SENTRYGRID — TRUST CENTER

OSCAL 1.1.3 evidence, continuously emitted

The platform's compliance posture is published here, machine-readable for federal evaluators and automated package reviewers. The artifacts below are the demo profile output — the production federal posture (FedRAMP Moderate baseline) ships as part of customer engagements.

Demo profile disclosure. This trust center serves the demo deployment, which uses sample data only and the magic-link sandbox auth flow. The production posture is documented at infra/helm/sentrygrid/values.govcloud.yaml and is preserved unchanged. The demo profile is not a FedRAMP-authorized environment.

Artifacts

System Security Plan (SSP)OSCAL 1.1.3 SSP. NIST SP 800-53 Rev 5 control mapping for the platform.
Component definitionPer-component control implementation, traceable to source files.
POA&MPlan of Action and Milestones — open items and remediation schedule.
KSI history61 FedRAMP Moderate Key Security Indicators, Cosign-signed, with emission history.
Audit chain integrityIndependent verification page for the hash-chained audit log.
Threat modelSTRIDE threat model — 11 components × 6 STRIDE = 66 row matrix; 8 trust boundaries.

For OAuth-protected production access

The trust-center API is OAuth 2.0 client-credentials gated. Federal evaluators with credentials can hit the production trust center directly; see the OAuth credential request page.

Rate-limited per IP. Abusive traffic is dropped at the front door.