CIVITAS

Proof layer

Public proof previews for evidence packs.

Curated previews show the cover, reviewer summary, verification posture, representative controls, representative gaps, and sampled artifact blocks. Full mappings and raw outputs remain in the complete pack.

What a public preview includes

Identity and scope

Title, pack identity, a short scope statement, and reviewer context.

Posture and verification

Verify status, sealed-artifact posture, and a control summary, without dumping the full raw files.

Representative sample

2-3 controls and 2-3 gaps extracted from the real output to demonstrate the review shape.

Public boundary

The full control matrix, full evidence trace, full run log, and raw pack.zip are no longer the default public surfaces.

Public library previews

Each library page is a public-safe preview over a generated synthetic specimen. The values below are derived from the retained specimen artifacts, not authored separately.

Open pack registry

Vendor Security

vendor_security

CIS Controls v8 family-level mapping

Posture
Verified structure
Visible gaps
80
Total controls
80
Sealed artifacts
6

An evidence-first pack for third-party and supplier security review, built to show baseline control posture without relying on sales claims.

ISO 27001 Readiness

iso_27001

ISO/IEC 27001:2022 Annex A references

Posture
Verified structure
Visible gaps
93
Total controls
93
Sealed artifacts
6

A readiness-oriented evidence pack mapped to ISO/IEC 27001:2022 Annex A references, designed for teams that need a concrete baseline before formal audit work.

SOC 2 Readiness

soc_2

AICPA TSC CC1-CC9 spine

Posture
Verified structure
Visible gaps
100
Total controls
100
Sealed artifacts
6

A readiness pack for organisations that need to show disciplined trust-service control evidence before any formal SOC examination.

NIST CSF Readiness

nist_csf

NIST CSF 1.1 subcategory IDs

Posture
Verified structure
Visible gaps
80
Total controls
80
Sealed artifacts
6

A cross-functional readiness pack aligned to NIST CSF 1.1 style categories, built for teams that need an inspectable security-baseline narrative rather than a generic maturity slide.

DFIR Incident Response

dfir

DFIR lifecycle phases + NIST RS/RC crosswalk

Posture
Verified structure
Visible gaps
84
Total controls
84
Sealed artifacts
6

A readiness pack for incident response and recovery review, focused on whether evidence exists for disciplined response rather than whether a team can improvise under stress.

Canonical reference preview

This is the public-safe model we use to show the shape of a reviewer artifact without exposing the full pack.

Public alignment
2026-03-14

Civitas public proof preview

Public excerpt derived from a synthetic reviewer specimen

Cover, summary, verification posture, representative controls, and representative gaps extracted from the real output.

Pack ID: PACK-001
Library: Vendor Security
Public source: Canonical public specimen
Verification: OK
Controls
80
Gaps
80
Claims
2
Sealed artifacts
6

Representative controls

IDObjectiveStatus
VS-001Ensure Vendor Security control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.gap
VS-002Ensure Vendor Security control coverage for PRIVILEGED/REVIEW/ACCESS with documented ownership and operating cadence.gap
VS-003Ensure Vendor Security control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.gap

Representative gaps

VS-010
gap
Vendor Security Control 010

Severity 5; 3 evidence expectations are missing in the current public sample.

VS-030
gap
Vendor Security Control 030

Severity 5; 3 evidence expectations are missing in the current public sample.

VS-045
gap
Vendor Security Control 045

Severity 5; 3 evidence expectations are missing in the current public sample.

Decision preview

The public surface shows the cover, summary, and reviewer posture. The complete DecisionPack.html and PDF remain in the full pack context.

Integrity posture

Verifier OK: yes; 15 checked entries; 6 sealed artifacts.

The public preview is aligned to the canonical March 2026 state; raw specimen metadata is intentionally hidden on the public surface.

Boundary note

The full reviewer pack contains the complete control mapping, full evidence trace, and final outputs. Those are not exposed by default on the public surface.

What remains in the full reviewer pack

The retained specimen artifacts remain unchanged for internal verification and delivery rehearsal. They are summarized here, not exposed as the default public surface.

DecisionPack.html

Browser-readable decision surface for reviewer inspection.

Full specimen / controlled rehearsal

DecisionPack.pdf

Print-ready decision pack for procurement, audit, and leadership review.

Full specimen / controlled rehearsal

DecisionPack.manifest.json

Artifact manifest and pack metadata for traceability.

Full specimen / controlled rehearsal

DecisionPack.seal.json

Deterministic seal metadata for integrity review.

Full specimen / controlled rehearsal

pack.zip

Pack archive delivered for local inspection and replay.

Full specimen / controlled rehearsal

verify.json

Verifier output expected to resolve to a passing state on a valid public pack.

Full specimen / controlled rehearsal

SHA256.txt

Checksums for reviewer-side integrity confirmation.

Full specimen / controlled rehearsal

Verification remains real

The public preview does not remove verification; it only stops making pack.zip, verify.json, and SHA256.txt the first experience for a cold public audience. Local verification remains anchored in the full pack and customer-delivery workflow.