
Our team can provide detailed security documentation, architecture diagrams, and assist with your Authority to Operate (ATO) process.