Trust center
The identity behind every signed package.
Every evidence package ControlFrame produces is signed with the key below. Pin this fingerprint, verify any package against it, and you never have to take a dashboard's word for anything.
Active signing identity
Algorithm
ed25519
Public key fingerprint
0b34d07b53cddbff
Key ID
d85abdc5595bcd3e
Public key (SPKI PEM)
-----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAPl4qEShMQc5qbcfdgmvTcpiDrFRL9OtGF/lpKYHkfC4= -----END PUBLIC KEY-----
SOC 2
4 controls attested
CC8.1
Changes are authorized, tested, and approved
AICPA Trust Services Criteria CC8.1
CC7.1
Vulnerabilities are detected and monitored
AICPA Trust Services Criteria CC7.1
CC7.2
Anomalies and security events are monitored
AICPA Trust Services Criteria CC7.2
CC2.3
Security commitments are communicated externally
AICPA Trust Services Criteria CC2.3
NIST 800-53
4 controls attested
CM-3
Configuration Change Control
NIST SP 800-53 Rev. 5 CM-3
SA-11
Developer Testing and Evaluation
NIST SP 800-53 Rev. 5 SA-11
RA-5
Vulnerability Monitoring and Scanning
NIST SP 800-53 Rev. 5 RA-5
SI-2
Flaw Remediation
NIST SP 800-53 Rev. 5 SI-2
HIPAA Security
3 controls attested
164.308(a)(1)
Security Management Process
45 CFR § 164.308(a)(1)
164.312(c)(1)
Integrity Controls
45 CFR § 164.312(c)(1)
164.308(a)(8)
Evaluation
45 CFR § 164.308(a)(8)
Verify any package yourself
- 1Re-hash every file in the package with SHA-256.
- 2Confirm each hash matches artifact-manifest.json.
- 3Re-derive the prev_hash chain end to end.
- 4Ed25519-verify package-signature.json over the canonical manifest bytes.