Air-Gapped AI Coding for Defense and Aerospace: ITAR, CMMC, FedRAMP, and the GovCloud Path (2026)
Defense contractors, prime aerospace manufacturers, and classified-program engineering teams have a binary problem with most AI coding tools: the tools require connectivity to a vendor cloud, and the program does not allow connectivity to a vendor cloud. There is no compromise position. The platform either works air-gapped or it does not.
In 2026, a small set of AI coding platforms genuinely support air-gapped deployment. The rest are unusable for ITAR-controlled, CUI-handling, or FedRAMP-scoped work by design. This post explains what air-gap actually means architecturally, which platforms deliver it, and how the deployment fits into the existing CMMC / NIST SP 800-171 / FedRAMP boundaries that defense buyers already maintain.
What “Air-Gapped” Actually Means
The term gets used loosely. For a defense engineering team, “air-gapped” carries specific architectural meaning:
- No public internet egress. The deployed platform’s VPC has no route to the public internet. All AWS service calls go through VPC endpoints.
- No vendor phone-home. The platform does not call back to the vendor’s cloud for licensing, telemetry, model invocation, or update checks.
- No external dependency at runtime. Code generation, knowledge-base retrieval, and audit logging all execute against AWS-native services inside the customer’s account. The platform does not need anything outside the customer’s VPC to operate.
- Updates apply on customer schedule. Platform updates ship as new Terraform module versions; the customer applies them through their normal change-control process. There is no auto-update mechanism the vendor controls.
A platform that satisfies all four conditions is air-gappable. A platform that satisfies three of four is not.
The Compliance Frameworks That Drive the Requirement
ITAR (International Traffic in Arms Regulations)
ITAR controls the export of defense-related articles, services, and technical data. ITAR-controlled technical data cannot be accessed by non-US persons or stored on systems accessible to foreign nationals. A SaaS AI coding tool with global infrastructure and offshore support staff is structurally incompatible with ITAR-controlled work. A platform deployed in AWS GovCloud, US-East regions only, with no external connectivity, gives the customer’s ITAR compliance team full control over data residency and access.
Important framing: ITAR is an export-control regime, not a certification program. There is no “ITAR certified” AI coding platform; the customer’s ITAR compliance team makes the determination based on the deployment.
CMMC (Cybersecurity Maturity Model Certification)
CMMC is the DoD’s framework for assessing contractor cybersecurity. CMMC Level 2 and above require specific controls around access, audit, configuration management, and system protection. An air-gapped AI coding deployment supports those controls because it runs inside the customer’s already-assessed environment:
- Access Control (AC) — IAM-based authentication with role-based permissions
- Audit and Accountability (AU) — full audit trail of every AI interaction
- Configuration Management (CM) — Terraform-managed infrastructure, all changes tracked
- Identification and Authentication (IA) — AWS IAM with MFA and SSO support
- System and Communications Protection (SC) — VPC deployment with VPC endpoints, KMS encryption
The platform itself does not provide CMMC certification — the customer’s overall posture covers it.
NIST SP 800-171 (Protecting CUI)
For contractors handling Controlled Unclassified Information, NIST 800-171 specifies 110 security requirements. Air-gapped deployment supports the requirements that matter for AI tooling: CUI never leaves the customer’s account, encryption uses customer-controlled KMS keys, access is IAM-scoped, and the audit trail captures every interaction.
FedRAMP
OutcomeOps is not independently FedRAMP-authorized. The platform deploys to the customer’s AWS account, which may be FedRAMP-authorized (including GovCloud). Because OutcomeOps deploys as Terraform into the customer’s authorized environment, it inherits the customer’s FedRAMP authorization boundary. AWS Bedrock is available in GovCloud regions for FedRAMP-relevant workloads.
Comparison: AI Coding Tools and Air-Gap Support
| Tool | No external connectivity | GovCloud deployment | Customer audit log |
|---|---|---|---|
| OutcomeOps Enterprise | Yes | Yes | Yes |
| GitHub Copilot | No | No | No |
| Cursor | No | No | No |
| Tabnine Enterprise on-prem | Yes | ⚠ Customer infra | ⚠ Local |
| Sourcegraph Cody self-hosted | Yes | ⚠ | ⚠ |
| Augment Code | No | No | No |
| Amazon Q Developer | No (AWS-managed) | ⚠ GovCloud limited | ⚠ CloudTrail only |
Status as of May 2026. Verify on vendor docs.
Years before Control Tower or AWS Landing Zones existed, my team built a private cloud and self-service automation platform at DaVita on Puppet plus Cliqr. The security team gated every firewall request as a matter of policy. I asked them, in our first working session, how many tickets they had ever denied. The answer was none. The gate was theater — it slowed the platform without changing the outcome. So we built the system to give security full visibility without putting them on the critical path: every request audited, every action logged, every guardrail enforced in code. The lesson generalizes to defense and aerospace work in 2026: in environments designed to say no, you do not negotiate exceptions. You build a platform that runs entirely inside the boundary security has already approved — no external license server, no vendor cloud, no dependency that triggers a review the customer’s posture has not already covered. Air-gap is not a feature flag. It is the architectural posture from day one.
What an Air-Gapped OutcomeOps Deployment Looks Like
For an Enterprise-tier deployment in AWS GovCloud:
- Region: AWS GovCloud (US-Gov-West-1 / US-Gov-East-1) per the customer’s ATO boundary.
- Network: Private VPC, no internet gateway, no NAT gateway. VPC endpoints for Bedrock, DynamoDB, S3, SQS, Lambda, KMS, Secrets Manager, CloudWatch.
- Model invocation: AWS Bedrock (Claude Sonnet for planning, Haiku for validation) via VPC endpoint. The Bedrock service itself runs in GovCloud.
- Knowledge base: S3 Vectors (GA 2025), encrypted at rest with customer KMS, accessible only via VPC endpoints.
- Audit logs: DynamoDB tables in the customer’s account, customer-keyed encryption, customer-controlled retention.
- Source control integration: GitHub Enterprise Server (self-hosted) or GitLab self-managed inside the customer’s perimeter. The webhook flow goes from the customer’s git server to API Gateway in their VPC.
- License server: Disabled. Enterprise tier operates without phone-home.
- Updates: Customer pulls Terraform module updates on their schedule, applies through their normal change-control process.
A defense contractor running a classified program with no internet egress can use the full platform with no path back to OutcomeOps systems. The platform behaves identically to the connected configuration in every way that matters — code generation, knowledge base querying, PR validation, audit logging.
Common Architecture Decisions for Defense Buyers
Defense engineering teams typically evaluate the deployment with a specific set of architectural concerns:
- Cleared personnel only. The customer’s IAM enforces who can access the platform; cleared personnel only. Standard AWS IAM patterns apply — SSO, IAM Identity Center, customer-managed roles.
- No foreign-national risk. The platform has no support staff with access. OutcomeOps personnel cannot reach the customer’s VPC; the deployed platform has no callback path.
- Audit retention beyond 12 months. Customer controls retention via DynamoDB TTL or archive-to-S3 patterns. Many defense programs require 7-year retention; the customer configures that against their existing storage class policies.
- Data classification labeling. Customer can tag indexed content with classification labels in the workspace metadata; retrieval respects the labels via IAM-scoped queries.
- Incident response. CloudTrail captures every API call into the platform. The customer’s existing SOC tools (Security Hub, GuardDuty, custom SIEM) cover the platform because it runs in their account.
For the broader regulated-industries view, see AI Coding Tools for Regulated Industries. For the deeper aerospace and defense treatment, see OutcomeOps for Aerospace and Defense.
How to Evaluate
The two-week PoC for air-gapped deployment requires more upfront coordination than a standard PoC because the customer’s GovCloud / classified environment has its own change-control process. Typical timeline:
- Week 0 (preparation): Customer compliance team reviews the Terraform module, the architectural bill of materials, and the audit log structure. Customer DevSecOps team plans the deployment into the GovCloud account.
- Week 1: Apply the Terraform into the GovCloud account. Verify VPC endpoints, no public internet egress, customer KMS keys, customer audit logging.
- Week 2: Connect a representative repository (often a non-classified system first), generate code, inspect output and audit logs. Compliance team confirms the deployment fits within the existing ATO boundary.
Book an enterprise briefing to discuss an air-gapped PoC. Defense and aerospace deployments typically engage the customer’s compliance team early; the briefing covers the deployment-model details before any Terraform applies.
OutcomeOps: The Future of AI Engineering
Opens Substack in a new tab to confirm. No spam — unsubscribe anytime.
Related reading
- AI Coding Tools for Regulated Industries — broader regulated-industry framing.
- Self-Hosted AI Coding Platforms — on-prem alternatives.
- AI Coding Tool That Deploys in Your AWS Account — the customer-AWS architecture.
- OutcomeOps for Aerospace and Defense — full sector treatment.
- Security & Compliance overview.