VeliKey VeliKey
Login Start Free Trial

Security Controls Map

Control-to-evidence mapping for launch-scope security controls and verification paths.

Methodology

This page maps launch-scope controls to concrete verification evidence and reviewable status labels.

Reproducibility

Reproducibility requires explicit mapping assumptions, command traces, and downloadable CSV evidence outputs.

Known limitations

Limitations are documented in Caveats and consolidated in Known Limitations.

Evidence Freshness

  • Freshness tier: T0
  • Last validated: (UTC).
  • Artifact timestamp: (artifact snapshot date).
  • Validation scope: Control-to-evidence mapping coverage, contract markers, and CSV artifact link checks.
  • Freshness policy: EVIDENCE_FRESHNESS_POLICY.md
  • Stale register: stale-evidence-register.md

Reproducibility Metadata

  • Evidence branch: worker-a/ai-authority-pack-a3-evidence-reproducibility
  • Evidence commit SHA: to-be-stamped-by-ci
  • Evidence date (UTC):

Environment Details

  • Control objectives are mapped against launch-scope Aegis and Axis behavior.
  • Validation relies on API checks, rollout receipts, and telemetry summaries.
  • CSV export format is designed for review in spreadsheet and GRC tools.

Exact Command Lines

cd /Users/greyson/projects/VeliKey/velikey_website
npm run test:links
npx playwright test --project=chromium tests/ui/evidence-reproducibility.spec.ts

Expected Outputs

  • Evidence reproducibility tests confirm CSV artifact link reachability.
  • CSV file contains control ID, control objective, validation evidence path, and status fields.
  • No broken links for evidence pages or artifact references.

Caveats

  • This mapping is an engineering evidence aid and not an external certification statement.
  • Some controls depend on customer-operated infrastructure and cannot be fully validated in static docs.
  • Control status labels should be reviewed per release cycle before external sharing.

Reproduction Steps

  1. Review evidence pages and supporting outputs for each mapped control.
  2. Update CSV rows when control evidence sources or statuses change.
  3. Run validation commands to ensure link integrity and test coverage remain green.

Navigate Evidence

Evidence IndexPrevious: EC2/EKS Deployment ValidationNext: Known Limitations