Runtime Security Evidence
This page tracks deployment-level evidence for transport encryption and encryption at rest.
HTTPS / TLS evidence
- HTTPS redirect enforcement documented at edge/CDN.
- Certificate validity and renewal automation verified.
- HSTS header presence reviewed for production endpoints.
- Periodic endpoint scans confirm no HTTP downgrade paths.
Encryption at rest evidence
- Managed database/storage encryption settings verified.
- Backups and snapshots inherit encryption settings.
- Key management ownership and rotation process documented.
Claim language policy
Security claims must map to current runtime evidence. Absolute wording is avoided unless continuous verification is in place.