Security Posture

Federal-grade discipline. Applied to the farm.

We are engineers who spent 20+ years inside DoD, DHS, and NASA programs. We bring that same control set — documented, audited, and owned by the customer — to every agritech engagement.

Governance & compliance

CMMC Level 1 self-attestation; Level 2 readiness in flight
DFARS 252.204-7012 controls applied across applicable engagements
NIST SP 800-171 mapped policy library, reviewed annually
SBA 8(a)-certified; federal contracting officers on staff

Hardware & supply chain

Strictly NDAA Section 848 / 1260H compliant UAS fleet (no DJI)
Vetted component sourcing with country-of-origin tracking
Firmware integrity verification before field deployment
Cradle-to-grave asset inventory for every program

Data & sovereignty

Customer-owned PostgreSQL / PostGIS data fabrics — no vendor lock-in
Encryption in transit (TLS 1.2+) and at rest (AES-256)
Role-based access control with audit logging
Documented data-residency posture per engagement

Operations & response

Documented incident response runbook with named escalation chain
Quarterly access reviews and credential rotations
Annual third-party penetration testing on production systems
Coordinated disclosure: security@consultjmj.com

Report a vulnerability

We accept coordinated disclosure from researchers in good faith. Send a clear proof-of-concept and impact summary to security@consultjmj.com. We acknowledge within two business days and provide a remediation timeline within ten. We do not pursue legal action against researchers who follow this process.