Trust Center.
A summary of the security and compliance posture of the Atlas and Argus platforms, the artifacts customers and assessors typically request, and how to obtain them.
Compliance Posture.
What we maintain today, what is in flight, and the frameworks we are designed against.
Atlas is architected to map 1:1 to NIST SP 800-171 controls and the CMMC 14 domains. POA&M and SSP artifacts are generated continuously from the platform; the same record an assessor reviews is the record operators run from.
Type I report in progress for hosted Atlas and Argus instances against the Security, Availability, and Confidentiality criteria. Annual Type II to follow within the standard observation window.
Tailoring underway for selected program deployments. Sponsor, timeline, and target impact level available to qualified counterparties under NDA.
Platform controls mapped to the six CSF functions (Govern, Identify, Protect, Detect, Respond, Recover). Mapping document available under NDA.
Information security management system aligned to ISO/IEC 27001:2022 Annex A controls. Certification timeline available under NDA.
Deployment configurations available for HIPAA, CJIS, FERPA, and applicable state-level critical-infrastructure regimes.
1. Continuous Compliance Model
Atlas generates compliance artifacts — System Security Plan, POA&M, evidence, audit trail — as a side-effect of operating the platform. There is no separate compliance system to keep in sync and no quarter-end scramble to assemble evidence after the fact.
Argus traces the same audit chain. Anything an operator did is reconstructable; anything reconstructed is admissible against the same access model and the same time-anchored record.
2. Security Architecture (Summary)
Confidentiality: TLS 1.3 in transit; AES-256 at rest; customer-controlled key custody where required; tenant isolation with no cross-tenant data plane.
Integrity: Signed releases; immutable audit log; cryptographic chain across operator actions; reproducible builds.
Availability: Documented SLO per deployment; high-availability options for private deployments; graceful-degradation modes engineered in.
Accountability: 3-tier RBAC, time-bound elevation, per-action approval for sensitive operations, immutable audit log of every action.
3. Documents Available Under NDA
We share the following on request and under a standard mutual NDA: SOC 2 report (when available), security architecture overview, control-mapping document (CMMC / NIST / ISO), recent penetration-test summary, standard vendor security questionnaire (SIG, CAIQ), business-continuity and disaster-recovery plan, and incident-response plan.
Request via trust@seifertdynamics.com. We turn around within three business days.
4. Sub-processors
We maintain a current sub-processor list and notify customers of material changes in accordance with the deployment agreement. The list, with category and country of operation, is available on request to trust@seifertdynamics.com.
5. Incident Response
Material incidents affecting customer data are notified to the customer's named contact in accordance with the deployment agreement and applicable law (typically within seventy-two hours of confirmation). Post-incident reports include root-cause analysis, scope of impact, and remediation actions.
6. Contact
Trust & compliance: trust@seifertdynamics.com. Vulnerability disclosure: Security.
Last updated: 2026.