Nix in FedRAMP High environments now available in FlakeHub

jmartens1 pts0 comments

FlakeHub now has FedRAMP High AuthorizationSkip to main contentFlakeHub now has FedRAMP High Authorization , bringing Nix to federal agencies and their partners &rarr;<br>Get Determinate (opens in a new tab)

$refs.mobileMenu.querySelector('a')?.focus())" @keydown.escape.window="mobileOpen = false; $refs.mobileToggle.focus()" role="dialog" aria-label="Navigation menu" aria-modal="false" class="absolute inset-x-0 top-full border-t border-gray-200 bg-white dark:border-ds-border dark:bg-ds-bg lg:hidden">

FlakeHub now has FedRAMP High Authorization

Graham Christensen<br>July 15, 2026·6 min read

announcementflakehubfedrampcompliancegovernmentsecuritysupply-chaincui

United States federal agencies and their partners build and maintain some of the highest-stakes software on Earth—software that protects essential infrastructure, safeguards classified information, and delivers benefits and services to millions of people.<br>These are exactly the stakes Nix was built for thanks to its reproducibility guarantees and its profound implications for the software supply chain.

Today, we at Determinate Systems are excited to announce that we’re bringing the power of Nix to federal agencies directly: FlakeHub has now achieved FedRAMP High Authorization and is listed in the FedRAMP Marketplace , a result that we achieved by partnering with Knox Systems, the largest, longest-running federal managed cloud.

High Authorization means that our platform is now available to teams operating under the federal government’s strictest security requirements and to any organization that handles Controlled Unclassified Information (CUI), whether or not FedRAMP itself is a requirement for them.

In this announcement, we’ll tell you what FlakeHub is, why FedRAMP High specifically is a big deal, who this is for, and how it fits into a larger story about Nix, Determinate, and the right foundation for critical infrastructure.

FlakeHub, a platform for privately sharing and caching Nix flakes

FlakeHub is our all-in-one platform for Nix flakes, offering:

Private flakes . Share Nix flakes across your team or org without needing to handle SSH keys or static credentials.

FlakeHub Cache . A Nix binary cache that enables you to skip redundant builds by fetching pre-built artifacts, providing developers, CI runners, and production systems zero-evaluation deployments in resource-constrained and high-assurance environments.

Federated auth and fine-grained access control . Integrate with identity providers like GitHub, Entra, Okta, AWS STS, and enforce access policies.

Trusted publishing and provenance . Semantic versioning for Nix flakes, cryptographic provenance, and publishing restricted to authorized CI/CD systems, so you can answer “what’s running, and where did it come from?” with certainty instead of hope.

FlakeHub essentially Nix and flakes with a governed platform: the same reproducibility guarantees Nix is known for, plus the access control, auditability, and publishing discipline that a real organization—especially one under regulatory scrutiny—actually needs.

The significance of FedRAMP High

FedRAMP is the U.S. government’s program for vetting the security of software services before federal agencies and their partners are permitted to use them.<br>FedRAMP has three distinct impact levels:

Low is for systems in which a breach would have a limited adverse effect.

Moderate is the level that most commercial SaaS FedRAMP authorizations target and the minimum level for most non-public federal data.

High is reserved for the government’s most sensitive unclassified data (CUI) and systems.<br>Organizations that require this level include law enforcement, emergency services, and financial systems, all of which are domains where security breaches can have catastrophic consequences.

Only a small fraction of FedRAMP Authorized offerings in the FedRAMP Marketplace hold a High authorization.<br>Given the needs of our current and future customers, we opted to make sure that FlakeHub clears the highest available bar.

CUI and why it matters

While FedRAMP High Authorization is of vital importance for federal agencies and their partners, it also has benefits for other organizations that handle Controlled Unclassified Information (CUI) in the cloud.<br>That’s because CUI often shows up well outside standard government IT shops: in defense supply chains, aerospace, critical infrastructure operators, research institutions, and commercial entities under federal contracts or handling federally funded data.

Many of these organizations don’t need to become FedRAMP Authorized themselves, nor do they need every vendor they use to be FedRAMP Authorized.<br>But they do need a FedRAMP High Authorized vendor if their software handles CUI in any way, and if your organization uses Nix, FlakeHub now closes this crucial gap for you.<br>So if your organization has been stuck choosing between using Nix and maintaining a strong compliance posture, the trade-off has been effectively...

fedramp high flakehub federal systems authorization

Related Articles