Compliance & AI Operations Infrastructure

Software for regulated environments.

Novaprospect builds authorization, governance, and access-control software for organizations operating under FedRAMP, NIST 800-53, and DoD IL requirements.

Get in touch View products

Products

A focused portfolio.

Three products addressing authorization, AI governance, and access control for regulated workloads.

engine / CloudOps-SaaS-v2 ATO IN PROGRESS

CM-8 · component inventory ✓ 247 hosts

SA-11 · dev testing ✓ 3 refs

SI-2 · flaw remediation ● 1 open

FedRAMP Management Engine

Limited Release

Automates the authorization lifecycle — SSP authoring, continuous monitoring deliverables, POA&M tracking, and annual reassessment prep. Deploys inside an existing authorized boundary so customer data stays in the customer environment.

Learn more →

naicom / sessions NCC-441

naic-f804 · code

prompt: NCC-441-patch.md

● coding

naic-a219 · qa

review · commit 3b9d017

✓ closed

naic-7c3e · code

closed by receipt · signed

✓ closed

operator: alice@customer.gov 3 receipts · signed

NAICOM

Limited Release

Control plane for enterprise AI operations. Provides structured, auditable AI development workflows aligned to NIST AI RMF — issue-linked sessions, versioned prompt files, and a queryable audit trail across every change.

Learn more →

citadel / pack: cm8-inventory HOURLY

app-01.prodrpm_packages0

app-02.prodrpm_packages0

app-03.prodrpm_packages+1

Citadel

Limited Release

osquery fleet manager for regulated environments. Deploys and configures osquery agents across a host fleet, distributes compliance-aligned query packs, and turns results into a signed, queryable evidence stream for CM, SI, and AU-family controls.

Learn more →

The platform

Three products. One authorization boundary. One audit surface.

Run independently, each product stands on its own. Run together, they compose into a single evidence pipeline — from the edge request that authorizes access, through the AI-assisted change that ships the code, to the OSCAL artifact your 3PAO reads.

The stack

inside the customer boundary

03 · SYSTEM OF RECORD

FedRAMP Management Engine

OSCAL SSP · POA&M · continuous evidence

NIST 800-53 OSCAL FedRAMP

↑ evidence ↑

02 · AI OPERATIONS

NAICOM

Sessions · prompt files · attribution

AI RMF SA-11 SI-7

↑ evidence ↑

01 · HOST STATE

Citadel

osquery fleet · compliance packs · signed results

CM-6 CM-8 SI-4

engine / evidence-ledger · live signed · OSCAL-linked

Time	Source	Event	Control	Artifact
09:14:22	Citadel	pack cm8-inventory · 247 hosts · rows 101,924	CM-8, CM-8(1)	ssp.json §cm-8
09:14:48	NAICOM	session naic-f804 · role=code · NCC-441	SA-11, SI-7	ssp.json §sa-11
09:16:03	NAICOM	commit 3b9d017 · prompt NCC-441-patch.md	CM-3, CM-5	ssp.json §cm-3
09:16:21	Engine	control refresh · AC-2 · drift=0	AC-2	ssp.json §ac-2
09:17:05	Engine	POA&M PM-2026-0147 · verified closed	SI-2	poam.json §147

✓ 5 events · 3 sources · signed · OSCAL-linked · forwarded to splunk-prod

One evidence pipeline

Every event inside the boundary — access, AI work, control change — lands in the same OSCAL record. Auditors see one surface, not three.

Control coverage by design

AC, SC, AU, CM, SA, SI, and AI-RMF families are covered natively by the stack. No manual attestation pass.

Signed, tamper-evident

Every event is signed at its source. The evidence ledger is verifiable end-to-end without trusting Novaprospect.

Deploys in your boundary

The entire stack runs inside your authorization boundary. Customer data, policy, sessions, and audit records never leave your environment.

Compliance

Built for regulated environments.

Every architectural decision is made with government authorization in mind — not bolted on after the fact.

FedRAMP

Authorization path mapped from day one. Control implementation tracked and auditable across every component.

DoD IL2 / IL4 / IL5

Architecture aligned to the DoD Cloud Computing SRG. IL2 authorization is the near-term target with IL4 / IL5 defined on the roadmap.

NIST SP 800-53 Rev 5

Full control-family coverage tracked against the Rev 5 baseline. POA&M management and continuous monitoring built into the platform.

Audit trail

End-to-end logging across all components. Every event sourced, timestamped, and traceable.

About

About Novaprospect

Novaprospect, LLC is a New Mexico limited liability company. The company builds authorization, governance, and access-control software for organizations operating in regulated environments.

The product stack is purpose-built for compliance workloads. Every component is designed for reliability, auditability, and a clear path to FedRAMP and DoD IL authorization.

Contact

Get in touch about early access, partnerships, or general inquiries.