Everything you need to know about Ironmark Authoring Suite.
Ironmark supports the following standards out of the box:
New standards can be added through Ironmark's pluggable SDM (Standard Definition Map) system without modifying the core application. Each SDM package includes schemas, XSLT transforms, element definitions, templates, and publishing profiles.
Yes. Each project in Ironmark is associated with a specific standard, but a single installation can host projects across all supported standards simultaneously. You can also link projects across standards using the cross-standard traceability feature — for example, tying an S3000L logistics support analysis to the S4000P preventive maintenance program it justifies, to the S1000D procedural data modules that document each task, to the GEIA-STD-0007 provisioning records that source the parts, and to the MIL-STD-40051 technical manual that references the same content.
Cross-standard traceability lets you group projects from different standards into a program group and trace relationships across the full Integrated Logistics Support (ILS) lifecycle. Typical links include:
Ironmark's auto-discovery engine scans for matching identifiers — part numbers, NSNs, CAGE codes, EIAC / DMC codes, S1000D DMCs, LSA candidate IDs, WP numbers — and creates traced links automatically. Links are bidirectional: click from the procedure back to the analysis that justified it, or from the LPD record forward to every training objective that covers the component. A traceability matrix report provides coverage statistics and confidence scoring (HIGH / MEDIUM / LOW) based on exact-match vs. fuzzy-match of identifiers and descriptions.
Yes. Ironmark supports GEIA-STD-0007C (Logistics Product Data), the current standard that replaced MIL-STD-1388-2B (LSAR) and MIL-PRF-49506. The package includes authoring support for all functional areas: product breakdown (EIAC/LCN), maintenance task analysis, provisioning, support equipment, training, manpower, facilities, and transportation data.
GEIA-STD-0007 data cross-links to S1000D and MIL-STD-40051 technical manuals through the traceability system, and ties through the S-Series ILS suite (S3000L LSA / S4000P PMA / S5000F ISF / S6000T training) when those projects are in the same program group.
Yes. The SDM system accepts XSD, DTD, and RelaxNG schemas. You create a package directory with a manifest, schemas, XSLT transforms, and element definitions, then install it through the admin panel or drop it into the packages directory. No code changes are needed. We also offer custom SDM development as a professional service.
Ironmark is a self-hosted web application. It runs on your own infrastructure — a Linux server, VM, or container — and is accessed through a browser. There is no cloud dependency and no data leaves your network.
The stack is Python (FastAPI) + React, with SQLite for development and MySQL/MariaDB for production. A single-command setup script handles installation, database migration, and admin account creation.
Yes. Ironmark has no external network dependencies once installed. All processing — XML validation, XSLT transforms, PDF generation — happens locally on the server. There are no telemetry, analytics, or license-check callbacks. The application and all its dependencies can be installed from a single offline package.
Minimum: 2 CPU cores, 4 GB RAM, 20 GB disk, Linux (Ubuntu 22.04+ or RHEL 8+). Recommended for teams of 10+: 4 cores, 8 GB RAM. The application is lightweight — the primary resource consumers are Apache FOP (PDF generation) and large XSLT transforms.
Client-side: any modern browser (Chrome, Firefox, Edge, Safari). No plugins or desktop software required.
Ironmark supports local username / password authentication, FIDO2 / WebAuthn security keys (YubiKey, passkeys) for passwordless sign-in, and PKI client certificate authentication via nginx mTLS. The admin panel controls which methods are available on the login page. Users register their security keys in Preferences → Security Keys; discoverable credentials are used so no email is needed at sign-in — just tap the key.
Additional providers (LDAP / Active Directory, OIDC / Azure AD / Okta) are implemented but pending field validation against real customer environments — contact us if you need one of these for an evaluation and we will work through deployment together.
Ironmark implements controls from NIST SP 800-171 Rev 2 that apply at the application layer, including:
Infrastructure-level controls (encryption at rest, network segmentation, etc.) depend on your hosting environment.
Ironmark is designed to process CUI in a self-hosted environment. No data is transmitted to external services. All XML content, graphics, and published output remain on your server. Security classification markings are tracked per document and per project. The controlled copies feature tracks all distributed copies with recipient acknowledgment and automatic expiry.
Ironmark ships with a number of features intended to support users with different visual, motor, and cognitive needs:
We do not currently claim formal Section 508 or WCAG 2.1 conformance. A full third-party accessibility audit and VPAT have not yet been completed. If your procurement process requires a VPAT, please contact us — we can discuss the current state, known gaps, and timeline. We treat accessibility issues raised by users as bugs and address them as we encounter them.
Yes. Each SDM package can include custom XSLT transforms and FOP stylesheet options. You can add multiple output profiles per standard — for example, a customer-facing style and an internal review style. If you have legacy FOSI stylesheets, our open-source fosi2xslt tool can convert them to XSL-FO for use in Ironmark. The conversion is intended as a strong starting point — the resulting XSL will typically need some tuning to match the original output exactly, but it eliminates the bulk of the manual rewrite work.
Yes. Ironmark's PDF output supports PDF/A-1b conformance (ISO 19005-1:2005 Level B) — the archival format commonly required for DoD and MIL-spec deliverables. When PDF/A is enabled on a publish, Ironmark embeds every font used in the document, emits the required XMP metadata, sRGB output intent, and document ID, and suppresses features the standard disallows (transparency, encryption, embedded files, JavaScript). Output is independently validated against the veraPDF reference validator.
Note: PDF/A conformance is a property of a specific published document, not of the tool itself. A source document that relies on features the standard forbids — for example, semi-transparent overlays or fonts that cannot be legally embedded — will be flagged at publish time. For programs that require proof of conformance, we recommend running veraPDF against each production batch as part of your QA gate.
Yes. Ironmark includes an integrated CGM-to-SVG converter (also available as the open-source cgm2svg tool) that handles ATA GREXCHANGE, WebCGM, CALS, and PIP profiles. CGM files are automatically converted for browser display and can be included in published PDF and IETP output. Hotspots, colour tables, and dark-background illustrations are supported.
CGM is a complex binary format with many encoder dialects, and the converter does not yet handle every edge case. Known limitations include: embedded raster cell arrays render as placeholder rectangles (no pixel-level decode), CALS V1 Hershey stroke fonts fall back to system fonts, partial elliptical arcs render as full ellipses, and APS hotspot proximity filtering is tuned for Army TM files and may need adjustment for unusual datasets. The full list lives in the cgm2svg README. We treat conversion failures as bug reports and welcome sample files.
Documents move through configurable workflow states: Draft → Pending Review → Approved (or Rejected). Checkout/checkin prevents concurrent editing conflicts. Reviewers can add inline redline comments with position tracking. QA and admin users can approve or reject with a single click. All state transitions are logged in the audit trail.
Licensing is seat-based (5, 10, or 25 seats — see the pricing guide), so the number of named users is governed by the seats on your license. Within those seats, there is no artificial cap on concurrent sessions — capacity is bounded only by the hardware Ironmark is hosted on. The async Python backend handles concurrent connections efficiently and comfortably supports small-to-mid-sized programs on a modest baseline (4 cores / 8 GB RAM); larger deployments scale with additional CPU and memory. We can advise on sizing based on document volume and authoring patterns once we understand the specific workload.
Yes. The "customer" role is intended for external reviewers who need to view documents and submit redline comments without participating in the authoring workflow. Customer accounts are scoped to specific projects via project membership, so a customer can only see and comment on the projects they have been assigned to. Submitted redlines flow into the QA queue for the authoring team to triage. For external distribution without any login access at all, the controlled copies feature generates tracked, time-limited document packages.
Because Ironmark is self-hosted, how external reviewers reach the system is up to you. Customers typically expose access through their own VPN, reverse proxy, mTLS gateway, bastion host, or other approved network path that fits their existing security policy. Ironmark does not provide or manage the network transport itself.
Ironmark Authoring Suite is licensed per seat on an annual subscription basis. Every license includes the full platform — there are no feature tiers, no per-document fees, and no add-on charges. Volume pricing starts at 5 seats. Academic and evaluation licenses are also available. See the pricing guide for details.
Yes. Our open-source tools (cgm2svg, fosi2xslt) are released under the MIT License. You can use them freely in commercial and government projects with no licensing fees. Commercial support agreements are available if you need guaranteed response times, custom development, or integration assistance.
Your data is yours and it leaves in the same format it arrived — standard, validated XML conforming to whichever standard your project uses (S1000D, MIL-STD-40051, MIL-PRF-63029J, etc.). There is no proprietary format, no export fee, and no conversion required. A full export of your content, graphics, and metadata is available at any time from the admin panel. You can open that content in any compliant authoring tool immediately.
We don't lock you in because we don't need to.
Yes. We provide live demos and can set up a trial instance for evaluation. Contact us at info@ironmark-authoring.com or use the contact form on the main site.
Yes. Ironmark supports bulk import of existing XML documents. For S1000D, CSDB entries are automatically created with full DMC parsing, cross-reference extraction, and ICN (graphic) linking. For MIL-STD-40051, work package numbers and TM numbers are tracked. Validation is run on import so you immediately see any schema or BREX issues.
Straightforward for the data — your XML documents are standard S1000D or 40051 XML and import directly. Stylesheets may need conversion: if you have FOSI formatting, fosi2xslt can convert them to XSL-FO as a starting point (some hand-tuning is usually required to match the original output exactly). Custom Arbortext ACL scripts or Oxygen frameworks don't carry over, but Ironmark's SDM system and element palette cover the same use cases differently. We can assist with migration planning.