Permiso is built to operate inside your existing security boundary, under your existing controls, with full evidentiary support for the audits and FOIA requests that follow.
Permiso deploys on FedRAMP-authorized cloud infrastructure inside your agency tenant. The application itself reaches Authority to Operate through your agency's normal ATO process — we provide the documentation, security architecture, and engineering support to get there inside the contract period.
We've initiated and supported ATOs across federal agencies. The mechanics are familiar. The gates are well-understood. Phase 1 typically targets ATO-ready posture within four months of award.
Identity-based access at every layer. Login.gov for external users. Microsoft Entra ID or your equivalent IDP for internal. Mutual TLS between services. Per-request authorization, not perimeter trust.
Prompt injection defense at four independent layers. Every AI output traceable to source evidence. Cross-vendor QA on high-risk outputs. Human authority preserved at every decision point.
Drafts labeled as drafts. We treat legal defensibility as a system property — and we test for it the way you'd test for any other failure mode.
A 45-minute briefing tailored to your agency, your authorization types, and your compliance environment. No generic deck.