One shared evidence layer for fifteen federal agencies
Fifteen-plus federal agencies are independently building AI compliance infrastructure for health AI. Each needs a source-traceable evidence layer, an OMB M-24-10 audit trail, and FedRAMP authorization. Without coordination: $32–82M in duplicated spend over five years with no interoperability. Skippy Federal is a FedRAMP High-authorized government deployment of Skippy's evidence infrastructure — one deployment, agency-scoped, shared evidence base, OMB-ready audit trail on every decision.
$32–82M in duplicated AI compliance spend — with no interoperability
OMB M-24-10 requires every federal agency that deploys high-risk AI to maintain a compliant audit trail and provide citizens the right to request human review and evidence basis for AI-assisted decisions. Each agency spending $3–15M to build this independently produces 15 incompatible systems — none of which can share evidence with the others.
A government-grade deployment wrapper — not a new AI model
Skippy Federal does not change what Skippy does. It wraps Skippy's existing products — Auth, Ground, DDI, Variants, Rare, Fraud, Pharmacovigilance — in the compliance, security, and audit infrastructure that federal deployment requires. The same 1.04B-finding graph powers CMS, the VA, NIH, and FDA from a single GovCloud deployment. Agency-scoped access control means each agency sees only its own data; the shared evidence layer means no agency duplicates the evidence base.
Federal-grade endpoints with OMB audit on every call
Federal evidence verification
OMB M-24-10 compliant claim verification. Wraps skippy-ground's verify endpoint with federal audit trail, agency logging, and citizen rights disclosure. Returns verdict, confidence, evidence chain, federal audit record, and citizen disclosure — all in a single signed response.
Audit trail retrieval
Retrieve the full audit trail for any decision — used for citizen appeals, OIG audits, and Congressional inquiries. Hash-chain verified, tamper-evident, with evidence snapshot at time of decision. 7-year retention (Federal Records Act).
Annual OMB M-24-10 compliance report
Cross-agency AI decision audit report in OMB M-24-10 format. Covers all AI-assisted decisions by program, with demographics breakdown for disparate-impact analysis. Pre-formatted for OMB annual reporting requirement.
AI impact assessment
OMB M-24-10 Section 5 impact assessment for new government AI deployments. Returns required controls checklist, Skippy Federal's control coverage, and gap analysis. Reduces from-scratch impact assessment time from 4–6 weeks to hours.
Agency gateway
Agency-scoped JWT issuance. Each agency and application gets separate credentials. Requests are routed to the appropriate Skippy product based on declared scope — ground:verify, auth:evaluate, ddi:check, variants:interpret, rare:diagnose, fraud:screen.
Cross-product federal routing
All Skippy APIs are available under /v1/federal/ with enhanced audit trail automatically applied — Auth, DDI, Variants, Rare, Fraud, Ground. Each agency sees only its own data; the shared evidence base serves all agencies from one deployment.
One deployment — products scoped per agency
| Agency | Scope | Products | Mandate / driver |
|---|---|---|---|
| CMS | Prior authorization + fraud screening | Skippy AuthSkippy FraudSkippy Ground | CMS-0057-F · Jan 2027 |
| VA | Polypharmacy safety + genomic interpretation | Skippy DDISkippy VariantsSkippy Rare | Oracle Health migration window |
| FDA CDER | Pharmacovigilance signal detection | Skippy PharmacovigilanceSkippy Ground | PDUFA VII performance goals |
| NIH / NCATS | Rare disease + clinical trial efficiency | Skippy RareSkippy Drug Discovery | CTSA network · Undiagnosed Diseases Network |
| OPM | Federal employee health benefit evidence grounding | Skippy GroundSkippy Auth | FEHB program requirements |
Every control federal deployment requires
Highest authorization level. Required for systems handling PHI and CUI. 500+ NIST SP 800-53 controls. 3PAO assessment by Coalfire.
Every AI-assisted decision generates a structured federal audit record. Agency ID, decision ID, evidence source, confidence, and cryptographic chain-of-custody — pre-formatted for OMB reporting.
Full Business Associate Agreements available. API operates without receiving PHI — queries use normalized clinical identifiers (RxNorm, ICD-10, CPT), not patient data.
AES-256 at rest, TLS 1.3 in transit, VPC isolation, immutable audit logs. Controls map to NIST SP 800-53 high baseline. FISMA annual authorization documentation provided.
All encryption uses FIPS 140-2 validated cryptographic modules — not just storage. Required for FedRAMP High. PIV card authentication for administrative access (HSPD-12).
Accessibility compliance for citizen-facing interfaces. Non-discrimination documentation for AI-assisted decisions affecting federally-funded programs.
18-month path to FedRAMP High — targeting Q1 2027
| Phase | Window | Key deliverable |
|---|---|---|
| Documentation | Months 1–3 | SSP, control implementation docs, boundary definition |
| 3PAO Assessment | Months 4–8 | Security Assessment Report (SAR) from Coalfire |
| POA&M Remediation | Months 8–10 | Findings addressed, evidence package complete |
| FedRAMP ATO | Months 12–18 | ATO issued by FedRAMP PMO |
| Agency ATOs | Months 14–20 | Individual agency ATOs leveraging FedRAMP package |
3PAO: Coalfire. Hosting: AWS GovCloud (us-gov-east-1). Agency ATOs leverage the FedRAMP package — no separate 3PAO assessment required per agency.
Priced for GSA schedule and enterprise agreements
Agency Standard contracts are signed with individual agencies. The OMB Enterprise Agreement tier captures the consolidation value proposition for agencies that would otherwise build evidence infrastructure from scratch.
| Tier | Price | Scope |
|---|---|---|
| Agency Development | Sandbox | Sandbox environment, no PHI. Proof-of-concept integrations. |
| Agency Standard | Custom | Full production deployment, single agency, all products in scope. |
| Multi-Agency Enterprise | Custom | All 15+ health agencies. Shared evidence base, agency-scoped isolation. |
| OMB Enterprise Agreement | Custom | Government-wide. OMB negotiates. Covers non-health agencies on request. |
Available on GSA Schedule 70 (IT) and CIO-SP4. Multi-year BPAs available at Agency Standard and above.
OMB M-24-10 requires agencies using AI in high-impact decisions to maintain an audit trail that: identifies the AI system by name and version, records the evidence basis and confidence level for each decision, preserves the right to human review, and enables citizens to request the specific evidence basis for decisions affecting them. Skippy Federal generates this record on every API call — not as a post-processing step, but as a first-class output. The federal_audit_record field in every response is the OMB M-24-10 record, hash-chained and tamper-evident, ready for annual OMB reporting.
Building for a federal agency?
Talk to the federal team. We work with agencies, GSIs (Accenture Federal, Booz Allen, SAIC), and health IT vendors serving federal programs. Sandbox access available before FedRAMP ATO.