Compliance is in the envelope — so the audit is the same every time.
Because the controls live in the envelope (fixed, disclosed) and not the app (variable), Legation generates the same airtight package for every deployment. It consumes Citadel's compliance engine — 31 frameworks mapped, from FedRAMP and DoD IL4/IL5 down through CMMC, NIST 800-171, HIPAA, PCI-DSS v4, SOC 2, ISO 42001 and the EU AI Act. The tier dial sets the hardening floor; the treaty is compiled against your framework. People can't check all the boxes across every framework — Legation already did.
# Legation Audit Package — phi-intake ## 1. Live attestation - Sealed bag verifies against its accreditation key: YES - Signer: c853ad0f0cd2b619… Merkle root: 0d7a7254… ## 2. Envelope-enforced objectives (in scope) 31 frameworks mapped · compiled against the customer's CMMC L2 / NIST 800-171 R2 · families AC·AU·IA·SC·SI … objectives met AICPA SOC 2 · CC6–CC8 ………………………………… objectives met HIPAA Security Rule · §164.312 ………………………… objectives met PCI-DSS v4.0 · Req 3·4·8·10·11 ……………………… objectives met ISO/IEC 42001 · EU GDPR · EU AI Act ………………… objectives met ## 3. Shared responsibility & open items Outside the envelope boundary — physical, personnel, the broader customer environment — remain the customer's responsibility. POA&M (open): FIPS 140-3 module validation · operator PIV/CAC MFA ## 4. Evidence emitted SSP · SPRS score · POA&M · DISA STIG CKL · FedRAMP SSP (800-53) · CycloneDX SBOM ## 5. Technology & cryptography disclosure Data-flow inversion · sealed bag (SHA-384 Merkle, tamper-evident offline verify) · Seneschal 30-check gate Per-task Mandate · active-defense self-sever · dual Recall · metadata-only audit chain CNSA 2.0 SHA-384 · Ed25519 · sealed-box X25519+ChaCha20-Poly1305 · PQ hybrid at Sovereign tier
The same binary that passes in a SCIF runs in your VPC. Dial the tier to Bolt-on or Regulated and a SOC 2, PCI-DSS v4, or HIPAA workload inherits the DoD-grade posture — CNSA 2.0 SHA-384 seal, in-VPC treaty enforcement, dual Recall, metadata-only audit — without the DoD price or program weight. Dial it up to Sovereign for IL5. One product, one dial; the tier sets the floor, not a different stack.
Not a feature you add. A property you can't violate.
| Requirement | The Legation mechanism that enforces it |
|---|---|
| CMMC L2 / NIST 800-171 R2 — AC · AU · IA · SC · SI | Treaty least-privilege (AC/IA) · metadata-only audit chain (AU) · sealed-box + membrane (SC) · active-defense sensors (SI) |
| GDPR Art. 25 — data protection by design | Data-flow inversion: only minimal projections cross; raw personal data never leaves the VPC |
| GDPR Art. 44 — transfer / residency | Residency by construction — the data physically never leaves the customer boundary |
| HIPAA 164.312(b) — audit controls | Append-only, metadata-only audit chain (no PHI, keys, or payloads — by construction) |
| PCI Req 11 — test security regularly | QA-in-VPC: the harness runs in the VPC; only the pass/fail verdict crosses |
| EU AI Act Art. 14 — human oversight | Dual Recall — a human kill switch the operator cannot override |
| ISO 42001 — AI management system | The treaty + Seneschal gate + autonomy ceiling are the enforced AIMS |
| SOC 2 CC6.7 — restrict info in transit | Sealed-to-destination box; the routing hub holds no key and cannot read it |
Airtight — and precise enough to survive a skeptical auditor.
Legation makes any app's deployment, data boundary, control, and auditability airtight, and bounds its blast radius hard: it can't exfiltrate, can't exceed the treaty, is instantly killable, and leaves only metadata. It contains and governs a bad app — it does not claim to fix bugs inside the app's own authorized processing. Containment, governance, and provable boundary compliance is exactly what the enterprise is buying.