CybrIQ for government · DoD & IC track
CybrIQ
Government/DoD & IC
DoD & Intelligence Community

Mission-network device visibility for IL5/IL6, SCIF, and air-gapped environments.

Defense and IC environments operate under tighter constraints than federal civilian. A vendor cloud is not acceptable. A vendor tunnel is not acceptable. A vendor presence on the mission network is not acceptable. CybrIQ ships as software the agency or program installs and operates entirely — no cloud, no tunnel, no inbound vendor access — which is the only deployment shape that fits IL5/IL6, SCIF, and disconnected enclaves from the start.

Deployment posture for DoD / IC

The posture below is what a DoD authorization team, IC accreditor, or DAO will ask about first. We name it explicitly because nothing else matters until these are confirmed.

Customer-installedRoomIQ and SpacesIQ are software the program installs on program-controlled hardware. No vendor appliance enters the mission network.
No vendor cloudFor SCIF, IL5/IL6, and disconnected enclaves: the control plane is the customer-installed main instance, in the customer's network, under the customer's authorization. For less-restricted environments, the main instance is CybrIQ-hosted by default.
No vendor tunnelCommunication between the External Scan Engine and the main instance is over SSL inside the customer network. No outbound vendor connectivity is required for operation.
Read-only switch accessSNMP read-only permissions only. SNMP write is not used, granted, or required. No SPAN, no mirror, no inline tap, no packet inspection.
No agents on mission devicesIdentification is from switch-side signals only. No software on devices in the mission network beyond what the program already operates.
Air-gap capableReference-library updates ship as signed offline packages. The program moves them into the enclave via approved-media process; no online updates are required for operation.
No CybrIQ access to customer dataBy construction. Vendor staff cannot reach the deployment unless the program explicitly grants it.
DoD impact-level fit table. Four columns: IL2 (public / non-CUI, not the primary CybrIQ context), IL4 (CUI, most common deployment), IL5 (CUI / National Security Systems, same deployment shape), IL6 (classified up to SECRET, air-gapped or domain-isolated). Five rows of deployment-posture properties — customer-installed software on agency / program-owned hardware; no vendor cloud, no vendor tunnel, no inbound vendor access; read-only switch access via SNMP with no SPAN and no agents on mission devices; online reference-library updates where outbound is allowed; signed offline reference-library packages via approved-media process where required — all check across IL4, IL5, and IL6. Authorization route row: FISMA / RMF for IL4, Program RMF for IL5, Program RMF plus cATO for IL6. The diagram closes with the line: the authorization route is the program's, not a product-level FedRAMP or IL listing. CybrIQ is software inside the program's existing authorization boundary; the same deployment shape works across IL4, IL5, and IL6.

Impact-level fit

DoD impact levels are environments, not products. CybrIQ is software the program runs in whatever environment the program operates in. The fit by impact level:

  • IL4 (CUI). CybrIQ deploys on program-owned hardware in IL4-authorized environments. No vendor-side dependency.
  • IL5 (CUI / National Security Systems). Same deployment shape. Customer-installed, no vendor cloud, no vendor connectivity. The authorization boundary is the program's, not CybrIQ's.
  • IL6 (classified up to SECRET). CybrIQ deploys in air-gapped or domain-isolated configurations. Reference-library updates move via approved-media process. The IL6 deployment briefing adds about a week for the disconnected-environment operations brief.

Authorization-side reference

  • eMASS package contribution. CybrIQ output is structured for direct attachment to eMASS authorization packages — per-device records, deviation logs, signed audit-trail exports.
  • cATO support. Continuous-monitoring evidence aligned with the DoD CIO's continuous-authorization-to-operate guidance. See continuous-monitoring evidence.
  • RMF controls cited. NIST SP 800-53 Rev. 5 — CM-8 family, SI-4, SR-3, SR-11, IA-3, AC-19. Full mapping in the control inheritance matrix CSV.
  • STIG alignment. Available on request — relevant DISA STIG categories are walked in the briefing.

CMMC for the defense industrial base

Defense contractors handling Controlled Unclassified Information operate under CMMC 2.0 Level 2. The CMMC page walks the specific control evidence (CM.L2-3.4.1, CM.L2-3.4.2, and adjacent). CybrIQ supplies the device-discovery evidence the C3PAO assessor asks for; the contractor maintains the SSP and the POA&M.

Section 889 in defense contexts

NDAA Section 889 applies to defense as much as federal civilian. The Section 889 page walks the Layer-1 fingerprint approach that catches relabeled covered hardware in defense environments — building systems, AV in briefing rooms, base operations gear. For defense audiences specifically, the briefing call covers contractor-provided equipment patterns the IG has flagged in recent oversight findings.

FedRAMP, DoD authorization, and what we do hold

CybrIQ holds no FedRAMP status today — no Marketplace listing, no "In Process" designation, no sponsoring-agency arrangement (see FedRAMP posture). For DoD environments, this is generally not a gating concern — the customer-installed deployment shape sits inside the program's existing RMF/STIG authorization boundary rather than relying on a product-level FedRAMP listing.

What CybrIQ does hold for the authorization team's reference: SOC 2 Type II (AICPA Trust Services Criteria), ISO/IEC 27001, ISO 27017 (cloud security), and ISO 27018 (PII in cloud) certifications. Reports and certificates are available on request under MNDA. Product-side controls: TLS 1.2 in transit, AES-256 at rest, MFA, SAML 2.0 SSO, RBAC, regular third-party penetration testing, and DISA STIG vulnerability remediation. Not held: DoD IL4 / IL5 / IL6 as product-level authorizations, NIAP Common Criteria, FIPS 140-3.

Procurement vehicles for defense

Carahsoft is the federal channel partner — most defense vehicles (SEWP, CIO-SP3, 2GIT) are reachable via Carahsoft's existing prime positions. Direct PO is available for pilot scoping and below-threshold acquisitions. See Contract vehicles for the full routing.

Schedule a DoD / IC briefing

30 minutes: we walk the deployment posture against your specific impact level, authorization process, and contract-vehicle preference. Cleared-personnel briefings available where the program profile requires them.

Request defense briefing