Trust · Security · Compliance

We are a security firm that ships a compliance platform.

Custodia is engineered by Carnegie Mellon–trained information security engineers, in the city where CMMC was half-built. Defense-in-depth is not a marketing line for us — it is the architecture, the runtime, the operating discipline, and the contract you sign.

Customer-data keys live inside AWS Key Management Service in the United States. The key bytes never leave the boundary.

Effective May 13, 2026 · Custodia, LLC

NIST SP 800-171 Rev. 2FAR 52.204-21DFARS 252.204-701232 CFR Part 170OWASP ASVSAES-256-GCMTLS 1.2+U.S. Data Residency

AES-256

GCM at rest

TLS 1.2+

In transit, HSTS at edge

100% U.S.

Region & sub-processors

AI training on your data

Four pillars

How we protect Federal Contract Information.

We will not publish the full topology of our environment. That is itself a control. What we will publish is the architecture of intent— the principles we hold to, verifiable in contract, in code review, and in independent attestation.

01 · Cryptography

Envelope encryption, key custody in AWS KMS.

Customer data is encrypted at rest with AES-256-GCM. Sensitive fields are wrapped under per-tenant Data Encryption Keys derived via HKDF, themselves wrapped by a Key Encryption Key that lives inside AWS KMS. Key bytes never leave the KMS boundary. Every unwrap is authenticated, logged in CloudTrail, and rate-bounded.

02 · Identity

Strong auth, least privilege, evidence-grade audit.

Customer authentication is delegated to Clerk with MFA available on every tier. Internal administrative access is role-based, requires MFA, and is reviewed quarterly. Every privileged action emits an audit record with actor, timestamp, and intent.

03 · Isolation

Tenant boundary enforced at the data layer.

Isolation is not a UI filter — it is enforced at the data-access layer, on every query, every read, every write. We assume application code will eventually be wrong, and push the boundary downstream of it.

04 · AI Boundary

Zero-retention, no-training, no exceptions.

Charlie reads your data in contextto answer the question you asked — then the context is discarded. We contract with model providers on zero-retention, no-training terms. Your FCI is not training corpus.

Defense in depth

Every layer assumes the layer above will fail.

The doctrine we teach customers is the doctrine we run on ourselves. Each control is independently verifiable. None of them is load-bearing alone.

P.01

Secure-by-default platform

Hosted on hardened, U.S.-region managed infrastructure. Network ingress is locked to TLS 1.2+ with HSTS. Default-deny egress on services that handle customer data.

P.02

Cryptographic separation of duties

The Key Encryption Key is held by AWS KMS. Application code can request a wrap or unwrap, but cannot exfiltrate a key. Engineering staff cannot read encrypted FCI without going through KMS — and every call is audit-logged.

P.03

Input validation and output encoding

Server-side validation on every state-changing route. Strict CSRF protection. Same-site session cookies. Output encoded at render to prevent injection across every surface that touches a customer string.

P.04

Supply chain hygiene

Continuous dependency scanning on every build. High and critical advisories triaged within seven business days. Lockfile-pinned releases. Production artifacts reproducible from version control.

P.05

Change control

Pre-merge human review on every change. Production deploys are gated on automated test, type, and lint pipelines plus reviewer approval. No direct production edits.

P.06

Telemetry with PII scrubbing

Application error and performance telemetry is instrumented with field-level redaction before it leaves the runtime. We collect what we need to keep the service safe; nothing else.

P.07

Continuous posture monitoring

Authentication and admin actions are logged with actor and timestamp and retained for at least twelve months. Anomalous behavior — impossible-travel sign-in, mass deletion, off-hours administrative escalation — generates alerts to a human on call.

P.08

Recoverability

Point-in-time recovery on managed data stores. Infrastructure-as-code in version control. Annual review of business-continuity and disaster-recovery posture, with a documented restoration target.

AI security

Charlie is helpful. Charlie is not a backdoor.

AI is the most concentrated trust-boundary issue in modern software. We treat the model the way a careful firm treats a contractor with limited badge access: scoped, logged, and never trusted with the master key.

No training on customer data

Custodia contracts only with enterprise model providers on zero-retention, no-training terms. Your prompts and evidence files are never used to train, fine-tune, or evaluate any model.

Ephemeral context

Each AI invocation receives the minimum context needed to answer the customer’s question. Context is discarded after the response. There is no persistent “memory” index of your FCI.

Tenant-scoped retrieval

Retrieval-augmented prompts are scoped to a single tenant before they ever reach the model. A query for Tenant A cannot retrieve a record from Tenant B — enforced at the data layer, not in the prompt.

Adversarial-prompt hardening

Untrusted content (uploaded files, third-party feeds) is treated as data, not instructions. Tool calls carry capability scopes and are bounded by server-side policy, not the model’s self-restraint.

Compliance posture

We hold ourselves to the standard we sell.

Custodia’s control set is designed and operated consistent with the regimes our customers must satisfy. We respond to vendor security questionnaires in writing, with citations, on request.

NIST SP 800-171 Rev. 2

Controls applicable at CMMC Level 1 implemented and mapped to assessment objectives.

FAR 52.204-21

The 15 basic safeguarding requirements operationalized at the platform layer for our own environment.

DFARS 252.204-7012(c)

72-hour breach notification commitment to customers on confirmed unauthorized access.

32 CFR Part 170

Aligned to the CMMC Program rule and its posture expectations for Level 1 self-affirmation.

OWASP ASVS

Application Security Verification Standard used as the design reference for the web tier.

73 P.S. § 2301 et seq.

Pennsylvania breach-notification commitments incorporated by reference in our contracts.

Governance

The contract you can hold us to.

Incident response

A written incident response procedure is maintained and exercised. On confirmation of unauthorized acquisition of, or access to, customer data, we will notify affected customers without unreasonable delay and within seventy-two (72) hours of confirmation — consistent with DFARS 252.204-7012(c) and 73 P.S. § 2301 et seq. We provide reasonable assistance to customers fulfilling onward notification to DoD or other contracting agencies.

Coordinated vulnerability disclosure

Researchers may report suspected vulnerabilities to security@bidfedcmmc.com or via /.well-known/security.txt. We acknowledge reports within two (2) business days and offer a good-faith safe harbor for researchers who scope testing to their own accounts and give us a reasonable window to remediate before public disclosure.

Sub-processors & residency

All sub-processors are U.S. entities operating in the United States. Production data is stored and processed in the contiguous U.S. The current sub-processor list is published at /subprocessors. Material changes are notified in advance per contract.

Provenance

Built in Pittsburgh, by people who studied this for a living.

Custodia was founded by an information security practitioner holding a Master of Science in Information Security Policy and Management from Carnegie Mellon University— the same campus that produced the CERT Coordination Center and seeded much of the doctrine inside the Cybersecurity Maturity Model Certification program. Half of CMMC is Pittsburgh and Baltimore; we sit on the Pittsburgh end of it.

That heritage is not a logo on a slide. It is the reason we wrote our key custody, tenant isolation, and AI boundary the way we did. We are operating the platform we would have wanted to audit.

Carnegie Mellon University · MS Information Security Policy & ManagementCERT / SEI heritagePittsburgh, PA

Shared responsibility

Where we end and you begin.

Security is shared in every serious platform. We are explicit about the line.

Custodia owns

Customer owns

Platform encryption & key custody

Workstation hygiene & endpoint MFA

Tenant isolation at the data layer

User roster & offboarding

Patching of Custodia services

Acceptable use of the platform

Logging & anomaly detection

Classification of uploaded data

Sub-processor due diligence

Third-party integrations you connect

Incident response within our boundary

Reporting incidents in your boundary

See the Acceptable Use Policy for the full statement of customer responsibilities.

Try the platform

Federal bid-ready in seven days.

Start your CMMC Level 1 build on the same platform you just read about. Seven days free. No credit card required.

Start 7-day free trial

No credit card · Cancel any time

Custodia, LLC · Pittsburgh, PA · Effective May 13, 2026