SENTRYGRID — TRUST CENTER

OSCAL 1.1.3 evidence, continuously emitted

The platform's compliance posture is published here, machine-readable for federal evaluators and automated package reviewers. The artifacts below are the demo profile output — the production federal posture (FedRAMP Moderate baseline) ships as part of customer engagements.

Demo profile disclosure. This trust center serves the demo deployment, which uses sample data only and the magic-link sandbox auth flow. The production posture is documented at infra/helm/sentrygrid/values.govcloud.yaml and is preserved unchanged from Sprint 6. The demo profile is not a FedRAMP-authorized environment.

Artifacts

  • System Security Plan (SSP)

    OSCAL 1.1.3 SSP. NIST SP 800-53 Rev 5 control mapping for the platform.

  • Component definition

    Per-component control implementation, traceable to source files.

  • POA&M

    Plan of Action and Milestones — open items and remediation schedule.

  • KSI history

    61 FedRAMP Moderate Key Security Indicators, Cosign-signed, with emission history.

  • Audit chain integrity

    Independent verification page for the hash-chained audit log.

  • Threat model

    STRIDE threat model — 11 components × 6 STRIDE = 66 row matrix; 8 trust boundaries.

For OAuth-protected production access

The Sprint 5 trust-center API is OAuth 2.0 client-credentials gated. Federal evaluators with credentials can hit the production trust center directly; see the OAuth credential request page.

Rate-limited per IP. Abusive traffic is dropped at the front door.