FedRAMP HIGH Certified
JetStream is FedRAMP HIGH / Class D Certified, and authorized for federal workloads handling the most sensitive unclassified information. Our certification covers civilian agencies, defense components, and federal contractors operating at the High impact baseline, with hosting on AWS GovCloud (US).
The FedRAMP authorization package — SSP, SAP, SAR, POA&M, and ConMon artifacts — is available to federal agencies and authorized partners through the FedRAMP Marketplace and on direct request.
GovRAMP
JetStream’s FedRAMP HIGH posture extends to GovRAMP through established reciprocity — giving state, local, tribal, and territorial governments a federally-vetted control baseline without a duplicate authorization process. GovRAMP is the renamed program for what was formerly known as StateRAMP.
We coordinate with state CIO and CISO offices on procurement vehicles, cooperative purchasing agreements, and the documentation packets agencies need for their own ATO decisions.
Talk to a Public Sector Expert
"*" indicates required fields
Federal Executive Order Alignment
Specific mappings from JetStream platform capabilities to the executive orders, OMB memoranda, and NIST frameworks shaping federal cybersecurity today.
EO 14028 — Improving the Nation’s Cybersecurity
- Identity-centric controls for AI agents (§3 Zero Trust)
- SBOM and provenance attestation for AI models (§4 SCRM)
- Runtime event capture aligned to §8 logging requirements
EO 14144 — Strengthening & Promoting Innovation in Cybersecurity
- Policy-as-code guardrails for AI model deployment
- Continuous attestation for federal AI workloads
- Agentic-identity governance for autonomous systems
M-26-14 — Continuous Event Monitoring & Threat Hunting
- CEM coverage across AI inference, prompts, tool calls, and agent actions
- THIRF-ready telemetry: identity-attributed, queryable, and investigation-grade
- 15 days of hot storage by default with the ability to scale based on the customer’s requirements
NIST AI Risk Management Framework 1.0
- MEASURE: runtime telemetry for bias, drift, and misuse
- MANAGE: identity-aware terminate switches and rollback
M-25-22 — Driving Efficient Acquisition of Artificial Intelligence in Government
- AI inventory and risk classification via AI Manifest
- Cost transparency for AI line items (FinOps Accountability)
EO 13960 — Promoting the Use of Trustworthy AI in the Federal Government
- AI Use Case Inventory population through AI Manifest
- Performance and trust monitoring via AI Drift Detection™
- Transparency artifacts ready for public AI inventory disclosure
M-26-04 — Increasing Public Trust in AI Through Unbiased AI Principles
- Inline prompt inspection and response oversight via AI Hub™
- Bias-detection telemetry on every model invocation
- Audit-grade logs of prompts, responses, and policy decisions
Known Exploited Vulnerabilities (KEVs)
JetStream tracks the CISA Known Exploited Vulnerabilities (KEV) catalog as a first-class input to our vulnerability management program. We adhere to the remediation timelines codified in CISA Binding Operational Directive 22-01 for all components within our authorization boundary.
- Continuous catalog monitoring against CISA-published KEV entries.
- Authorization-boundary triage within 24 hours of CISA publication.
- Remediation per BOD 22-01 due dates — no exceptions for in-scope systems.
CISA catalog update detected
Automated ingestion of every KEV catalog change, cross-referenced against our software bill of materials.
Authorization-boundary triage
Engineering and security determine in-scope exposure and assign remediation owners.
Remediation deployed
Patches or compensating mitigations land within the CISA-published due date for the catalog entry.
ConMon advisory published
Federal customers receive a signed advisory documenting remediation, evidence, and residual risk.
Closing AI Trust Gaps for SLTT & Education
FedRAMP HIGH-authorized infrastructure is the foundation of secure SLTT digital services. JetStream is purpose-built to make it procurable, deployable, and grant-fundable for governments of every size.
Why SLTT teams adopt JetStream
State and local agencies face the same adversaries as federal — without the same headcount or budget. JetStream’s FedRAMP HIGH posture inherits down to GovRAMP via reciprocity, our deployment model fits constrained teams, and our pricing accommodates the realities of grant-funded procurement cycles.
We engage tribal nations as sovereign customers, coordinate with state CIO and CISO offices on procurement vehicles, and support territorial governments operating across multiple regulatory regimes.
FedRAMP HIGH
Funding Eligible
Talk to the SLTT team
JetStream accelerates AI trust for state, local, tribal, and territorial governments. Drop us a line to discuss grant funding, cooperative purchasing vehicles, and SLCGP application support.
"*" indicates required fields
JetStream is State and Local Cybersecurity Grant Program Eligible
Built for SLCGP-aligned cybersecurity plans
The State and Local Cybersecurity Grant Program (SLCGP) is a Department of Homeland Security initiative administered jointly by FEMA and CISA to strengthen the cybersecurity posture of state, local, tribal, and territorial governments.
JetStream is an eligible expenditure under SLCGP, and our team stands ready to help recipients understand how the platform aligns to grant objectives, prepare citation language, and connect those investments to the cybersecurity outcomes the program is built to fund.
Reference the official program details at cisa.gov/cybergrants/slcgp.
JetStream does not represent itself as endorsed by FEMA, CISA, or any federal grant-making authority. Final program guidance should be reviewed against the active Notice of Funding Opportunity (NOFO) for the program year.
State and Local Cybersecurity Grant Program
- Eligibility
- State, local, and territorial governments. Tribal nations apply through the separate Tribal Cybersecurity Grant Program (TCGP).
- JetStream Fit
- Maps to Objective 1 (governance), Objective 2 (assessment & evaluation), and Objective 3 (mitigation) of the SLCGP Notice of Funding Opportunity.
Govern AI at the FedRAMP HIGH baseline
Every AI asset is known. Every workflow is approved. Every action is traceable. Every agent has an owner. Talk to the JetStream team about a demo, deployment assessment, or briefing.
AICPA
JetStream recognizes that protecting the confidentiality, integrity, and availability of the information and data we create, maintain, and host is essential to our business success and to the privacy and trust of our customers and partners. As a service provider, we are committed to being transparent about our security practices, controls, and shared responsibilities so stakeholders can clearly understand how we protect data and how we operate as a trusted provider. We are actively pursuing SOC 2 Type I and SOC 2 Type II and are working with Coalfire and A-LIGN to strengthen controls and support our formal certification path. We selected A-LIGN for their leadership in SOC 2 compliance services and Coalfire for their advisory and assessment rigor as an industry leading accredited FedRAMP 3PAO.
Policies
Transparency is part of how we work. Find all of JetStream’s governing documents below.
-
Review the terms that govern your use of the JetStream platform.
-
Uptime commitments, service credits, and operational availability targets. View the SLA.
-
How JetStream collects, processes, and protects personal information. Read the policy.
-
Prohibited uses and conduct expectations for the JetStream platform. View the AUP.
-
Coordinated disclosure process for security researchers, including safe-harbor terms. Read the policy.
-
See the third-party subprocessors JetStream utilizes.