Use AI with your sensitive data. Inside your compliance boundary.

Cloister Chat is a governed AI interface deployed inside your AWS GovCloud account. Every interaction is logged. Every output is traceable. Your data never leaves your boundary.

Book a CallSee the evidence engine →

Your team is already using AI with CUI. You just can't prove it's governed.

Right now, analysts paste contract language into ChatGPT. Proposal writers draft responses in Claude. Compliance researchers use Copilot to summarize regulatory guidance. None of it is logged, approved, or auditable. When the assessor asks what data AI has access to, the honest answer is: everything - and you can't prove otherwise.

Three layers. One deployment. Audit-ready from day one.

The interface your team uses

A familiar chat UI that connects to an LLM through Amazon Bedrock - inside your GovCloud account.

  • Text prompts and document analysis (PDF, DOCX, TXT, CSV)
  • Runs entirely within your VPC - no data leaves your boundary
  • Works with the Bedrock models authorized for GovCloud (Claude, Titan, Llama)

The audit trail that builds itself

Every interaction is logged with full metadata - user, timestamp, prompt, response, model version. Immutable. Exportable. Tamper-evident.

  • Logs encrypted with your KMS keys - you control access
  • One-click evidence export for C3PAO review (JSON + PDF)
  • Hash chain integrity verification - proves logs haven't been altered

The rules the auditor evaluates

Role-based access control, admin oversight, and a NIST 800-171 control mapping that drops into your System Security Plan.

  • Three roles: User, Auditor, Admin - least privilege enforced
  • Admin dashboard with usage analytics and failed login tracking
  • Control mapping covers all 14 NIST 800-171 families - reviewed by a C3PAO before your deployment

Deployed into your account. Not ours.

Cloister Chat is delivered as infrastructure-as-code into your AWS GovCloud account. You own the account, the data, and the encryption keys. We deploy it, you operate it. Under stewardship, we keep it current - version updates, security patches, regulatory changes - so your governance improves monthly instead of decaying.

  1. Step 1

    Assessment

    We map your AI use and identify the governance gap. (2-4 weeks)

  2. Step 2

    Deployment

    Cloister Chat goes live in your GovCloud account. (<1 week for a prepared environment)

  3. Step 3

    Stewardship

    Monthly updates keep your governance current as regulations shift. (Ongoing)

The evidence your assessor needs. Generated automatically.

When your C3PAO arrives, you hand them an evidence package. Here is what it contains:

  • Complete interaction logs for any date range - who asked what, when, and what the AI responded
  • User roster with role assignments and access history
  • System configuration - which models were active, what the system prompt was, session timeout settings
  • Admin action audit log - every configuration change, user addition, or account freeze
  • NIST 800-171 control mapping - how Cloister Chat addresses each control family, reviewed by an authorized C3PAO
  • Hash chain verification - cryptographic proof that logs have not been tampered with

This is what governance looks like when it's built into the tool - not bolted on after the audit.

The deadline is real. The governance gap is fixable.

Book a 30-minute call. We'll tell you exactly where your risk is.

Book a Call