Note: All identifying details have been anonymized at the client’s request. The insights and outcomes shared are accurate.
About
A large U.S. federal system integrator that wins and manages contracts across multiple concurrent federal programs. As the organization continues to grow its contract portfolio, it must stand up new secure network environments to support each new award, while ensuring that engineers and employees who work across multiple programs can do so without any risk of data crossing program boundaries.
The integrator operates in classified environments and is responsible not only for delivering technology solutions to its federal customers, but also for maintaining the internal infrastructure that allows its own teams to function securely at scale. The nature of this work, with staff often embedded across multiple programs simultaneously, creates unique communication and access control requirements that off-the-shelf tools cannot meet.
The Challenge: Enabling multi-program collaboration without data leakage
As the organization was awarded a new federal contract, it needed to stand up a brand-new classified network to support the program. Getting the network itself approved through the PCSA process was a known challenge, but the harder problem was what would run on it.
Many of the organization’s engineers and employees were simultaneously working across multiple programs at different RBAC and IL levels. The integrator needed a communication platform that could support these employees across programs while ensuring strict separation of data, so that information from one program could never, intentionally or accidentally, reach another.
Key challenges:
- Multi-program workforce: Engineers and employees working across multiple programs simultaneously required access to communications in each context without mixing information.
- Varying RBAC and IL levels: Different programs operated at different access control and information levels, requiring strict, configurable segregation.
- New network standup: The solution had to be approved for and deployable on a net-new classified network alongside the PCSA process.
- Auditability: Any platform used in this environment had to provide full audit capabilities to demonstrate that no data leakage occurred.
The Solution: Segregated communications with full auditability on a new classified network
The integrator deployed Rocket.Chat and Pexip on-premise on a new classified network, configured to provide fully segregated communication environments for each program. Access controls were tied to each employee's RBAC and IL level assignments, structurally preventing cross-program data access. The deployment passed all necessary approvals as part of the PCSA process, with full audit logging enabled across all communications.
The deployment was purpose-built to operate within the constraints of the new network environment, passing the necessary approvals as part of the overall PCSA process. Full audit logging was enabled across all communications, giving the organization the ability to demonstrate compliance and verify data integrity at any time.
Why Rocket.Chat + Pexip:
- Granular access control: Role-based access tied to program-specific RBAC and IL levels prevents cross-program data access.
- Segregated communication channels: Program communications are structurally isolated, not just by policy, but by architecture.
- Full audit logging: Every message and interaction is logged and auditable, supporting compliance requirements and oversight of multi-program employees.
- On-premise, classified deployment: Operates entirely within the organization’s sovereign infrastructure on the new classified network.
- Approval-ready: The platform supported the PCSA approval process for the new network standup.
The Outcome: Real-time collaboration across programs with zero data leakage
With Rocket.Chat and Pexip deployed across the new classified network, the integrator’s teams now have real-time communication capabilities across all relevant programs, with complete confidence that data is fully segregated and controlled. Engineers and employees working across multiple programs can collaborate effectively within each program context, with no risk of information crossing program boundaries.
Key benefits:
- Zero data leakage: Structural segregation of program communications eliminates the risk of cross-program data exposure, even for employees working across multiple programs.
- Real-time collaboration: Teams operate with low-latency, reliable communications across all program assignments simultaneously.
- Complete auditability: Full logging of all communications provides the evidence trail needed to demonstrate compliance and data integrity.
- Scalable for new awards: The deployment model can be replicated each time the organization stands up a new network to support a new contract win.
- Regulatory confidence: PCSA-approved and operating at the required IL levels, the platform meets the security posture required for classified program work.
.avif)
