Federal Use
For U.S. government agencies, military commands, national laboratories, and federal contractors.
Who this is for
- U.S. Department of Energy national laboratories (LANL, LLNL, ORNL, ANL, PNNL, SLAC, BNL, NREL, INL, SNL, FNAL, Berkeley Lab, et al.)
- U.S. Department of Defense (active duty, reserve, DoD civilian, contractor)
- Federal civilian agencies (NIH, NASA, NOAA, DHS, DOC, et al.)
- FFRDCs and federally-funded contractors with prime/sub contracts
- State and local government (separately quoted)
Compliance posture
AiDotNet Enterprise builds for federal customers address the following frameworks:
| Framework | Coverage |
|---|---|
| NIST SP 800-218 SSDF | SBOM, signed packages, provenance attestations, dependency-lock workflow |
| NIST AI RMF | Model cards, risk registers, evaluation harness, intended-use docs (per model) |
| FIPS 140-3 | All cryptographic operations route through the validated OpenSSL FIPS provider on .NET 8+ Linux |
| FedRAMP-aligned controls | Audit logs, access controls, data residency (when deployed within agency boundary) |
| CMMC 2.0 Level 2 | Identification, authentication, audit, configuration management evidence |
| CUI handling | No data leaves the customer environment; no telemetry; no license server callout |
Air-gapped deployment
Federal customers regularly deploy in air-gapped environments where any outbound HTTP capability is a procurement-blocking concern. AiDotNet Enterprise custom builds address this:
- Telemetry compiled out. Standard NuGet packages default telemetry to OFF
but the code still exists in the binary. Enterprise custom builds set
DISABLE_TELEMETRYso the entire telemetry namespace is physically absent — verifiable by binary inspection. - License validation is offline. Signed license file (ed25519) validated entirely in-process. No license server, no online activation, no phone-home.
- Native dependencies are bundled and offline-installable. OpenBLAS / MKL native binaries ship within the NuGet package; no runtime download.
- Model weights stay in customer environment. Pre-trained models are loaded from local files; AiDotNet does not callout to model registries unless explicitly configured.
Licensing
AiDotNet is licensed under the Business Source License 1.1. Federal customers require an Enterprise license for production use. The Enterprise tier includes the custom-build capabilities, FIPS-compatible crypto, NIST SSDF artifacts, and dedicated support described above.
For procurement, AiDotNet supports the following purchase mechanisms:
- GSA Schedule (via reseller — contact us for current schedule holders)
- SBIR / STTR Phase III
- OTAs (Other Transaction Authority)
- Direct purchase via contract vehicle of your choice
Ooples is a small-business contractor (single-person LLC). We're set up for direct engagement with agency contracting officers; we do not currently have a CAGE code or DUNS but are working through registration on request.
Audit trail
For agencies performing third-party software security assessments, the following artifacts are available on request:
- Full source code (BSL terms apply for redistribution)
- SBOM (CycloneDX 1.5) and CycloneDX VEX
- Static analysis reports (CodeQL, Sonar, Codacy)
- Dependency vulnerability scan history (Dependabot, Trivy)
- SLSA Level 3 build provenance attestations
- External evaluation reports (most recent: 2026-05 static audit, available under NDA)
Contact
For federal procurement inquiries, contact
admin@aidotnet.dev
with subject [FEDERAL] <agency / lab name> and a brief description of
the intended use case, deployment environment (cloud / on-prem / air-gapped),
classification level, and target compliance frameworks.