Industry · SLED

Optimal for
State & Local Government.

Your state CIO and your CJIS auditor agree on one thing: prove your contractor's software meets state policy. Continuously.

Operator-grade · Mission first · Stay on channel

The pain

What we hear from State & Local Government teams.

Your state CIO sets policy from NIST. Your CJIS auditor reviews every system handling criminal justice information. FERPA covers every system with student records. Vendors paper over the gap. Nothing actually emits evidence.

// Scope

Optimal serves state agencies, K-12, higher education, and local government. Optimal is not a federal product. We do not claim FedRAMP, CMMC, DoD, or IL authorizations.

What ships with the platform

Harden. Verify. Prove.

Three phases of the same platform, applied to your SLED workloads.

// 01 · Harden

Pre-runtime baselines.

DISA STIG and CIS baselines applied to the containers handling state-classified data. Fix PRs in your Git.

// 02 · Verify

Continuous scanning.

Continuous scan against StateRAMP control baseline, CJIS Security Policy v6.0, FERPA-aligned access patterns.

// 03 · Prove

Live evidence.

StateRAMP-aligned evidence emitter (NIST 800-53 Rev 5 Moderate baseline), SOC 2, ISO 27001 evidence emitters.

Frameworks covered

What we emit evidence against.

Your compliance team is reading this. No marketing wrap. The frameworks Optimal generates evidence against, with the relevant control areas called out.

StateRAMP NIST SP 800-53 Rev 5 Moderate baseline, control evidence aligned to StateRAMP submission.
CJIS Security Policy v6.0 Continuous scanning against the policy areas covering criminal justice information.
FERPA Audit-trail emitter aligned to access patterns for systems with student records.
NIST SP 800-53 Rev 5 Moderate baseline control evidence.
SOC 2 Common Criteria + additional criteria, emitted from operational state.
What stays with you

The boundary, drawn explicitly.

Optimal hardens, scans, and emits evidence for the containers and cloud config running your state-classified workloads. Your agency policy, your authorizing official's decisions, your vendor relationships, and your records-management practices remain yours. The shared responsibility matrix draws the boundary explicitly so your compliance and policy teams know where Optimal ends and you begin.

The full shared responsibility matrix ships with the platform.

Stay on channel

Talk to an operator.

Bring your hardest delivery problem. We'll bring our perspective and what's possible right now.

Contact