Compliance Statement
ResellerOS is purpose-built for the security and compliance requirements of federal and enterprise IT resellers. This statement documents our current posture — transparently.
“ResellerOS operates in an Azure GCC High environment with 24/7 monitoring, third-party compliance management, and zero-training AI data policies. We are actively aligning to CMMC 2.0 benchmarks, address NIST SP 800-171 controls for CUI protection, and are pursuing SOC 2 certification — built to support your compliance requirements.”
Compliance Frameworks
Azure GCC High Cloud
ActiveOur platform operates in an Azure Government (GCC High) environment — a hardened, U.S.-sovereign cloud infrastructure designed to support data residency and high-security requirements.
NIST SP 800-171
In ProgressWe have institutionalized a security program designed to address the 110 controls for protecting Controlled Unclassified Information (CUI).
CMMC 2.0
In Progress (~85%)We provide the necessary infrastructure and evidentiary documentation to support our customers' Level 2 certification initiatives. Approximately 85% aligned.
SOC 2
PursuingWe are pursuing SOC 2 certification. We have 24/7 monitoring and third-party compliance oversight and management in place today.
ITAR / Export Control
SupportedCapable of supporting strict U.S.-sovereign data residency and ITAR compliance via our Azure GCC High environment.
Security Infrastructure
Cloud Infrastructure
ResellerOS is powered by Microsoft Azure, with dedicated GCC High environments for Federal and high-security workloads.
Data Isolation
Your data is stored in a logically isolated environment, ensuring it is never co-mingled with other customers' data.
Encryption
Data is encrypted in transit (TLS 1.2+) and at rest (FIPS 140-2 validated AES-256).
Managed Security
Our environment is monitored 24/7/365 by a professional Security Operations Center (SOC) through our managed security partner.
Threat Detection
We use advanced threat detection including SIEM, endpoint detection and response, and proactive threat hunting.
Personnel Security
Administrative access to our sovereign environments is restricted to authorized U.S. personnel who have undergone comprehensive background verification.
AI Security & Data Sovereignty
Every AI interaction in ResellerOS is governed by strict data sovereignty principles. Your data stays yours.
Zero-Training Policy
Under our enterprise service agreement with Microsoft Azure, your data is never used to train or improve the underlying AI models.
Sovereign AI Processing
For our sovereign environment tenants, all AI processing remains entirely within the protected U.S. Government cloud boundary.
Stateless Sessions
AI requests are processed in a stateless environment. The model does not remember information between sessions.
Vaulted AI Multi-Tenancy
The AI only receives information from your specific, logically isolated data tenant at the exact moment of the request.
Customer-Directed Control
You guide what data flows between ResellerOS and your other business systems. We provide the tools to ensure these connections remain secure and compliant.
Audit Transparency
We maintain visibility logs of AI-assisted actions through our centralized Activity Logging system.
Need Compliance Documentation?
We provide compliance documentation packages for federal contracting requirements. Contact our Federal Success team to request our security artifacts, NIST 800-171 self-assessment, and infrastructure architecture overview.