DFIR-005
gapPreparation readiness control 05
Severity 5; 3 evidence expectations are missing in the current public sample.
PUBLIC PREVIEWdfirAligned: 2026-03-14
DFIR Incident Response
A readiness pack for incident response and recovery review, focused on whether evidence exists for disciplined response rather than whether a team can improvise under stress.
This page is a public-safe wrapper over the real artifacts. It shows the review shape and posture of the current pack without making the full pack the default public surface.
Who it is for
- Teams strengthening incident-readiness before customer diligence, tabletop work, or external scrutiny.
- Technical reviewers assessing response governance, escalation, recovery, and evidence handling.
- Operators who need a deterministic pack for discussing response readiness with leadership or buyers.
Civitas preview document
DFIR Incident Response
Public preview derived from the real pack. Includes the reviewer summary, representative controls, representative gaps, and artifact posture.
Pack ID: PACK-001
Public alignment: 2026-03-14
Public source: Canonical public specimen
Verification: OK
Total controls
84
Visible gaps
84
Claims
2
Verifier
15
Reviewer summary
The artifact structure is verified, but the current sample remains gap-heavy: 84 of 84 controls are marked as gaps in the current public output.
The declared in-scope statement is "Vendor security control assessment", and the declared out-of-scope statement is "Penetration testing and red teaming". This is a public preview, not the full control matrix.
Current posture
Verified structure
Public context: Curated preview over the real artifacts
Boundary: Full pack retained for customer delivery
Sealed artifacts: 6
Verify model: Local confirmation of the complete pack
Representative controls
| ID | Objective | Severity | Status |
|---|---|---|---|
| DFIR-001 | Ensure Preparation procedures are documented, exercised, and reproducible for incident response readiness. | 1 | gap |
| DFIR-002 | Ensure Preparation procedures are documented, exercised, and reproducible for incident response readiness. | 2 | gap |
| DFIR-003 | Ensure Preparation procedures are documented, exercised, and reproducible for incident response readiness. | 3 | gap |
Representative gaps
DFIR-010
gapPreparation readiness control 10
Severity 5; 3 evidence expectations are missing in the current public sample.
DFIR-019
gapDetectionAnalysis readiness control 05
Severity 5; 3 evidence expectations are missing in the current public sample.
Sample artifact block
Decision preview
The complete HTML/PDF exists in the real pack. Here we expose only the cover, summary, and reviewer posture.
Integrity and verification
Verifier OK: yes; 15 checked entries; 6 sealed artifacts.
Public boundary
The complete control matrix, full evidence trace, full run log, and raw pack.zip remain in internal or customer-delivery context.
What it helps produce
- A proof set covering incident preparation, escalation, containment, recovery, and lessons-learned readiness.
- A reviewer-visible artifact trail around response controls, evidence handling, and operational follow-through.
- A deterministic baseline for discussing response maturity without overstating operational capability.
What it covers at a high level
- Preparation, detection intake, triage, escalation, containment, and recovery readiness themes.
- Forensic collection discipline, communications, lessons-learned, and recovery checklist evidence.
- Control and evidence paths suited to response-focused buyer or auditor review.
What it does not claim
- Live incident response services, breach determination, or external forensic opinion.
- A replacement for legal counsel, crisis communications, or a contracted DFIR retainer.
Full artifacts in customer delivery
DecisionPack.html
Browser-readable decision surface for reviewer inspection.
DecisionPack.pdf
Print-ready decision pack for procurement, audit, and leadership review.
DecisionPack.manifest.json
Artifact manifest and pack metadata for traceability.
DecisionPack.seal.json
Deterministic seal metadata for integrity review.
pack.zip
Pack archive delivered for local inspection and replay.
verify.json
Verifier output expected to resolve to a passing state on a valid public pack.
SHA256.txt
Checksums for reviewer-side integrity confirmation.
Those artifacts remain real and unchanged. The difference is only public exposure: the preview is default, not the full dump.
Relevant next steps
The public preview demonstrates the real product shape. The complete pack, full mapping, and full delivery remain available in customer-delivery or controlled demo context.