🤫husshhussh
  • Wiki
Reserve
🤫husshhusshOneOne Puppy
🤫 Trust, security & certifications

Built for the most regulated places on earth. Honest about where we are.

We are getting prime-time ready for the world's most regulated industries, starting with defense, intelligence, and national security. That means targeting FedRAMP High and the DoD Impact Levels, on top of the consent-first, data-ownership architecture underneath 🤫 Agent One and the 🤫 Puppy One edge grid. This is our public roadmap with committed windows. Every status here is a target / in-pursuit milestone, never an assertion that we are already certified.

Talk to the trust teamFederal government & agencies
How we run this roadmap

Optimistic about progress. Honest about status.

Public & committed

We publish the dates

Every target window is stated publicly so partners, integrators, installers, and agencies can plan around what to expect by when - no private roadmaps, no vague 'coming soon'.

Honest about status

Target, not a claim

Until an attestation or authorization is granted, every item reads as in-pursuit / target. We never describe ourselves as certified before we are.

We document slips

Delays and early releases

If a window moves, we say so and explain why. If we land early, we celebrate it. The record stays accurate - optimistic about progress, critical about what to improve.

Built for our partners

Usable by your whole chain

End-users, installers, implementation, deployment, distribution, and support partners can all rely on this page to set expectations with their own stakeholders.

Status legend. In pursuit / target means active work toward a stated window - not a granted attestation or authorization. We will update each item to achieved only when the certificate, attestation, or authorization is formally issued, and we will date it.

Why we fit, before any badge

The architecture regulated buyers actually evaluate.

Certifications confirm controls; they do not create them. The reason 🤫 is built for regulated work is the architecture underneath: the customer owns the data and the hardware, every access is consented and logged, and it can run sovereign or on-device. These are design properties of the product, stated plainly, not certifications.

Data ownership

The data stays the customer's

Agent One runs on hardware the customer owns, and the personal and mission data lives there. There is no quiet copy on someone else's cloud to breach.

Consent-first (PCHP)

Every access is scoped and logged

The Personal Consent & Hushh Protocol gates every read and share: least privilege, scoped grants, revocable, and a receipt for every action. Auditors love a receipt.

Sovereign & on-device

Runs where the mission requires

On-device and at the sovereign edge (🤫 Puppy One), so deployments can be air-gapped, region-bound, or controlled-environment, not forced into a public multi-tenant cloud.

Zero-trust

Verify everything, trust nothing by default

Identity-aware access, strong authentication, and segmentation throughout. No implicit trust between components or networks.

Encryption everywhere

At rest and in transit

Strong encryption by default, targeting FIPS 140-3 validated modules for the federal track. Keys the customer can control.

Auditability

An immutable record

Receipts and logs give a tamper-evident trail of who accessed what, when, and under whose consent, the evidence an ATO and a CISO both need.

The roadmap

Every standard we're pursuing, with a target window.

In pursuit · target 2027

FedRAMP High

The headline goal for federal and national-security workloads. Pursuing an agency sponsor and a 3PAO assessment, Moderate first then High. Status: in-pursuit, not authorized.

In pursuit · with FedRAMP High

DoD Impact Levels IL4 / IL5

Sovereign and controlled-environment deployments for the IL4/IL5 mission set, pursued alongside FedRAMP High for defense customers.

Exploring · long term

DoD IL6 (classified)

For SECRET-level mission needs, exploring an IL6 path in sovereign enclaves. Long-horizon and dependent on sponsor and environment. Status: exploratory.

In pursuit · target 2027+

CMMC 2.0 (Level 2)

Aligning to NIST SP 800-171 for the defense industrial base; Level 2 assessment targeted as the program matures.

In pursuit · foundation

NIST SP 800-53 & 800-171

The control families underneath FedRAMP and CMMC. We are building and documenting to these as the security foundation everything else inherits.

In pursuit · target H2 2026

SOC 2 Type II

Observation period underway; Type II attestation targeted for H2 2026. Type I readiness reached first as a milestone on the way.

In pursuit · target H2 2026

ISO/IEC 27001

Information-security management system build-out in progress; Stage 1 then Stage 2 audit targeted for the second half of 2026.

In pursuit · target 2027

ISO/IEC 42001 (AI management)

Pursuing the AI-management-system standard for governed, auditable agentic AI, targeted to follow 27001.

In pursuit · target 2027

FIPS 140-3 cryptography

Validated cryptographic modules for data at rest and in transit, a prerequisite for the federal track.

In pursuit · target H1 2027

HIPAA readiness

Safeguards and a BAA program for regulated health workloads; readiness targeted for the first half of 2027.

In pursuit · target 2027

PCI DSS

For payments and the 🤫 Gold ID. Card data is handled by our payment processor today; full PCI DSS scope is on the roadmap.

In pursuit · ongoing

Section 508 & WCAG 2.2 AA

Accessibility is a federal requirement and a value. We build and test to 508 and WCAG 2.2 AA as an ongoing commitment.

In pursuit · ongoing

GDPR & EU-US Data Privacy Framework

Consent-first by construction (PCHP). Data-residency and DPF alignment is an ongoing, continuously-maintained commitment.

In pursuit · follows FedRAMP

StateRAMP

Planned to follow the FedRAMP track for state and local government deployments.

Planned · international

IRAP, UK G-Cloud & allies

For allied governments, IRAP (Australia) and UK frameworks are planned as the sovereign-edge footprint expands.

Target windows are good-faith estimates and may move; when they do, we update this page and note the change. This roadmap is informational and is not itself a certification, attestation, or authorization.

How regulated onboarding works

From sponsor to scale, with one accountable owner.

01

Sponsor and scope

We align with an agency or prime sponsor, scope the mission system, and map it to the controls and the authorization path (ATO).

02

Controlled pilot

Stand up a pilot in a controlled or sovereign environment on hardware you own, with consent and audit on from day one.

03

Assess and authorize

Work through readiness, the 3PAO assessment, and authorization, documenting evidence and dating every milestone publicly.

04

Scale with accountability

Grow with one accountable owner and forward-deployed engineering, so what we sell we can actually run and re-authorize.

Investors and early customers can start now: we onboard through controlled pilots while the authorizations progress in parallel, so mission value begins before the final badge is granted, with full honesty about status at every step.

Why we publish committed dates

Partners can't plan around a secret.

Readiness
→
Audit / assessment
→
Granted & dated
Readiness → audit/assessment → granted. We publish where each standard sits on this path, and the date we're aiming for.
The commitment, in numbers

A roadmap you can hold us to.

15+
Standards in pursuit

FedRAMP High, DoD IL4/IL5, CMMC, NIST 800-53/171, FIPS 140-3, SOC 2, ISO 27001 & 42001, HIPAA, PCI DSS, 508, GDPR/DPF, StateRAMP.

Public
Every target date

Committed windows on this page - so your stakeholders can plan around them.

Dated
Every change

We log slips and early releases as they happen. The record stays accurate.

Building for the most demanding environments.

If your standard isn't listed, or you need a sponsor conversation, talk to our trust team - we'll tell you exactly where we are and what we're targeting.

Talk to the trust teamOne for your enterpriseGetting started guide

One is a product of Hushh Technologies Corporation (brand: 🤫 “hussh”), an independent company. One runs on third-party silicon, systems, and cloud; all company names are used solely to describe the platforms on which One software runs. Hushh Technologies is not affiliated with, endorsed by, sponsored by, or partnered with any company named.

Agent One

  • Overview
  • The 🤫 One app
  • Everything you already use
  • Your life, coordinated
  • A free 🤫 One for every human
  • First-time user guide
  • Watch — see it in a minute
  • Moments — when it connects the dots
  • Pricing
  • Tag One
  • Claim your One

Puppy One

  • Get One
  • The Puppy 100
  • Why Puppy
  • How it works
  • The catalog
  • Brochure, lineup & specs
  • User guide
  • The AI Factory

Solutions

  • Industry solutions
  • For business
  • Enterprise
  • Federal government & agencies
  • 🇺🇸 For service members & veterans
  • 🤫 for America's builders
  • Open letter to the Top 20
  • 🇦🇪 UAE university partnerships
  • For advisors (RIAs)
  • Developers

Ecosystem

  • Partner Portal
  • Partners & GTM hub
  • 🤫 Partner Alignment
  • Build with us
  • The network
  • Day 0 Trusted Circle
  • One for Sellers
  • The pitch - by firm
  • Customers
  • See One live
  • Media - reels & social assets

Resources

  • 🗺️ Visual site map
  • Explore - the whole site, mapped
  • Search every page
  • Sitemap
  • Browse (developer view)
  • The Heartbeat
  • Research & papers
  • Blogs
  • Listen - the podcasts
  • Guides - by topic
  • Wiki

Company

  • About
  • Team
  • Investors
  • Fund A
  • Building in the open
  • Newsroom & press
  • Release notes
  • Careers
  • Rewards
  • Contact
  • Accessibility

Gratitude

  • Gratitude - people we admire
  • Community - the Apple Champions
  • The 1024 - humans of the world
  • Humans we celebrate
🤫husshhusshKirkland, WAPrivacyTerms

© 2026 Hushh Technologies Corporation - an independent company.