Skip to main content

Compliance as code for federal DevSecOps. Now accepting design partners

REAEGIS
Hosting & deployment

Deployment models for every boundary

Commercial cloud doesn't meet FedRAMP and impact-level requirements. On-premises means real infrastructure. CAC/PIV integration is genuinely hard. REAEGIS ships the same five engines across all of it — IL2 through IL5.

Air-gapped details
Three tiers

Same engines. Boundary-respecting integration.

IL2 · FedRAMP-ready

SaaS / Commercial

Hosted REAEGIS with the full five-engine platform. eMASS integration through formatted export files the ISSO imports in minutes — the boundary-respecting answer while eMASS lives on SIPRNet.

  • ·Full platform, fastest onboarding
  • ·Live NVD/OSV CVE feeds
  • ·Direct AI remediation via commercial API
  • ·eMASS-formatted CSV export per ConMon cycle
DoD high-impact, unclassified

Self-hosted IL4/IL5

REAEGIS inside your authorization boundary. A self-hosted agent calls the eMASS REST API using a customer-owned PKI service credential — REAEGIS never holds the key.

  • ·In-boundary eMASS agent
  • ·Customer-controlled PKI credentials
  • ·Bedrock GovCloud / Azure OpenAI Gov AI providers
  • ·Iron Bank image path for DoD deployments
True disconnected IL5

Air-gapped

A complete, signed, versioned deployment kit transferred through your ISSM-approved process. Every internet-dependent component is replaced with an internal equivalent.

  • ·8–12 GB signed onboarding kit, cosign-verified
  • ·Offline Grype CVE database, scheduled transfer
  • ·Self-hosted Rekor + Fulcio transparency log
  • ·Rule engine covers ~80% of findings without AI
Infrastructure architecture

End-to-end encrypted infrastructure

  1. 01
    Identity layer
    Keycloak with OIDC/PKCE in connected mode. DoD PKI/CAC and internal directory integration for air-gapped environments.
  2. 02
    Application layer
    Five Go/Python engines behind a Kong API gateway with JWT validation, rate limiting, and tenant isolation on every request.
  3. 03
    Data layer
    PostgreSQL with encryption at rest and row-level security. Evidence artifacts in S3-compatible object storage. Redis for sessions.
  4. 04
    Audit layer
    Sigstore Rekor, Fulcio, and Cosign — public instances in connected mode, internal instances inside the air gap.
Deployment options

Infrastructure features

Azure Government

Default hosting designed for FedRAMP and IL4/IL5 requirements.

Dedicated tenants

Isolated infrastructure for enhanced data separation.

Enterprise identity

SAML 2.0, OIDC, and CAC/PIV via your identity provider.

Audit logging

Configurable retention with integrity verification.

What you get

Infrastructure commitments

  • Azure Government certified infrastructure
  • PostgreSQL with encryption at rest
  • SAML 2.0 and OIDC federation
  • CAC/PIV support via IdP integration
  • Configurable data retention policies
  • Multi-region availability options
Get started

Authorization is not a destination.It is a system property.

REAEGIS is the infrastructure that maintains it — converting every commit, scan, and approval into evidence your Authorizing Official can act on.

Explore the platform