Defense + intelligence — regulator-aligned by default.
In-jurisdiction sovereign substrate (DM.03) by default, with confidential-compute uplift (DM.04) for ultra-sensitive workloads. ITAR / EAR-aware export-control posture, NATO STANAG-compatible interop primitives, and crypto-agility ahead of NSA CNSA 2.0 deadlines.
Defence procurement signs against three things in 2026: data sovereignty, supply-chain provenance, and post-quantum readiness. FlyttGo ships DM.03 sovereign deployment as table-stakes, SLSA L3 + Sigstore on every release artefact, and a public NIST FIPS 203/204/205 migration plan — three baseline asks already met before the engagement begins.
6 frameworks pre-mapped to the platform.
- VT.DF.RG.01
NATO STANAG 4774 / 4778
NATOConfidentiality labels + binding metadata for cross-domain information sharing. FlyttGo audit envelope carries STANAG-compatible classification labels.
- VT.DF.RG.02
ITAR / EAR (US)
United StatesExport-control awareness for defence-trade items. Identra LoA-substantial flow includes export-control attribute exchange where the buyer holds a licensed jurisdiction list.
- VT.DF.RG.03
NSA CNSA 2.0
United States · NSAPost-quantum mandate: full transition by 2030 (signing) / 2035 (everything). FlyttGo PQ.00 migration plan tracks this; hybrid classical+ML-DSA / ML-KEM in flight.
- VT.DF.RG.04
NCSC Cyber Essentials Plus + Secure by Design
United KingdomUK MoD baseline; FlyttGo CE+ certified annually. Secure-by-Design assessment on file.
- VT.DF.RG.05
BSI IT-Grundschutz
Germany · BSIFederal information security baseline. Module-level baselines mapped through Identra + audit envelope.
- VT.DF.RG.06
ANSSI · classified-network
France · ANSSIRestricted-network compatibility for sovereign deployments; sovereign substrate on French national datacenter under separate engagement.
- Identra · Identity
Federation across NATO trust lists; eIDAS LoA-substantial + qualified signatures; export-control attribute exchange.
- Civitas · Government Services
Inter-agency service bus with classification-label-aware routing under sovereign deployment.
- Workverge · Workforce
Cleared-personnel rostering with role-based access to classification-bound shifts.
- Ledgera · Financial Ops
Programme-level financial audit trail with multi-jurisdiction posting trees.
4 risks named, with mitigation.
- VT.DF.RK.01
Vendor-readable memory
Standard-substrate deployments allow privileged operator access to tenant memory. DM.04 confidential-compute substrate eliminates this exposure entirely (TEE-isolated workloads, attestation-verifiable boot).
- VT.DF.RK.02
Cryptographically-relevant quantum
Harvest-now-decrypt-later attacks already target high-confidentiality flows. PQ.00 migration prioritises long-confidentiality data first; TLS X25519MLKEM768 hybrid Q3 2026, full hybrid signing Q4 2026.
- VT.DF.RK.03
Supply-chain compromise
CycloneDX 1.6 SBOM published per release; Sigstore-signed images; SLSA L3 build provenance; OSV.dev + NVD cross-reference every six hours with auto-revocation.
- VT.DF.RK.04
Cross-domain information flow
STANAG 4774-compatible labels carried through the audit envelope; cross-domain solution integration available as a tier-bounded engagement add-on.
- NCSC Secure by Design assessment
- Crown Commercial Service (UK) defence-route contract vehicles
- BWI / BAAINBw (Germany) cooperation framework
- NATO Communications and Information (NCI) Agency framework participation
Open a programme on this vertical's terms.
Consultation routed to the desk handling defense + intelligence programmes. DM.04 substrate, L.06 tier and the regulatory framework matrix above presented at intake — scoping starts at SE.D2, not at framework discovery.