Your state CIO and your CJIS auditor agree on one thing: prove your contractor's software meets state policy. Continuously.
The pain
Your CJIS auditor reviews every system touching criminal-justice data and asks for continuous proof your vendors meet state policy. Optimal scans containers and cloud config against StateRAMP, CJIS v6.0, and FERPA-aligned access patterns. Evidence emits live, branded for your agency.
// Scope
Optimal serves state agencies, K-12, higher education, and local government. Optimal is not a federal product. We do not claim FedRAMP, CMMC, DoD, or IL authorizations.
What ships with the platform
Three phases of the same platform, applied to your SLED workloads.
// 01 · Harden
DISA STIG and CIS baselines applied to the containers handling state-classified data. Fix PRs in your Git.
// 02 · Verify
Continuous scan against StateRAMP control baseline, CJIS Security Policy v6.0, FERPA-aligned access patterns.
// 03 · Prove
StateRAMP-aligned evidence emitter (NIST 800-53 Rev 5 Moderate baseline), SOC 2, ISO 27001 evidence emitters.
Frameworks covered
Your compliance team is reading this. No marketing wrap. The frameworks Optimal generates evidence against, with the relevant control areas called out.
StateRAMP NIST SP 800-53 Rev 5 Moderate baseline, control evidence aligned to StateRAMP submission.
CJIS Security Policy v6.0 Continuous scanning against the policy areas covering criminal justice information.
FERPA Audit-trail emitter aligned to access patterns for systems with student records.
NIST SP 800-53 Rev 5 Moderate baseline control evidence.
SOC 2 Common Criteria + additional criteria, emitted from operational state.
What stays with you
Optimal hardens, scans, and emits evidence for the containers and cloud config running your state-classified workloads. Your agency policy, your authorizing official’s decisions, your vendor relationships, and your records-management practices remain yours. The shared responsibility matrix draws the boundary explicitly so your compliance and policy teams know where Optimal ends and you begin.
The full shared responsibility matrix ships with the platform.