Introducing A New Security Baseline#
Modern AI software stacks are built on dozens or even hundreds of open source projects, and NVIDIA AI Enterprise is no different. When adopting software for regulated environments, organizations must ensure both the functionality of the software meets the needs of the business while also ensuring the ongoing security of the adopted software meets or exceeds the applicable requirements.
To directly address the needs of the most demanding environments, a selection of NVIDIA AI Enterprise software has achieved a significant new security baseline, termed government ready. This designation indicates that the software meets the applicable software-oriented security requirements for use within a customer’s FedRAMP High or equivalent Sovereign boundary. By leveraging this secure, performant foundation in concert with a robust partner ecosystem, customers can confidently harness the power of AI to achieve their goals faster and more securely.
This milestone has been achieved through a Secure Software Development Lifecycle (SDLC) that incorporates applicable controls consistent with multiple, rigorous frameworks, and regulations including:
Equivalent Sovereign use cases
Appendix B lists the software components that have achieved this designation.
In order to deliver government ready software, NVIDIA executes the following actions prior to release.
Manage Supply Chain Risk: Carefully vet software and its dependencies for security vulnerabilities, integrity and ensure they originate from trusted and verifiable sources.
Ensure Secure Development Process & Outcomes: Ensure that 3rd party, open source and in-house development adhere to rigorous security processes designed to produce consistently secured software. This includes but is not limited to code scanning, vulnerability remediation and malware protection prior to initial release.
Implement and Document Hardening: Apply complex security configurations aligned with exacting standards like the Defense Information Systems Agency’s Security Technical Implementation Guides (DISA STIGs). This requires specialized expertise and constant vigilance to ensure configurations remain compliant as software is updated and utilized.
Enforce Ensure Cryptographic Compliance: Integrate, configure, and validate FIPS 140-3 compliant cryptographic modules to ensure all sensitive data, both at rest and in transit, is protected according to federal mandates. Failure to do so can result in immediate non-compliance and severe security gaps.
Government-ready software is built on hardened and minimal base images, often provided through strategic partnerships with industry leaders like Canonical. These images are engineered to be STIG hardened, ensuring a secure foundation upon which both infrastructure and applications are built. This proactive approach to security extends to continuous Common Vulnerabilities and Exposures (CVE) remediation, where identified vulnerabilities are promptly addressed and patched, minimizing attack surfaces and maintaining the integrity of the entire AI ecosystem. See Appendix A for additional information about hardened base images from Canonical and Red Hat.
Even after a solution has successfully met the bar for deployment in a production environment, organizations must maintain continuous monitoring and enforce compliance on an ongoing basis. This requirement alone means managing a complex and often disruptive patching cadence without breaking critical application dependencies, and document every action in detail for recurring audits. This creates a significant drain on resources and operational capacity, which is eliminated when using NVIDIA AI Enterprise government ready software.
Ultimately, choosing NVIDIA’s government ready software mitigates both the initial and ongoing difficulties associated with implementing less compliant AI software in FedRAMP High and similar environments.
Government Ready LLM Inferencing#
NVIDIA NIM™, a core component of NVIDIA AI Enterprise, offers a collection of user-friendly microservices designed for secure and reliable deployment of high-performance AI model inferencing across various environments including workstations, data centers, and the cloud. Leveraging cutting-edge inference technologies from NVIDIA and the community, such as NVIDIA Dynamo Triton, TensorRT-LLM, and vLLM, NIM is engineered to facilitate scalable AI inferencing, enabling confident AI application deployment anywhere.
The Multi-LLM NIM container simplifies deploying LLMs for high-performance inference on NVIDIA infrastructure. It supports models from Hugging Face or TensorRT-LLM formats, enabling enterprise-ready inference for hundreds of thousands of community and specialized LLMs. This allows customers to easily deploy compatible models with strong baseline performance and the flexibility to create optimized engines for higher throughput.
With the government-ready Multi-LLM NIM, deploying these models into regulated environments becomes straightforward. Users can bring their own trusted model and deploy into production, without having to worry about building a compliant inference stack and container.
The multi-LLM NIM, alongside NVIDIA and partner contributions, establishes a comprehensive stack for running AI models in regulated environments. This stack includes NVIDIA components such as the GPU Driver, GPU Operator, NIM Operator, and the Multi-LLM NIM itself, complemented by partner products like server hardware, operating systems, Kubernetes-based container orchestration platforms, and MLOps tools.