FedRAMP
FedRAMP is the U.S. federal authorization program for cloud services. AI systems offered to federal customers must satisfy the controls in NIST SP 800-53. This page describes which controls Verdifax addresses and which it does not.
Maturity note. Several pipeline steps, hardware attestation, the zero-knowledge proof, and the formal verifier, currently emit scaffold values rather than real cryptographic measurements. Every audit bundle flags these with a
scaffoldfield; the open-source verifier surfaces them in its report. See /concepts/scaffold-gaps/ for the full disclosure list and what activates each. Control claims on this page that depend on scaffold layers are flagged inline below.
Quick orientation
FedRAMP comes in three baselines:
- Low, limited adverse impact (e.g., open public information)
- Moderate, serious adverse impact (most AI systems serving federal customers land here)
- High, severe / catastrophic adverse impact (intelligence, defense)
Each baseline is a defined subset of the ~1,000 NIST 800-53 controls. Verdifax contributes specifically to the audit and accountability (AU) family, the controls that govern logging, integrity of audit records, and event review.
AU controls Verdifax contributes to
| Control | What it requires | Verdifax contribution |
|---|---|---|
| AU-2 Event Logging | Identify which events to log; document the rationale | Every AI inference is a logged event with full sealed manifest |
| AU-3 Content of Audit Records | Records must contain sufficient information for forensic review | The 18-field manifest plus payload hash, route, program id, timestamp |
| AU-9 Protection of Audit Information | Audit records must be protected from unauthorized modification | Manifest hash is sealed; modification is detectable cryptographically |
| AU-10 Non-Repudiation | Identity of actors performing logged actions cannot be denied | API key is bound to runs; revocation is auditable |
| AU-11 Audit Record Retention | Records retained per organization-defined period | SQLite store ships with the orchestrator; retention is operator policy |
| AU-12 Audit Generation | System generates audit records for defined events | Every /execute call writes a record |
Verdifax also contributes to:
- SI-7 Software, Firmware, and Information Integrity, [scaffold today] the hardware-attestation step is the path to this control via TPM2 / SEV-SNP measurement. Currently emits a scaffold value (no real TEE quote); activates on confidential-compute deployment. See scaffold-gaps for the activation procedure.
- SC-12 Cryptographic Key Establishment, uses NIST-approved SHA-256 for sealing. CRES master key custody lives in AWS KMS (FIPS 140-2 Level 2 HSM), addresses SC-12 and SC-13.
- CM-3 Configuration Change Control, manifest hashes provide change-evidence (see SOX § 404 for the same logic in commercial framing)
What Verdifax does not address
Most of the FedRAMP control catalog. Verdifax is one component of a much larger authorization package. It does not provide:
- Personnel security (PS family)
- Physical and environmental protection (PE)
- Most access control (AC)
- Identification and authentication (IA, beyond the API-key plumbing)
- Incident response (IR), other than producing forensic-quality records
- Risk assessment (RA), that's your governance team
A reasonable analogy: Verdifax is to AU what database encryption is to SC, necessary for the relevant controls, sufficient for none of them, and entirely unrelated to most of the catalog.
Where Verdifax helps most
Federal AI deployments where the auditor needs to confirm specific decisions later, benefits eligibility determinations, security-clearance adjudication assistance, threat triage, denial-of-claim recommendations. Anything where "show me how this AI made that determination" is a question the system has to answer.
Continue
- Sample audit response
- Integrating AWS Bedrock (the natural runtime for FedRAMP work)