Skip to main content

What's in the Government Engine

You may be wondering what sets the Development and Government engines apart. In summary, many of the required controls would be impractical or impossible to run on local development machines. Here's a summary of some features that differ on the Government Engine.

Cybersecurity tooling

Some cybersecurity controls require advanced configurations that must run in an environment fully managed by Archon. This includes vulnerability scanning, ingress protection, and more

Sophisticated cloud architecture

Production compliant environments require complicated configurations of virtual networks and mutual encryption to ensure federal data is not lost or stolen. These configurations are often not possible without datacenter technologies and resources.

FIPS-compliant encryption

Federal regulations require special encryption modes (See FIPS 140-2) that need custom versions of libraries to be compliant. Compiling crypto libraries on every configuration of development machine increases the barrier to entry significantly, so we only implement FIPS-compliant encryption when running in the Government Engine.

Compliant versions of components

Components like databases are hot-swapped for identical, federally compliant duplicates. These alternatives must be FedRAMP authorized, making them both expensive and difficult to spin up. As such, we stick to their open-source counterparts during development and switch them out when running on the Government Engine.

Configuration change restrictions

The Government Engine enforces change control and approvals for both deployments and configuration changes, which is a federal requirement. This process is inconvenient for development and is thus disabled.

Advanced authentication

Federal regulations require implementations of special forms of authentication that are often non-standard or expensive to deploy (see FIPS 201-3). These authentication modes are not enabled until absolutely necessary

Config Restrictions

Several configuration values are set to be more permissible during development. For instance, web sessions do not auto-terminate and cover sensitive information after a set time during development. This feature is necessary for compliance but very inconvenient for developers.

This is just a brief selection of key differences when switching to the Government Engine. For more information, contact your account representative.