Compliance — FedRAMP / SOC 2 / IL5 / CMMC path
Honest checkboxes: NONE of these are certified. These are the pre-work checklists and the gating path. The clean route for most is to deploy inside UDS Core (Keycloak SSO, Istio mTLS) which already targets IL5.
| Framework | State | Blockers | Enabler |
|---|
The Khipu DAG is the audit-trail substrate that makes SOC 2 / FedRAMP AU controls tractable — but it must be stored off-box and tamper-evident first. TLS is inherited from the HF edge today (does not satisfy SC-8/SC-13); a real boundary needs GovCloud / UDS Core.
Source: security_compliance/CURRENT_SECURITY_POSTURE.md