FORCE
FORCE// SECURITY POSTURE

Our Own Controls, Documented.

FORCE is GovCloud-native, FIPS 140-3, cryptographically tenant-isolated at Level 2, and auditable through an attestation ledger with 7-year S3 Object Lock retention. This page documents our current posture and the work in flight.

Infrastructure

  • • AWS GovCloud: us-gov-east-1 primary, us-gov-west-1 DR
  • • FIPS 140-3 endpoints on every AWS service
  • • All traffic TLS 1.3 or better
  • • No public-facing data plane; ALB + security groups only

Tenant Isolation (5 Layers)

  1. Cryptographic — per-tenant KMS for L2; shared platform key for L1
  2. Storage — DynamoDB tenant-prefixed partitions, S3 tenant prefixes with SCP + IAM, OpenSearch document-level security, Timestream per-tenant DB, Secrets Manager per-tenant prefix
  3. Compute — JWT tenant claim validated in Next.js middleware before any route handler
  4. AI — every Bedrock invocation tenant-scoped at the orchestration layer; complete prompt audit log
  5. Credentials — per-tenant Secrets Manager prefix with IAM enforcement

Automated Enforcement in CI

The tenant-isolation test pack runs as a blocking CI step. Any code change that allows a cross-tenant read fails the build. This is a property of the deployment pipeline, not developer discipline.

Attestation Ledger

Every evidence write and every assessor action is batched and Merkle-hashed into the attestation ledger. Ledger entries are persisted in S3 Object Lock compliance mode with 7-year retention, cryptographically demonstrable to auditors and forensically clean in the event of a security incident.

Compliance Roadmap

  • • CMMC L2 — in progress (Tenant Zero using FORCE for prep)
  • • FedRAMP Moderate — architecture aligned; formal package in scope post-DIBCAC
  • • SOC 2 Type II — in progress
  • • ISO 27001:2022 — planned Q4 2026

Reporting Security Issues

Email security@bigforgeone.com. PGP key on request. We respond within 24 hours for credible reports.