Air-Gapped
No internet required. Runs entirely inside your classified network boundary.
FAIL-SHUT Gate
PROTECTED+ content is hard-blocked before inference — never FAIL-OPEN.
PSPF / ISM Aligned
Classification schema aligned to Australian government protective markings.
Agency-Held Keys
AES-256-GCM with encryption keys held and controlled by your agency — not OBEL.
Capabilities
Built for environments where failure is not an option.
Air-Gap Compatible Deployment
- Runs entirely within your classified network boundary — no call-home, no external DNS
- All model inference stays inside the sovereign perimeter
- Container image delivered via removable media or secure transfer protocol
- No dependency on public cloud infrastructure or vendor-managed endpoints
- Software updates delivered out-of-band via signed artefact packages
FAIL-SHUT Sovereign Gate
- ARGUS-i™ hard-blocks PROTECTED+ content — inference never starts on flagged material
- If the classifier errors or times out, the request is denied — never FAIL-OPEN
- Sovereign schema is version-locked and immutable per release; no silent updates
- Block rationale logged to tamper-evident audit vault before any response is returned
- Configurable block threshold: PROTECTED, SECRET, or TOP SECRET per deployment
Highside MCP Integration
- Model Context Protocol server runs inside the classified network — tools never call external APIs
- File system, database, and internal API tool calls scoped to approved resources only
- Every tool invocation classified, scrubbed, and audited before execution
- MCP session logs committed to internal audit vault — not routed externally
- Compatible with air-gapped agentic workflows and automated classification pipelines
PSPF / ISM / DTA Alignment
- Classification labels aligned to PSPF: UNOFFICIAL → OFFICIAL → OFFICIAL:SENSITIVE → PROTECTED → SECRET → TOP SECRET
- ISM control mapping available for ASD Essential Eight and ISM Chapter 3
- DTA Secure Cloud Strategy compatible — data residency fully within Australian jurisdiction
- IRAP assessment documentation available under NDA for accreditation purposes
- Audit export format compatible with GovTeams and agency SIEM integrations
Tamper-Evident Audit Trail
- Every AI interaction committed to an immutable internal audit vault before inference proceeds
- Commit SHA written per session — any alteration invalidates the chain
- Append-only structure: no silent deletion, no retroactive modification
- Compliance-ready export in JSON and CSV for agency audit and FOI requirements
- Audit vault can be directed to agency-controlled object storage (on-premises S3-compatible)
Data Isolation & Access Control
- Row-level security enforced at the database layer — no cross-tenant data access
- Integration with agency IdP via SAML 2.0 / OIDC for identity federation
- Role-based access: agency admin, department lead, end user — all audited
- AES-256-GCM encryption at rest; TLS 1.3 in transit — keys held by the agency
- No OBEL personnel access to classified data — zero-knowledge operational model
What's included
Every Gov Highside deployment includes:
Gov Highside is a superset of OBEL™ Enterprise — every commercial capability plus the sovereign controls required for classified network deployment.
Request a briefing- Everything in OBEL™ Enterprise
- Sovereign mode — FAIL-SHUT classification gate
- Air-gap compatible deployment package
- Highside MCP integration
- PSPF / ISM aligned classification schema
- Compliance-ready audit export (JSON + CSV)
- IRAP assessment documentation (under NDA)
- Agency IdP federation (SAML 2.0 / OIDC)
- AES-256-GCM with agency-held keys
- Zero-knowledge operational model
- Contract-only activation — no self-serve
- Dedicated onboarding engineer
- Priority support with defined SLA
Deployment process
From first contact to classified deployment.
Initial Engagement
Contact us to initiate a scoping conversation. We will sign an NDA and provide a technical briefing pack covering architecture, security controls, and deployment options.
Security Assessment
IRAP documentation, architecture diagrams, and data flow maps provided for your security team. We support agency IRAP assessors through the accreditation process.
Contract & Procurement
Gov Highside is contract-only — no self-serve activation. Procurement via standard Commonwealth contracting frameworks including DSPF-aligned clauses.
Deployment & Onboarding
Dedicated onboarding engineer. Air-gapped image delivered via approved transfer protocol. Deployment validated inside your environment before go-live.
Ongoing Operations
Priority support with defined SLAs. Software updates delivered out-of-band. Dedicated account contact for escalations and compliance queries.
Data residency
Where does each type of data live?
For Australian commercial and enterprise deployments, the default configuration keeps primary data in-country. Gov Highside air-gapped deployments keep all data inside your classified network — nothing leaves your perimeter.
Full sub-processor details and data transfer mechanisms are documented in the Data Processing Agreement. For accreditation documentation including architecture diagrams and data flow maps, see the Trust Centre.