Overview
Raintree Minerals operates with the assumption that contracts we win may touch Federal Contract Information (FCI) and may eventually involve Controlled Unclassified Information (CUI). Our infrastructure and process targets are scoped accordingly.
Compliance roadmap
- CMMC Level 1 — Year 1 target. Required for FCI handling.
- CMMC Level 2 — Year 2 target. Required for CUI handling on relevant DoD contracts.
- NIST SP 800-171 — controls implemented to support CMMC L2 readiness.
Operational controls
- All operational systems are hosted on managed infrastructure (Cloudflare, Vercel, managed Postgres) with provider-level security baselines and audit logging.
- Internal contracting and CRM surfaces are gated and excluded from public indexing; production access is restricted to authorized operators. Migration to a fully network-isolated perimeter is on the Year 1 roadmap.
- Authentication uses provider SSO with multi-factor enforcement on every account that touches contracting data.
- Secrets are managed through provider-native secret managers, not committed to source control.
- Subcontractor information collected through this site is stored in access-controlled systems and is not redistributed outside the active bid team.
Reporting a vulnerability
Send vulnerability reports to security@raintree.technology. We respond within two business days. Please do not test against production endpoints without coordination.