Process

How We Work

Fixed phases, named deliverables, no black boxes. You know what you are getting before you commit to the next step.

AI Development

AI tooling delivery

How we take compliance and automation tooling from problem definition to deployment inside your environment.

  1. 01

    Discovery and Requirements

    We map the target workflow, data sources, and compliance constraints, including whether the system must run on-premise, air-gapped, or in a FedRAMP-authorized cloud, and define success criteria before any code is written.

  2. 02

    Prototype

    We build a working demonstrator against your real artifacts so fit can be evaluated early. PRISM and SCORE were built with this same approach.

  3. 03

    Integration and Deployment

    We containerize and deploy into your environment with an audit-ready data layer, integrating with the systems and control frameworks your workflow already depends on.

  4. 04

    Validation and Handoff

    We validate outputs against the governing controls, document the system, and hand off with the training and support your team needs to operate it.

SBIR Proposals

Proposal development process

We engage early, before topics close, to maximize technical alignment and proposal quality.

  1. 01

    Topic Selection and Fit Analysis

    We review open solicitations across DoD, DHS, NASA, and NIH and identify topics where Kastle has prototype evidence or domain depth. We brief you on fit before you commit resources.

  2. 02

    Technical Volume Writing

    We write the technical volume from scratch, incorporating your prototype details, team credentials, and the agency-specific evaluation criteria. We do not use generic templates.

  3. 03

    SME Review and Red Team

    Our senior advisor reviews all technical volumes for evaluator-readiness. We red-team weak sections and revise before submission.

  4. 04

    Submission and Debrief

    We submit through the appropriate agency portal (DSIP, Grants.gov, SBIR.gov) and, if requested, debrief you on agency feedback after the decision is returned.

CMMC Readiness

Phased engagement

Our CMMC engagements follow a fixed-phase model so you know what you are getting at each step before committing to the next.

  1. 01

    Scoping and Discovery

    We define the CUI boundary, identify in-scope systems, and document your current environment. No assumptions about what you have or have not done.

    • CUI enclave boundary definition
    • Asset inventory (hardware, software, cloud)
    • Initial POA&M draft
  2. 02

    Gap Analysis

    We assess your current posture against NIST SP 800-171 and CMMC Level 2 practices. Each gap is scored, risk-ranked, and assigned an owner.

    • Control-by-control gap findings
    • Risk-ranked remediation backlog
    • SPRS score estimate
  3. 03

    Remediation

    We help you close gaps: writing policies, configuring systems, drafting procedures, and producing the evidence required for assessment. We do the work, not just point at it.

    • Policy and procedure documents
    • Evidence packages per control
    • Technical configuration guidance
  4. 04

    Documentation and SSP

    We produce a complete System Security Plan with control narratives, evidence references, and POA&M entries in formats compatible with eMASS and C3PAO review.

    • System Security Plan (SSP)
    • Plan of Action and Milestones (POA&M)
    • Self-assessment package
  5. 05

    Assessment Readiness

    We conduct a pre-assessment dry run against your completed documentation and identify any remaining issues before a C3PAO or government assessor sees the package.

    • Internal readiness review
    • Assessor Q&A preparation
    • Final evidence review

Bring a working prototype to your next bid.

Teaming, subcontracting, CMMC readiness, or SBIR development — we respond within one business day.