GotHawk Solutions LLC

Pennsylvania Vendor Credentials — AI Governance & Compliance Technology
Commonwealth Registered Vendor
Vendor No. 0000569874
BDISBO Certified · Dillsburg, PA 17019
Company Overview

GotHawk Solutions LLC is a Pennsylvania BDISBO self-certified Small Business and Micro Business providing AI governance technology to Commonwealth agencies, county governments, municipal entities, and Pennsylvania-based contractors. PromptFrame is a unified platform covering the full AI governance lifecycle — Design-Time (DT) scores AI system prompts across 10 governance dimensions and auto-generates complete ATO artifact packages; Runtime (RT) sits inline with LLM and agentic toolchains, blocking unauthorized tool calls before execution and logging every gate decision as a cryptographically signed audit record. All 10 DT dimensions map to Pennsylvania Executive Order 2023-19 Section 3 core values. Runtime (RT) maps independently to §3(i) Safety and Security, §3(g) Privacy, §3(j) Transparency, and §3(a) Accuracy. Fully self-hosted — deployed as a Docker container stack on your infrastructure. No data leaves your environment. No external API calls.

As Pennsylvania advances HB 95, HB 2314, and HR 425, agencies deploying AI need documented compliance postures with verbatim regulatory citations. PromptFrame delivers that evidence — deterministic, tamper-evident, and ready for agency oversight, legal review, or public accountability requirements.

Commonwealth Commodity Codes
Code Description
43230000 Software — IT and Networking
80100000 Management and Business Consulting Services
81111800 Computer or Network or Internet Security
84110000 Education and Training Services
PA EO 2023-19 Regulatory Alignment — Design-Time (DT)
PromptFrame DT Dimension PA EO 2023-19 Core Value EO Section
Identity Clarity Transparency EO 2023-19 §3(j)
Scope Boundaries Mission Aligned · Proportionality §3(f) §3(h)
Data Handling Disclosure Privacy · Transparency §3(g) §3(j)
Bias & Fairness Controls Equity and Fairness §3(d)
Human Oversight Mechanism Safety and Security · Employee Empowerment §3(i) §3(c)
Refusal & Constraint Enforcement Safety and Security §3(i)
Transparency & Explainability Transparency §3(j)
Tool Coverage & Capability Declaration Accuracy · Proportionality §3(a) §3(h)
Agent Loop Controls Safety and Security §3(i)
Incident & Escalation Pathway Safety and Security §3(i)

All 10 DT dimensions map to PA EO 2023-19 Section 3 core values. Citations reference the Governor's Executive Order of September 20, 2023 directly — not implementing regulations.

PA EO 2023-19 Regulatory Alignment — Runtime (RT)
PromptFrame RT Capability PA EO 2023-19 Core Value EO Section
Unauthorized tool call blocking (pre-execution) Safety and Security §3(i)
Scope boundary enforcement Mission Aligned · Safety and Security §3(f) §3(i)
Data exfiltration attempt blocking Privacy · Safety and Security §3(g) §3(i)
Cryptographically signed gate decision log Transparency · Accuracy §3(j) §3(a)
Real-time anomaly promotion to DT Safety and Security · Adaptability §3(i) §3(b)

RT enforcement maps most directly to §3(i) Safety and Security — the EO's requirement that agencies safeguard data against unauthorized uses and intrusions. RT blocks unauthorized AI tool calls before execution, satisfying this requirement at the operational layer.

Core Capabilities
Design-Time (DT) — Governance Scoring & ATO Artifacts
Deterministic 10-dimension scoring of AI system prompts — no LLM in the scoring path, same input always produces same output. Auto-generates per assessment: SSP narratives, NIST SP 800-53 crosswalk, POA&M (FedRAMP format), GSAR 552.239-7001 (proposed) checklist, SPRS export, remediation report, and executive summary. All SHA-256 integrity-protected. Aligned to PA EO 2023-19, NIST AI RMF, EO 14179, OMB M-25-21/22, and OMB M-26-04.
Runtime (RT) — Inline Enforcement Gate
Inline enforcement for LLM and agentic toolchains. Blocks unauthorized tool calls before execution. Logs every gate decision as a cryptographically signed audit record. Four categories: tool authorization, scope boundary, data exfiltration attempt, privilege escalation. Anomalies promoted to DT in real time.
Shadow AI & Foreign AI Detection
Workspace scanner identifies installed AI tools, browser extensions, environment variables, and network contacts with foreign-origin AI endpoints (DeepSeek, Mistral, etc.) flagged per EO 14179. HMAC-signed scan report produced as a standalone artifact.
Agency Advisory & Teaming
Fixed-scope engagements for agencies conducting pre-deployment AI risk assessments under PA EO 2023-19 §5 and OMB M-25-21 §3. Self-hosted deployment — no data leaves your environment. Contact for deployment documentation and a capabilities briefing.
Deployment & Engagement
PromptFrame is deployed as a self-hosted container stack on your infrastructure. GotHawk provides signed Docker container images, deployment documentation, and configuration guidance for your environment. No data leaves your network — ever. Compatible with air-gapped networks and CUI environments. FIPS 140-3 capable (Red Hat UBI 9).

Engagements available through the PA Suppliers Portal (Vendor No. 0000569874) or via direct award under applicable thresholds. Contact to discuss your deployment and receive a capabilities briefing: williams@gothawksolutionsllc.com  ·  717-489-9585