Can an oversight body or auditor verify the evidence independently?

Yes. Each decision record carries a content hash and a cryptographic signature (Ed25519 in production). An auditor, inspector general, or oversight body can re-hash the record and re-verify the signature offline, with no access to EVE's service, using the public key. Verification proves the record was not altered after the decision was made — supporting due-process and contestability requirements for automated determinations affecting the public.

Industries · Government & Public Sector

Prove every automated decision was accountable — before oversight asks.

Q: Does EVE CoreGuard make the government decision?

No. Your model, your case workers, and your agency make the determination. EVE CoreGuard governs that determination: it evaluates the proposed action against your government policy pack (aligned to NIST AI RMF and OMB M-24-10 minimum-risk practices) before the output is used, returns ALLOW, BLOCK, or MODIFY, and produces a signed evidence record. It is a governance and evidence layer, not a decision model.

Q: How does it support OMB Memorandum M-24-10?

M-24-10 directs federal agencies to apply minimum risk-management practices to rights- and safety-impacting AI, including documentation, impact assessment, and human review. EVE CoreGuard can block a rights-impacting determination that lacks a required human-review step or documented basis, and record what was present in the signed evidence — so the determination you act on and the record you keep are consistent and traceable to the rule that fired.

Q: How does it align with the NIST AI Risk Management Framework?

The NIST AI RMF 1.0 calls for AI that is accountable, transparent, and explainable across the Govern, Map, Measure, and Manage functions. EVE CoreGuard applies deterministic, versioned policy — the same input always produces the same governance decision — and writes a signed, hash-chained audit trail, supporting the Govern and Manage functions with a defensible, replayable record of each automated decision.

Q: Is EVE CoreGuard FedRAMP authorized?

Not yet. FedRAMP authorization is on our roadmap and we are pursuing it; EVE CoreGuard does not currently hold a FedRAMP authorization, an ATO, or a government impact-level certification. CoreGuard can deploy as SaaS, in your VPC, or fully on-prem inside your boundary, so an agency can evaluate it before any authorization milestone is reached.

Q: What does it cost to start?

Engagements start with a $37,500 design-partner pilot, scoped to a single automated decision workflow, with the pilot fee credited toward an annual license. The Enforcement license is $150,000 per year. See the pricing page for current tiers.

EVE CoreGuard enforces your AI governance policy — aligned to NIST AI RMF, OMB M-24-10, and EO 14110 — on each automated government determination before the model’s output affects a member of the public, and signs a replayable evidence record an oversight body can verify offline. Block the determination you can’t defend.

Policy decision in <1ms · Signed, hash-chained record · Offline-replayable for auditors & IGs

Book a 30-Minute Review See it block a violation

Enforces against NIST AI RMF OMB M-24-10 EO 14110 Due Process Section 508

The oversight question

A model card won’t answer “prove this automated determination was accountable.”

AI is moving into benefits eligibility, fraud and improper-payment detection, citizen-service automation, and procurement. The problem isn’t whether the model is accurate — it’s whether you can prove, decision by decision, that it stayed inside the law and policy. A probabilistic model plus application logs cannot show an auditor why a specific eligibility denial was issued, that the required human-review step occurred, or that a rights-impacting determination met OMB M-24-10’s minimum-risk practices.

OMB M-24-10

Rights-impacting decisions without review

M-24-10 requires minimum-risk practices — including human review and documented basis — for rights- and safety-impacting AI. A determination issued without them is a control gap, and these scale fast across a program.

Due Process · Contestability

Decisions the public can’t contest

When an automated determination affects a person’s benefits or status, they are owed a defensible, explainable basis. Without a replayable record of why a determination was made, the decision is hard to contest — or to defend.

NIST AI RMF

Accountability & documentation gaps

The AI RMF expects controls that are accountable, transparent, and auditable across Govern and Manage. Probabilistic outputs that drift with model version meet none of those.

EO 14110

Inconsistent determinations

If the same applicant profile can get different outcomes across model versions, you can’t explain — or defend — why a given determination happened, undermining the consistency public-sector AI is expected to demonstrate.

What EVE CoreGuard does

Deterministic enforcement, then signed evidence — on every decision.

CoreGuard sits in front of your decision model as a governance layer. It evaluates each proposed determination against your government_v1 policy pack and returns ALLOW, BLOCK, or MODIFY before the output is used — then writes a cryptographically signed record of exactly which rule fired and why.

Enforce policy before the determination is used

The government_v1 pack encodes NIST AI RMF and OMB M-24-10 minimum-risk practices. The same input always produces the same governance decision — deterministic, not probabilistic.

Block rights-impacting decisions that skip required review

If a rights-impacting determination is missing the human-review step or documented basis M-24-10 requires, CoreGuard blocks it and records the gap — so the action you take matches the record you keep.

Gate every model update before it reaches the public

Each model change is simulated against your governance policy and blocked before promotion if it shifts outcomes for a protected group. See the EVE Model Update Firewall →

Hand the auditor a record they can verify themselves

Every decision becomes a signed, hash-chained evidence record (Ed25519 in production). Re-hash and re-verify it offline with the public key — no EVE service required. Verify a record →

governed decision · signed evidence record ✓ VERIFIED

decision_idDEC-00042

policygovernment_v1 · OMB M-24-10 / due process

verdictBLOCK — rights-impacting decision lacks required human review

content_hashsha256:3204f3d6…1ef0f3130

signatureed25519:4e542efc…a10250b02

Sample record · re-hash + Ed25519 re-verify, no EVE service required Verify a record offline →

The economics

One prevented governance failure pays for years of control.

The price tag on a single public-sector governance failure dwarfs the cost of the control that prevents it.

Governance failureIllustrative costWhat drives the number

Improper benefit paymentsEligibility · fraud / improper-payment detection

$100M–$1B+

Public GAO and agency-OIG reporting puts federal improper payments in the tens to hundreds of billions per year program-wide; a single erroneous-determination pattern can drive large recoveries and clawbacks.

Wrongful denial → remediationDue process · contestability

$1M–$50M+

Reversing a class of wrongful automated denials means back-payments, manual reprocessing, and corrective-action programs — before any litigation or settlement exposure.

Adverse audit / IG findingAccountability · control deficiency

$500K–$5M+

A lookback review, outside assessors, and added control staffing to clear an audit or inspector-general finding, plus program-pause cost while the gap is remediated.

Illustrative ranges drawn from public GAO / OIG improper-payment reporting and published audit findings — not EVE customer results. Model your own exposure with the ROI calculator. EVE CoreGuard’s Enforcement license is $150,000/year.

Deployment

Your data never leaves your tenant.

CoreGuard runs as SaaS, in your VPC, or fully on-prem. The governance decision and the signed record are produced inside your boundary — nothing about a member of the public is sent to EVE to make a decision. FedRAMP authorization is on our roadmap; CoreGuard is not yet FedRAMP authorized. See deployment models →

SaaS

Fastest start. Decisions and signed records produced in an isolated tenant. FedRAMP authorization is on the roadmap, not yet held.

VPC / Private

Runs inside your cloud account, under your network and key controls.

On-prem

Air-gap-friendly for programs that keep automated decisioning fully in-house.

Auditor access

Issue scoped, time-boxed evidence links so an auditor or IG can verify records directly.

Questions buyers ask

Public-sector AI governance, answered plainly.

Does EVE CoreGuard make the government decision? +

No. Your model, your case workers, and your agency make the determination. CoreGuard governs it: it evaluates the proposed action against your government policy pack before the output is used, returns ALLOW / BLOCK / MODIFY, and produces a signed evidence record. It is a governance and evidence layer, not a decision model.

How does it support OMB Memorandum M-24-10? +

M-24-10 directs agencies to apply minimum risk-management practices — including human review and documented basis — to rights- and safety-impacting AI. CoreGuard can block a rights-impacting determination that lacks a required review step and record what was present — so the action you take and the record you keep are consistent and traceable to the rule that fired.

How does it align with the NIST AI Risk Management Framework? +

The NIST AI RMF 1.0 calls for AI that is accountable, transparent, and explainable across the Govern, Map, Measure, and Manage functions. CoreGuard applies deterministic, versioned policy — the same input always produces the same governance decision — and writes a signed, hash-chained audit trail, supporting the Govern and Manage functions with a defensible, replayable record.

Can an oversight body verify the evidence independently? +

Yes. Each record carries a content hash and a cryptographic signature (Ed25519 in production). An auditor, inspector general, or oversight body can re-hash the record and re-verify the signature offline with the public key, no access to EVE’s service required. Verification proves the record was not altered after the decision was made — supporting due-process and contestability requirements.

Is EVE CoreGuard FedRAMP authorized? +

Not yet. FedRAMP authorization is on our roadmap and we are pursuing it; CoreGuard does not currently hold a FedRAMP authorization, an ATO, or a government impact-level certification. CoreGuard can deploy as SaaS, in your VPC, or fully on-prem inside your boundary, so an agency can evaluate it before any authorization milestone is reached.

What does it cost to start? +

Engagements start with a $37,500 design-partner pilot, scoped to a single automated decision workflow, with the pilot fee credited toward an annual license. The Enforcement license is $150,000/year. See the pricing page for current tiers.

Bring one automated decision workflow under deterministic governance.

A 60-day design-partner pilot puts CoreGuard in front of a single decision flow, produces signed evidence on real determinations, and credits the pilot fee toward your license.

Start a design-partner pilot See pricing

FedRAMP authorization on the roadmap — not yet held. 90 U.S. patent applications filed.