CybrIQ for federal, defense, and state & local · State & local agencies →
CybrIQ
CybrIQ for federal, defense, and state & local

Unauthorized hardware on agency networks is a Section 889 and supply-chain risk that asset inventories miss.

CybrIQ identifies every device connected to a managed switch by reading switch-side signals. No traffic is inspected. No agents are placed on endpoints. The software is installed and operated by the agency, supporting NDAA Section 889 monitoring, the Zero Trust Devices pillar, and CDM hardware-asset-management completeness.

Schedule a briefing 30-day no-fee pilot Section 889 detail →
Deployment Customer-installed on agency hardware. Read-only switch access via SNMP. No SPAN, no agents, no vendor cloud dependency.
Certifications held SOC 2 Type II. ISO/IEC 27001. ISO 27017. ISO 27018. Reports under MNDA. Trust posture ›
FedRAMP No FedRAMP status today. The customer-installed shape does not require it for FISMA, on-prem, SCIF, or air-gapped. Detail ›
Procurement Carahsoft federal channel. Azure Marketplace + ServiceNow Store listings live. Contract vehicles ›
If you're here for one thing

Jump straight to the page that matches your context.

Federal civilian Section 889 audit prep › Defense contractor CMMC 2.0 Level 2 › DoD / IC program IL4 / IL5 / IL6 fit › State / county / K-12 SLED track › Procurement officer FedRAMP & certs › Skeptical evaluator 30-day no-fee pilot ›
What CybrIQ is for

Three operational problems federal and SLED leaders are sized to right now.

CybrIQ does one thing well: it tells you what is actually connected to your managed switches, with enough fidelity to support compliance reporting and supply-chain monitoring. The three places that work matters most right now:

Mandate

NDAA Section 889 and supply-chain visibility

Covered telecom and video-surveillance gear must be off federal networks. Agencies cannot enforce what they cannot see. CybrIQ identifies devices by Layer-1 fingerprint against a 750-million-device reference library, surfacing Huawei, ZTE, Hytera, Hikvision, and Dahua hardware on the network whether or not the asset register knows about it.

Zero Trust

Zero Trust Devices pillar (CISA ZTMM 2.0)

The Devices pillar requires a complete, continuously updated inventory of every connected device, including hardware the agency did not provision. CybrIQ produces that inventory continuously from switch-side signals, supporting OMB M-22-09 reporting and EO 14028 implementation evidence at the device-discovery layer.

CDM

CDM HWAM gaps on OT and unmanaged endpoints

CDM hardware-asset-management was built around managed IT and does not see lab gear, building systems, printers, cameras, conference-room equipment, or third-party devices that show up on agency networks. CybrIQ surfaces those gaps without changing the CDM data feed your dashboard already trusts.

For defense contractors operating under CMMC 2.0 Level 2, the same device-inventory completeness applies to CM.L2-3.4.1 (Authorized Hardware) and CM.L2-3.4.2 (Baseline Configuration). See the CMMC page for the control-by-control mapping.

Control and mandate map

What CybrIQ supports compliance with.

CybrIQ does not authorize a system, replace a NAC, or substitute for an Authorization to Operate. It supplies the device-discovery evidence those activities require, mapped to the controls and mandates federal evaluators ask about.

Controls and mandates this work supports

  • NIST SP 800-53 Rev. 5 — CM-8 (System Component Inventory), CM-8(1), CM-8(2), CM-8(3), SI-4 (System Monitoring)
  • NIST SP 800-171 Rev. 3 — 3.4.1 (System Component Inventory), 3.4.6 (Least Functionality), 3.14.6 (Monitor System Communications)
  • NIST CSF 2.0 — ID.AM-1 (Inventories of hardware managed by the organization), ID.AM-2, DE.CM-7 (Monitoring for unauthorized personnel, connections, devices)
  • CMMC 2.0 Level 2 — CM.L2-3.4.1 Authorized Hardware, CM.L2-3.4.2 Baseline Configuration, SI.L2-3.14.6
  • NDAA Section 889(a)(1)(A) and (B) — Monitoring for covered telecommunications equipment and services
  • EO 14028 / OMB M-22-09 — Zero trust evidence at the device-discovery layer (CISA ZTMM 2.0 Devices pillar)
  • CDM HWAM — Hardware-asset-management completeness for unmanaged and OT-adjacent devices

Independent third-party assessment against the controls above is available on request under MNDA.

How CybrIQ deploys

Deployment posture, in the order federal evaluators ask about it.

CybrIQ federal deployment topology: managed switches feed the External Scan Engine via read-only switch access over SNMP; ESE forwards to the main instance over SSL inside the agency network; identity events egress to existing agency tools (SIEM, NAC, CDM dashboard, eMASS) via syslog and REST. No SPAN, no mirror, no inline tap, no agents, no vendor cloud dependency.

What the agency does

Installs the softwareRoomIQ and SpacesIQ are software the agency installs on its own hardware. CybrIQ does not deliver a vendor appliance.
Two componentsExternal Scan Engine (ESE), customer-installed and customer-operated on agency hardware. Main instance: CybrIQ-hosted by default; customer-installed on agency hardware for FedRAMP, FISMA on-premise, SCIF, and air-gapped deployments. ESE-to-main communication is over SSL.
Switch accessRead-only switch access via SNMP. The agency configures the SNMP community or v3 user with read-only permissions. SNMP write is not used, granted, or required.

What CybrIQ does not do

No SPAN or mirrorCybrIQ does not require a SPAN port, mirror port, inline tap, or any traffic-capture mechanism.
No agents on devicesCybrIQ does not place software on managed endpoints, lab equipment, OT, or third-party devices to identify them.
No packet inspectionIdentification is from switch-side signals only — link negotiation, MAC OUI, LLDP/CDP advertisements, port statistics, VLAN/topology context — combined into a Device DNA™ fingerprint.
No vendor cloud dependencyThe agency can deploy on-premise, in an authorized cloud environment, or air-gapped. The reference-library updates ship as signed offline packages.
State & Local

State and local agencies have a different buyer, vocabulary, and budget cycle.

If you're a state CIO, county IT director, K-12 technology lead, or municipal CISO, the framing here is built for residents, services, MS-ISAC reporting, StateRAMP posture, and cyber-insurance evidence. The federal narrative on this page assumes a federal evaluator; the SLED narrative is written for you.

Go to the State & Local track →

Schedule a 30-minute federal briefing.

No procurement commitment, no slideware. You walk through CybrIQ against the mandates and controls you actually carry, in your environment, with your stakeholders on the call.

Request briefing