Key Considerations
Federal regulations (like those for FedRAMP) have many unexpected caveats which you will need to design your application around. This page is a list of relevant restrictions that you may not expect, as well as how to work around them.
This page will update frequently. Check back often!
Federal regulations significantly limit external APIs, SaaS products, etc.
Federal compliance frameworks like FedRAMP impose strict limitations on the use of external APIs, third-party SaaS products, and other external services. If you need access to specific APIs, see if you can use an approved technology on AWS (see here, under the FedRAMP Moderate column)
Only certain technologies are supported by Archon right now
Archon only has SDKs and components for select languages, technologies, and software. See Components for more info. If you need specific technologies, please let us know with this form
Your app will be mostly "offline" at runtime
In compliance with FedRAMP requirements, most applications must be designed to operate with minimal external network connectivity. This includes reliance on local resources and pre-loaded data during runtime. You should not rely on external connections to any components not provided by Archon.
No client-side session storage
Client-side session storage mechanisms, such as browser localStorage or sessionStorage, are prohibited in compliant environments due to security risks. You must use server-side sessions instead.
No intermingling of data with your corporate stacks
Federal regulations mandate strict data isolation between systems handling government data and other corporate systems. Any shared infrastructure or storage that mixes regulated and non-regulated data is a violation.