Industry · SLED

Optimal for
State & Local Government.

Your state CIO and your CJIS auditor agree on one thing: prove your contractor's software meets state policy. Continuously.

Move at mission speed · Operate with evidence · Run the agents

The pain

What we hear from State & Local Government teams.

Your CJIS auditor reviews every system touching criminal-justice data and asks for continuous proof your vendors meet state policy. Optimal scans containers and cloud config against StateRAMP, CJIS v6.0, and FERPA-aligned access patterns. Evidence emits live, branded for your agency.

// Scope

Optimal serves state agencies, K-12, higher education, and local government. Optimal is not a federal product. We do not claim FedRAMP, CMMC, DoD, or IL authorizations.

What ships with the platform

Harden. Verify. Prove.

Three phases of the same platform, applied to your SLED workloads.

// 01 · Harden

Pre-runtime baselines.

DISA STIG and CIS baselines applied to the containers handling state-classified data. Fix PRs in your Git.

// 02 · Verify

Continuous scanning.

Continuous scan against StateRAMP control baseline, CJIS Security Policy v6.0, FERPA-aligned access patterns.

// 03 · Prove

Live evidence.

StateRAMP-aligned evidence emitter (NIST 800-53 Rev 5 Moderate baseline), SOC 2, ISO 27001 evidence emitters.

Frameworks covered

What we emit evidence against.

Your compliance team is reading this. No marketing wrap. The frameworks Optimal generates evidence against, with the relevant control areas called out.

StateRAMP NIST SP 800-53 Rev 5 Moderate baseline, control evidence aligned to StateRAMP submission.
CJIS Security Policy v6.0 Continuous scanning against the policy areas covering criminal justice information.
FERPA Audit-trail emitter aligned to access patterns for systems with student records.
NIST SP 800-53 Rev 5 Moderate baseline control evidence.
SOC 2 Common Criteria + additional criteria, emitted from operational state.
What stays with you

The boundary, drawn explicitly.

Optimal hardens, scans, and emits evidence for the containers and cloud config running your state-classified workloads. Your agency policy, your authorizing official's decisions, your vendor relationships, and your records-management practices remain yours. The shared responsibility matrix draws the boundary explicitly so your compliance and policy teams know where Optimal ends and you begin.

The full shared responsibility matrix ships with the platform.

Stay on channel

Talk to an operator.

Bring your hardest delivery problem. We'll bring our perspective and what's possible right now.

Contact