A software company that produces the Section 889 and CDM HWAM evidence agencies cannot get from their existing tools.

CybrIQ is a software company. The product is two pieces: RoomIQ for individual conference-room and AV-room scope, and SpacesIQ for building-wide and multi-campus scope. Both identify every device connected to a managed switch by reading switch-side signals — link negotiation pattern, MAC OUI, LLDP and CDP advertisements, port statistics, and VLAN context — combined into a Layer-1 fingerprint we call Device DNA™.

The reference library against which Device DNA matches contains roughly 750 million device fingerprints, including the covered-entity catalogs needed for NDAA Section 889 monitoring. The library is curated by CybrIQ and updated continuously; for air-gapped and SCIF environments, updates ship as signed offline packages.

What the company is

CybrIQ sells software. The software is installed and operated by the customer on customer-owned hardware. We do not deliver vendor appliances. We do not require the customer to grant us a tunnel, a VPN, or a phone-home connection. We do not run an inline anything. We do not place agents on the customer's managed endpoints.

The deployment posture matters because federal evaluators ask about it and because it is the boundary between what CybrIQ does and what the customer does. The agency installs both the External Scan Engine (ESE) component and the main instance; ESE-to-main communication happens over SSL; the agency owns the data, the configuration, and the operational decisions.

What the company is not

• CybrIQ is not a managed service. The agency operates the deployment.
• CybrIQ is not a NAC. The product identifies; the customer's NAC (Cisco ISE, Forescout, Aruba ClearPass, others) enforces.
• CybrIQ is not a SIEM. The product feeds the SIEM via syslog (RFC 5424) and REST; the SIEM correlates and stores.
• CybrIQ is not an EDR. The product does not place agents on endpoints; endpoint behavior is the EDR's domain.
• CybrIQ is not a packet-capture or DPI tool. No traffic is inspected, mirrored, or captured.
• CybrIQ is not FedRAMP Authorized. There is no Marketplace listing, no "In Process" status, no sponsoring-agency arrangement. The customer-installed deployment shape is built so an agency authorizing under FISMA, on-premise, SCIF, or air-gapped does not require FedRAMP. We will say "authorized" when we are entitled to.
• CybrIQ is SOC 2 Type II, ISO/IEC 27001, ISO 27017, and ISO 27018 certified — those are commercial-cloud trust attestations, available under MNDA. They are not FedRAMP, and we do not represent them as a FedRAMP substitute. NIAP Common Criteria and FIPS 140-3 are not pursued; the rationale is the deployment shape itself (no embedded cryptography in the data path beyond TLS).

Why the deployment posture is built this way

Government networks operate under constraints that commercial environments don't. A SCIF cannot accept a vendor-cloud dependency. An air-gapped network cannot accept a vendor-tunnel. A FISMA-authorized environment cannot accept an unauthorized control plane. A DoD enclave cannot accept covered telecom or video-surveillance hardware. The product is shaped to be deployable inside those constraints from the start, not negotiated into them after the fact.

The customer-installed approach means an agency's SSP describes the deployment as the agency owns it. The read-only switch access via SNMP means the network change-management conversation is a short one. The signed offline reference-library updates mean the path between vendor and agency, in disconnected environments, is a single signed file the agency moves into place.

For more

• Products — RoomIQ and SpacesIQ in the federal context.
• FedRAMP posture — current track, customer-installed path, controls inheritance.
• Schedule a briefing — 30-minute working session, no procurement commitment.