Solutions
Public Sector — RAG inside the agency perimeter.
Data residency preserved. Federal Risk and Authorization Management Program (FedRAMP) trajectory. Every citation auditable.
Records research across agency document repositories, citizen-services policy Q&A for caseworkers, briefing-note drafting for program leadership, and program-knowledge research over the regulations and procedures that govern the work — running on the agency's own infrastructure or in a customer-owned cloud region the Authorization To Operate (ATO) already covers.
The regime
Public-sector deployments — federal civilian, federal defense, state, and local — share a common set of constraints: data residency in the appropriate cloud region or on-premises facility; an audit format the Office of Inspector General (OIG) or Government Accountability Office (GAO) can consume; identity in the agency's Identity Provider with Role-Based Access Control (RBAC) gating document scope; and a controls posture that maps cleanly to the National Institute of Standards and Technology (NIST) Special Publication 800-53 control families.
Citorum runs where these constraints require it: on-premises in the agency's data center, in a customer-owned Virtual Private Cloud (VPC) on Federal Risk and Authorization Management Program (FedRAMP)-authorized hyperscaler regions, or as a Citorum-managed dedicated tenant in a FedRAMP-aligned account. No documents, prompts, or model outputs cross the agency's perimeter in the default configuration; outbound traffic is explicit and limited to opt-in license state.
Workflows
Four workflows for public-sector programs
Discovery & Research
Records research across agency document repositories, regulation-and-bulletin search across the Federal Register, Code of Federal Regulations (CFR), and program-specific guidance. Faceted filtering on program, citizen relationship, date, and document type — citations to the document span the program officer actually clicks through to.
Compliance Q&A
Citizen-services policy Q&A for caseworkers and call-center staff, internal policy Q&A for program staff, retention-schedule lookups, and program-eligibility interpretation. Adjudication labels route uncertain answers to a program officer or supervisor before they enter a citizen record.
Drafting & Summarization
Briefing-note drafting for program leadership, citizen-response drafting grounded in the program's policy corpus, audit-response drafting with citations to the controls inventory. The reviewer sees what was cited and what was not, so the document survives the Office of Inspector General (OIG) review.
Knowledge Q&A
Program knowledge across the regulations, procedures, internal guidance, and prior decisions that govern the work. Faithfulness labels route uncertain answers to a knowledge-management reviewer rather than presenting them to a caseworker as authoritative.
What changes for public sector
The platform is the same; the configuration is mission-shaped.
Connectors target the document systems agencies actually run: SharePoint program sites, agency records-management systems, file shares holding regulations and procedures, and program-specific repositories. Where Federal Information Processing Standards (FIPS)-validated cryptography is required, the deployment ships with FIPS 140-3 modules. Where Impact Level 4 or 5 hosting is required, we deploy in the appropriate cloud region with that Authorization To Operate (ATO) boundary.
Identity integrates with the agency's Identity Provider (IdP) — typically Microsoft Entra ID Government, Okta Public Sector, or an on-premises Active Directory federation — so program officer, caseworker, supervisor, and Inspector-General roles flow through unchanged. The audit log records every retrieval, prompt, response, and faithfulness score in a format the Office of Inspector General (OIG) and Government Accountability Office (GAO) already consume, with default retention configurable to match the agency's records schedule.
Deployment topologies map to the agency's existing ATO: on-premises in the agency data center, in a customer-managed Virtual Private Cloud (VPC) in a Federal Risk and Authorization Management Program (FedRAMP)-authorized region, or as a Citorum-managed dedicated tenant in a FedRAMP-aligned account. The controls inventory is mapped to National Institute of Standards and Technology (NIST) 800-53 control families and supplied with the deployment package.
Run a pilot in one program office.
Most agencies start with one program and one document source. We scope, deploy, and have the program team running searches in weeks, not quarters — under the Authorization To Operate the agency already has.