Identity and scope
Title, pack identity, a short scope statement, and reviewer context.
TRUST LAYERAligned: 2026-03-14
Public proof previews for EPI Rail
This page exposes curated public previews derived from real EPI Rail artifacts. The complete reviewer pack remains intact for internal or customer-delivery use, but it is no longer the default public proof surface.
The public sees the cover, reviewer summary, verification posture, representative controls, representative gaps, and sampled artifact blocks. The full mapping, full evidence trace, and raw outputs remain in the complete pack.
What a public preview includes
Posture and verification
Verify status, sealed-artifact posture, and a control summary, without dumping the full raw files.
Representative sample
2-3 controls and 2-3 gaps extracted from the real output to demonstrate the review shape.
Public boundary
The full control matrix, full evidence trace, full run log, and raw pack.zip are no longer the default public surfaces.
Public library previews
Each library page is now a public-safe preview wrapper over the real pack. The values below are derived from the current artifacts, not authored separately.
Vendor Security
vendor_securityCIS Controls v8 family-level mapping
Posture
Verified structure
Visible gaps
80
Total controls
80
Sealed artifacts
6
An evidence-first pack for third-party and supplier security review, built to show baseline control posture without relying on sales claims.
ISO 27001 Readiness
iso_27001ISO/IEC 27001:2022 Annex A references
Posture
Verified structure
Visible gaps
93
Total controls
93
Sealed artifacts
6
A readiness-oriented evidence pack mapped to ISO/IEC 27001:2022 Annex A references, designed for teams that need a concrete baseline before formal audit work.
SOC 2 Readiness
soc_2AICPA TSC CC1-CC9 spine
Posture
Verified structure
Visible gaps
100
Total controls
100
Sealed artifacts
6
A readiness pack for organisations that need to show disciplined trust-service control evidence before any formal SOC examination.
NIST CSF Readiness
nist_csfNIST CSF 1.1 subcategory IDs
Posture
Verified structure
Visible gaps
80
Total controls
80
Sealed artifacts
6
A cross-functional readiness pack aligned to NIST CSF 1.1 style categories, built for teams that need an inspectable security-baseline narrative rather than a generic maturity slide.
DFIR Incident Response
dfirDFIR lifecycle phases + NIST RS/RC crosswalk
Posture
Verified structure
Visible gaps
84
Total controls
84
Sealed artifacts
6
A readiness pack for incident response and recovery review, focused on whether evidence exists for disciplined response rather than whether a team can improvise under stress.
Canonical reference preview
This is the public-safe model we use to show the shape of a reviewer artifact without exposing the full pack.
Public alignment
2026-03-14
Civitas public proof preview
Public excerpt derived from a real reviewer pack
Cover, summary, verification posture, representative controls, and representative gaps extracted from the real output.
Pack ID: PACK-001
Library: Vendor Security
Public source: Canonical public specimen
Verification: OK
Controls
80
Gaps
80
Claims
2
Sealed artifacts
6
Representative controls
| ID | Objective | Status |
|---|---|---|
| VS-001 | Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | gap |
| VS-002 | Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence. | gap |
| VS-003 | Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | gap |
Representative gaps
VS-010
gapVendor Security Control 010
Severity 5; 3 evidence expectations are missing in the current public sample.
VS-030
gapVendor Security Control 030
Severity 5; 3 evidence expectations are missing in the current public sample.
VS-045
gapVendor Security Control 045
Severity 5; 3 evidence expectations are missing in the current public sample.
Decision preview
The public surface shows the cover, summary, and reviewer posture. The complete DecisionPack.html and PDF remain in the full pack context.
Integrity posture
Verifier OK: yes; 15 checked entries; 6 sealed artifacts.
The public preview is aligned to the canonical March 2026 state; raw specimen metadata is intentionally hidden on the public surface.
Boundary note
The full reviewer pack contains the complete control mapping, full evidence trace, and final outputs. Those are not exposed by default on the public surface.
What remains in the full reviewer pack
The real artifacts remain unchanged for the internal workflow and customer delivery. They are summarized here, not exposed as the default public surface.
DecisionPack.html
Browser-readable decision surface for reviewer inspection.
Full reviewer pack / customer delivery
DecisionPack.pdf
Print-ready decision pack for procurement, audit, and leadership review.
Full reviewer pack / customer delivery
DecisionPack.manifest.json
Artifact manifest and pack metadata for traceability.
Full reviewer pack / customer delivery
DecisionPack.seal.json
Deterministic seal metadata for integrity review.
Full reviewer pack / customer delivery
pack.zip
Pack archive delivered for local inspection and replay.
Full reviewer pack / customer delivery
verify.json
Verifier output expected to resolve to a passing state on a valid public pack.
Full reviewer pack / customer delivery
SHA256.txt
Checksums for reviewer-side integrity confirmation.
Full reviewer pack / customer delivery
Verification remains real
The public preview does not remove verification; it only stops making pack.zip, verify.json, and SHA256.txt the first experience for a cold public audience. Local verification remains anchored in the full pack and customer-delivery workflow.