Security & Compliance Pack
A concise, procurement-ready package that answers security questionnaires, explains your deployment and crypto posture, and documents verification steps.
What's inside the pack
Designed to accelerate security reviews and procurement due diligence without back-and-forth email threads.
Security questionnaire responses
SIG/CAIQ-style answers covering data flow, access controls, and operational posture.
Architecture + data flow
Self-hosted deployment model, component boundaries, and evidence storage details.
Crypto & key management
Supported crypto profiles, signing chains, key custody options, and HSM guidance.
Logging, retention, and privacy
Audit log scope, retention windows, and telemetry defaults.
Coverage highlights
Self-hosted architecture
Runs fully inside your boundary, with no mandatory external services.
Evidence integrity
Decision Capsules, DSSE signatures, and deterministic replay guidance.
Compliance posture
SBOM/VEX evidence and offline verification for regulated environments.
Verification artifacts included
The pack references the same signed artifacts you can validate locally.
Artifact Digest
SHA-256 content address
SBOM Snapshot
CycloneDX 1.7 / SPDX 3.0
Reachability Evidence
Graph + edge attestations
VEX State
Lattice-resolved verdict
Policy Version
Content-addressed Rego/DSL
Approvals
Signed approval records
Need a live walkthrough? We can review the pack and your requirements together.
Request the Security Pack
Share your requirements and we will send the latest security pack and verification references.
Prefer email? Contact sales@stella-ops.org.