The one page your IT and leadership can pre-check before you buy.
The BidFedCMMC platform is a CMMC compliance platform with a governed AI assistant. It is not an AI-first product; it is a CMMC firm’s software with AI as one governed feature. This is the pre-purchase pack: how the platform is built, where your data lives, how the AI is governed, and why the platform stays outside your CUI boundary. Built by Carnegie Mellon trained information security engineers, in the city where CMMC was half-built.
The documents your reviewers will ask for.
Everything a security questionnaire, a C3PAO, or a leadership buyer typically needs, in one place. Hand these to your assessor, drop them into your System Security Plan, or read them yourself before you sign.
How we protect Federal Contract Information.
We will not publish the full topology of our environment. That is itself a control. What we will publish is the architecture of intent, the principles we hold to, verifiable in contract, in code review, and in the third-party attestations our infrastructure and AI providers hold.
Envelope encryption, key custody in AWS KMS.
Strong auth, least privilege, evidence-grade audit.
Tenant boundary enforced at the data layer.
Governed, no-training, human in the loop.
AI is a governed feature here, not the product.
The BidFedCMMC platform uses AI to do two things: draft your documents and review your evidence. It never decides whether a control is met. Every attestation is made by a person on your team. Here is exactly how the AI is scoped, and what we will not claim about it.
For the full statement, read the AI Fact Sheet.
It drafts policies, procedures, and SSP narratives from facts you provide, and it reviews each piece of evidence you upload to confirm it supports the control and to screen for anything resembling CUI. Drafting and reviewing only.
The AI never marks a control as met. It proposes; your people confirm, sign, and attest. There is no path by which the model can complete an attestation on its own.
Evidence shows configurations, settings, rosters, and logs, never controlled data. Uploads are screened for CUI and export-control markings and blocked when detected. No CUI is ever sent to the AI.
Under the AI provider’s commercial terms, your inputs and outputs are not used to train or improve any model. API data is retained by the provider only briefly (30 days by default) for operational and safety purposes, then deleted.
Each organization’s data is isolated with a per-tenant encryption key. Evidence and sensitive fields are encrypted at rest with AES-256-GCM, wrapped by a platform key backed by AWS KMS. Destroying your key crypto-shreds your data.
AI calls run server to server; your browser never connects to the AI provider. Only an opaque, salted account hash is sent as an identifier, never your raw user or organization ID. Direct identifiers typed into chat (SSNs, EINs, card numbers) are blocked before they reach the AI.
AI actions are logged for tamper-evidence using cryptographic hashes, not raw content, so the record of what happened cannot be quietly rewritten.
- We do not claim your evidence is never seen by AI. It is reviewed by AI on upload; that is how the sufficiency and CUI screening works.
- We do not claim zero data retention. That term is not contracted; the honest posture is limited retention, then deletion.
- We do not claim no personal data ever reaches AI. Images and PDFs are not redacted by OCR, so upload configuration and settings, not documents containing personal or controlled data.
Custodia is a no-CUI platform, by design.
We prove how you protect controlled information without ever holding it. Your CUI stays in your environment. Our platform holds the compliance record about it, nothing more.
What Custodia stores: your assessment answers, scores, policies, plans, registers, and evidence that shows settings and configurations, an MFA policy screen, a user roster, an antivirus status, a visitor log. Compliance metadata, encrypted per tenant with crypto-shred on exit.
What must never enter Custodia: Controlled Unclassified Information itself. Controlled drawings, export controlled specs, technical data on defense articles, or any file marked CUI. The platform tells you this at every evidence upload, and Charlie enforces it in every capture walkthrough: capture the setting, never the controlled data.
Shared responsibility: your CUI lives and stays in your own environment, your Microsoft 365 or Google tenant, your enclave, your file systems, protected by the 110 NIST SP 800-171 requirements the platform walks with you. Custodia is the system of record for the program, not a repository for the protected data. This is the same boundary discipline we ask assessors to verify in your environment, applied to ours.
Where the platform sits in your assessment scope.
Your assessor will ask how to categorize any tool that touches your program. Here is the determination, with the citations, so you and your C3PAO can place the platform quickly and correctly.
For the artifact your assessor can drop straight into your SSP, see the ESP Service Description.
The BidFedCMMC platform processes, stores, and transmits no CUI. Depending on how you use it, you categorize it as an Out-of-Scope Asset or, where it holds security-relevant readiness data about your environment, a Security Protection Asset (SPA) assessed within your own CMMC assessment. In neither case is it a cloud service provider handling CUI, so it does not trigger the DFARS 252.204-7012 FedRAMP Moderate requirement.
The Out-of-Scope determination is yours to make and justify, not an automatic exemption. As the OSC, you determine that the asset cannot process, store, or transmit CUI and does not provide security protections for CUI Assets, and you must be prepared to justify that determination. Where the platform holds security protection data about your environment, treat it as an SPA and assess it against the Level 2 requirements relevant to the capability it provides, inside your own assessment, not as a separate certification.
Asset: BidFedCMMC (Custodia, LLC) | Category: Security Protection Asset / Out-of-Scope | CUI: None processed, stored, or transmitted | FedRAMP: Not applicable, no CUI
Every layer assumes the layer above will fail.
The doctrine we teach customers is the doctrine we run on ourselves. Each control is independently verifiable. None of them is load-bearing alone.
The model is scoped, logged, and never trusted with the master key.
AI is the most concentrated trust-boundary issue in modern software. We treat the model the way a careful firm treats a contractor with limited badge access: scoped, logged, and never trusted with the master key. This is the engineering under the AI Fact Sheet.
The AI’s tools are deliberately read-mostly. The actions that carry weight, editing a response, deleting evidence, submitting an affirmation, stay human-only. The model can propose; it cannot execute the decisions that matter.
Each call receives the minimum context needed for the task, scoped to your organization before it is assembled. Long-term memory, where used, is per tenant and stays inside your boundary; it is never a shared index across customers.
Retrieval-augmented prompts are scoped to a single tenant before they ever reach the model. A query for Tenant A cannot retrieve a record from Tenant B, enforced at the data layer, not in the prompt.
Untrusted content (uploaded files, third-party feeds) is treated as data, not instructions. Tool calls carry capability scopes and are bounded by server-side policy, not the model’s self-restraint.
We hold ourselves to the standard we sell.
The BidFedCMMC platform’s control set is designed and operated consistent with the regimes our customers must satisfy. We respond to vendor security questionnaires in writing, with citations, on request.
The contract you can hold us to.
Incident response
A written incident response procedure is maintained and exercised. On confirmation of unauthorized acquisition of, or access to, customer data, we will notify affected customers without unreasonable delay and within seventy-two (72) hours of confirmation, consistent with DFARS 252.204-7012(c) and 73 P.S. § 2301 et seq. We provide reasonable assistance to customers fulfilling onward notification to DoD or other contracting agencies.
Coordinated vulnerability disclosure
Researchers may report suspected vulnerabilities to security@bidfedcmmc.com or via /.well-known/security.txt. We acknowledge reports within two (2) business days and offer a good-faith safe harbor for researchers who scope testing to their own accounts and give us a reasonable window to remediate before public disclosure.
Sub-processors & residency
All sub-processors are U.S. entities operating in the United States. Production data is stored and processed in the contiguous U.S. The current sub-processor list is published at /subprocessors. Material changes are notified in advance per contract.
Built in Pittsburgh, by people who studied this for a living.
Custodia was founded by an information security practitioner holding a Master of Science in Information Security Policy and Management from Carnegie Mellon University, the same campus that produced the CERT Coordination Center and seeded much of the doctrine inside the Cybersecurity Maturity Model Certification program. Half of CMMC is Pittsburgh and Baltimore; we sit on the Pittsburgh end of it.
That heritage is not a logo on a slide. It is the reason we wrote our key custody, tenant isolation, and AI boundary the way we did. We are operating the platform we would have wanted to audit.
Where we end and you begin.
Security is shared in every serious platform. We are explicit about the line.
See the Acceptable Use Policy for the full statement of customer responsibilities.
Federal bid-ready in seven days.
Start your CMMC Level 1 build on the same platform you just read about. Seven days free. No credit card required.