Infrastructure By Industry Government
Vertical · Government · County · Municipal · Agency

Networks that pass audit, procurement, and policy.

Public-sector networking is three problems in one: a compliance problem (CJIS, NIST, CMMC), a procurement problem (cooperative contracts, bid specs), and an operations problem (budget cycles, workforce constraints). Netcom engineers to all three simultaneously.

Talk to an Engineer See Reference Architecture
CJIS v6.0
Security Policy-aligned design for law-enforcement records systems
NIST 800-171
control mapping for CUI handling and CMMC 2.0 Level 2 posture
Coop
procurement through Sourcewell, NASPO ValuePoint, OMNIA, TIPS
Government · Mid-Market Reference
Government reference architecture: Catalyst 9500 core with VRF-isolated CJI enclave, Duo Advanced Authentication mapped to CJIS 5.6.2.2, Cisco Umbrella Gov for DNS-layer security, FirstNet-ready Cradlepoint R1900 vehicle routers, and Splunk logging with 365-day CJIS retention
Government-specific pain

Three customers in every deal: your agency, the auditor, the procurement officer.

Public-sector networks have to survive three reviews that private-sector networks never see. CJIS auditors want proof that NCIC queries traverse an isolated path with encrypted transport and documented advanced authentication. NIST 800-171 assessors want control-by-control mapping for every system that handles CUI. And procurement officers want the whole thing to land on a cooperative contract they can approve without a new RFP.

Layered onto that: budget cycles that don't forgive missed timelines, workforce constraints that make in-house operations unrealistic for many smaller jurisdictions, and public-records disclosure obligations that shape how logging and retention are architected.

Netcom designs public-sector networks with all three reviewers in mind from day one. We cite the specific CJIS v6.0 control to every firewall rule. We map every design element to the NIST 800-171 control it satisfies. We scope the procurement against Sourcewell, NASPO ValuePoint, OMNIA Partners, or TIPS so your purchasing officer can approve the award in a single meeting. And we do the managed service through a model that works for agencies without an IT staff big enough to carry their own NOC.

Compliance & Procurement

Frameworks and contracts that pass every review.

CJIS Security Policy v6.0
NIST 800-171 r3 (CUI)
CMMC 2.0 Level 2
FedRAMP-authorized SaaS (Moderate/High)
StateRAMP for state & local
Sourcewell · NASPO · OMNIA · TIPS cooperatives
Reference Architecture

Hardened, logged, and mapped to the control.

Sized for county or municipal agency (5–30 facilities). Scales up to state-agency footprints and down to small-city scope.

Public-sector mid-tier: VRFs for CORP (general gov), CJI (law enforcement enclave), PUBSAFETY (911/dispatch/FirstNet), FLEET (vehicles), each with control-by-control framework mapping to CJIS v6.0, NIST 800-171 r3, and CMMC 2.0 Level 2
Government · county / municipal · 5–30 facilities · mixed IT + law-enforcement

Cisco-native stack · Duo MFA · Umbrella DNS · microsegmented CJI

Cisco Catalyst 9500 core with Catalyst 9300 at access, segmented into distinct VRFs for general government, law enforcement (CJI), public safety, and guest. Duo delivers phishing-resistant MFA mapped to CJIS advanced-authentication requirements; Umbrella Gov delivers DNS-layer protection with CJIS-aligned logging. ZTNA via Cisco Secure Access (FedRAMP Moderate) replaces VPN for remote officers accessing records systems. Splunk Enterprise or FedRAMP-authorized SIEM centralizes logs with CJIS retention aligned.

RoleVendor & ModelNotesFramework ref
Core / distributionCisco Catalyst 9500 SVL pairVRF separation · per-VRF ACLsCJIS 5.10 · 800-171 SC-7
Access switchingCatalyst 9300-48P802.1X · TrustSec SGTs · dynamic VLANCJIS 5.5 · 800-171 AC-17
NAC / policyCisco ISECert-based auth · profiling · SGT assignmentCJIS 5.6 · 800-171 IA-2
MFADuo (FedRAMP Moderate)Phishing-resistant · push · WebAuthnCJIS 5.6.2.2 AA
DNS-layer securityCisco Umbrella (FedRAMP)CJIS-aligned logging · content filteringCJIS 5.13 · 800-171 SI-4
ZTNA for remote officersCisco Secure AccessIdentity-aware · posture-gated CJI accessCJIS 5.13.1 · AC-17
Site-to-site WANCatalyst 8200 SD-WANAES-256 IPsec tunnels · dual-transportCJIS 5.10 SC-8
Logging / SIEMSplunk Enterprise (on-prem or GovCloud)Immutable · CJIS 365-day retentionCJIS 5.4 · 800-171 AU
Cellular (public safety)Cradlepoint R1900 · FirstNet-readyVehicle-certified · GPS · AES-256CJIS 5.10
Procurement vehicleSourcewell / NASPO / OMNIA / TIPSPre-competed pricing · single-meeting approval
Case Stories

Composite examples from public-sector engagements.

Illustrative agencies drawn from real deployment patterns. Names are fictional; scope, vendors, and outcomes reflect actual Netcom work.

County Government · 18 facilities

Summit County · CJIS-aligned network refresh

Refresh bundling courthouse, sheriff's office, 911 dispatch, clerk, and 14 service buildings. Netcom designed Catalyst 9500 core with VRF-separated CJI enclave, Duo MFA mapped to CJIS 5.6.2.2, Sourcewell procurement. Procurement reality: the original BOM couldn't clear the county's dollar threshold for single-source award on one line item; we split the Catalyst order across two phases (this fiscal year + next) and added a rider to keep the cutover coherent. Added 60 days to timeline, kept procurement clean. Audit passed first assessment cycle post-cutover.

CJIS
audit-clean at first
assessment post-cutover
Port Authority · Maritime Security

Port Authority of Ravenmoor · perimeter surveillance network

Port authority needed redundant networking for waterfront surveillance — PTZ cameras, radar, AIS transponders — across a 4-mile stretch with mixed indoor/outdoor buildings. Netcom delivered Catalyst IE outdoor switching, Aruba AP-387 point-to-point, dual-carrier Cradlepoint backhaul. Worst-case QA: final commissioning happened to land in hurricane season, and the first named storm took out the secondary fiber path two days before go-live. The cellular fallback carried the whole perimeter for 38 hours until fiber restored — exactly the failure mode we'd designed for, but exercising it unplanned was tense.

4 mi
perimeter coverage
redundant + hardened
Regional Transit · 220 vehicles

Westside Regional Transit · fleet vehicle networking

Regional transit with 220 buses needed onboard guest Wi-Fi, real-time GPS, and farebox data back to central. Netcom standardized on Cradlepoint R1900 vehicle routers + dual-carrier SIMs + FirstNet + Peplink InControl 2 fleet dashboard. The data economics didn't work first try: initial per-vehicle plans drove a $40K/month carrier bill that blew the operations budget. Renegotiated to a pooled plan across the whole fleet with a shared data bucket, brought spend down 38%, and the transit IT team got alerting on pool burn rate so they could throttle guest Wi-Fi per-route during high-use months.

220
vehicles on unified
networking + dispatch

Pillars that matter most for government

Zero Trust Architecture

Duo MFA, Cisco Secure Access, and microsegmented CJI enclaves with audit-quality logging.

Explore →

Security & Firewall

Cisco Secure Firewall + Umbrella DNS + Splunk logging — all FedRAMP-authorized where needed.

Explore →

Cellular Networking

FirstNet-ready Cradlepoint for public-safety vehicles and fixed-site redundant backhaul.

Explore →

Need a network that passes audit and procurement?

Send us your facility list, your compliance baseline (CJIS, NIST, CMMC), and your contracting vehicle. Within 10 business days you'll get a reference design with control-by-control mapping and a cooperative-contract procurement path.

Request an Architecture Review Back to Infrastructure