Trust Is Not Claimed.
It Is Certified, Audited, and Documented.
Omnierax serves organizations for whom a security failure in their intelligence infrastructure is not a business disruption — it is an operational catastrophe. Our trust posture is built to meet their requirements, verified by independent auditors, and documented here for the security evaluators who need to validate it before deployment decisions are made.
This page is written for CISOs, compliance teams, security assessors, procurement officers, and technical architects. Every claim is backed by documentation in the Omnierax Trust Portal. Where we are in progress toward a certification, we say so. Where we have limitations, we disclose them.
Trust Portal access requires identity verification. NDA required for penetration test reports and detailed security documentation.
Where We Stand — As of Today.
Security posture is a continuous operational state — updated on a quarterly basis or following any material change in certification status.
Every Certification. What It Means. What It Covers.
Each Omnierax certification documented at the level of detail security professionals require — scope, issuing body, coverage, limitations, and access path.
An unqualified opinion that Omnierax controls were both suitably designed and operated effectively over the audit period — across Security, Availability, Confidentiality, Processing Integrity, and Privacy criteria.
- Security · Availability · Confidentiality
- Processing Integrity · Privacy
- Full operational period — not point-in-time
- NDA required for full report
Certified ISMS covering the design, development, deployment, operation, and support of the Omnierax Intelligence Platform suite. Implements 93 controls across organizational, people, physical, and technological categories.
- 27001:2022 (current revision)
- 27017 cloud security overlay
- 27018 cloud privacy overlay
- Certificate publicly available
FedRAMP Ready, in active 3PAO assessment with a Sponsor Agency pathway underway. Architecture also designed against DoD Impact Level 4 (CUI) and IL5 (NSS) requirements.
- NIST SP 800-53 control framework
- 3PAO assessment in progress
- IL4 / IL5 architecture aligned
- SSP available to sponsoring agencies
Full NIST SP 800-171 control set (110 practices) plus DoD-specified additions. Required for DIB customers handling CUI in defense programs.
- 110 NIST SP 800-171 practices
- 14 practice areas covered
- Live POA&M, monthly review
- Summary available under NDA
Business Associate posture with implemented access controls, audit controls, integrity controls, person authentication, and transmission security. Standard and custom BAAs available.
- TLS 1.3 minimum for PHI in transit
- AES-256 PHI at rest
- Multi-factor authn for all PHI access
- Custom BAA terms for enterprise
Article 32 technical measures implemented end-to-end. Standard Contractual Clauses (Module 2) for cross-border transfer. Transfer Impact Assessments available where required.
- Pseudonymization & encryption
- Data subject rights mechanisms
- Module 2 SCCs incorporated
- TIA under NDA
Continuous alignment across Application Security, App Server, Database, OS, Web Server, and Container Platform STIGs. Completed checklists with finding category and POA&M entries available to defense customers.
- CAT I / II / III status tracked
- Open finding POA&M entries
- ATO package reference support
- Available via Trust Portal
Omnierax uses FIPS 140-2 validated modules from established cryptographic providers wherever compliance is required. Module certificates verifiable against the NIST CMVP database.
- Validated modules, not in-house crypto
- Per-deployment cryptographic inventory
- Verifiable via NIST CMVP
- Classified-context coverage
Autonomous Intelligence Carries Governance Responsibilities That Match Its Capability.
We take governance as a matter of organizational ethics, not only regulatory compliance. The framework below is documented in the operational detail that AI ethics reviewers, regulators, and executive decision-makers require.
Every deployed AI system is registered with a governance tier (Operational Support · Decision-Augmenting · High-Consequence Autonomous), each tier carrying mandatory documentation, review cadence, and human-override requirements.
Per-model cards covering intended use, out-of-scope uses, training data, evaluation data, performance disaggregated by factor, ethical considerations, and known limitations. Aligned with EU AI Act high-risk documentation.
Disparity analysis across relevant subgroups with defined thresholds. Detected disparities investigated for root cause and remediated via training, algorithmic adjustment, fairness constraints, or operational restriction.
Customer-configured, architecturally enforced specification of which decisions the system may make autonomously, which require human review, and which require human authorization — logged immutably and auditable on demand.
Structured identification, reporting, investigation, and remediation of AI system failures. Material incidents disclosed to affected customers within 72 hours of confirmation. Aggregate statistics in the annual Trust Report.
Independent Verification Over Self-Attestation.
Every document organized by tier — access requirement, audience, and how to request it.
- ISO 27001 Certificate of Registration
- FedRAMP Marketplace Listing
- Omnierax Privacy Notice
- Responsible AI Principles
- Vulnerability Disclosure Policy
- Company Security Overview (4 pages)
- AI System Card Index
- Encryption Policy summary
- Incident Response Policy summary
- Business Continuity / RTO·RPO overview
- SOC 2 Type II full report
- Penetration Test Executive Summary
- ISO 27001 Statement of Applicability
- CMMC assessment evidence
- DISA STIG checklists
- Vulnerability disclosure history
- AI Incident Register (aggregate)
- Model Card collection
- GDPR Transfer Impact Assessment
- HIPAA BAA template
- Omnierax Security Roadmap
Standard mutual NDA — typical 2-day turn
- FedRAMP SSP (sponsoring agencies)
- IL4 / IL5 assessment documentation
- Classified architecture documentation
- Source code security review
We Disclose Vulnerabilities Because Transparency Is a Security Posture, Not a Weakness.
Organizations that never disclose security vulnerabilities have not found them — or have not disclosed them. Neither is reassuring for customers deploying sensitive operational intelligence on our platform. Omnierax publishes its disclosure history quarterly.
Where We Are Headed, and When.
Customers making long-term deployment decisions need to know where our compliance posture will be when their deployment goes live. Roadmap dates represent current best estimates — updated quarterly or upon material change.