Ratify — Air-Gapped Policy Assessment Engine

Access Control Family Assessment

Select an AC control, review the system context, and watch Ratify perform a full RMF assessment — gap analysis, SSP narrative generation, and POA&M triage.

Select Control

System Implementation Context

The system is a classified C2 (Command and Control) application hosted on a hardened RHEL 9 server within a SCIF at a DoD facility. It uses Active Directory for identity management, PKI/CAC authentication, and role-based access controls managed through a custom authorization service. The system has 45 authorized users across 4 role types. Remote access is provided via an Aruba VPN concentrator with MFA enforcement. The system connects to SIPRNet and processes data up to SECRET//NOFORN.

Sample system context for demonstration. In production, Ratify ingests your actual eMASS system data automatically.

RATIFY ASSESSMENT ENGINE

CONFIDENCE

HOW THIS WORKS IN PRODUCTION

This demo shows Ratify in action. The Ratify appliance runs Llama 3.3 70B locally via Ollama inside your enclave — no external API calls, no cloud dependencies, no data leaving the boundary. The model ingests your eMASS export, maps controls to CCIs, and performs this same analysis across your entire control set continuously. What you just saw for one control, Ratify does for all 400+ controls in your baseline — automatically, on a schedule, air-gapped.