Security Posture · Archimedes Systems Group LLC

Honest safeguards. No compliance theater.

ASG is a pre-contract federal small business building toward federal safeguarding requirements. This page states the current posture plainly, including what is active, what is planned, and what requires a customer-approved controlled environment before execution.

Current Position

ASG is preparing safeguards aligned to FAR 52.204-21 basic safeguarding requirements. ASG does not currently claim CMMC certification, FedRAMP authorization, or a CUI-ready enclave. Those controls will be implemented and evidenced before accepting work that requires them.

Implemented / In Progress

Web application safeguards

Production routes use HTTPS, security headers, input validation, authenticated admin surfaces, and database-backed access controls where application data is stored.

Secret handling

Production secrets are intended to live in encrypted environment-variable stores, not source code. Local development credentials are being separated from public repositories as part of the current hardening sprint.

Data boundaries

ASG does not represent a CUI enclave today. Any future CUI-bearing work requires a controlled environment, documented SSP, POA&M, and customer-approved handling procedures before intake.

AI use policy

Commercial LLM tools are limited to public, internal, or explicitly approved non-CUI workflows. CUI and FCI are not submitted to commercial LLM systems.

Compliance Roadmap

  1. 01Complete FAR 52.204-21 basic safeguarding self-review
  2. 02Complete NIST SP 800-171 Rev. 2 self-assessment and maintain an evidence file
  3. 03Prepare SSP and POA&M templates before pursuing CUI-bearing DoD opportunities
  4. 04Submit SPRS score only when a DoD opportunity requires it and evidence is ready
  5. 05Evaluate GCC High and CMMC Level 2 only when the pipeline justifies the cost

Need a security conversation?

Discuss data boundaries before scope.

For any requirement involving FCI, CUI, export-controlled data, or sensitive operational details, start with the data handling model before sending files.

Email Security QuestionView Capability Statement