Runtime Security Evidence

This page tracks deployment-level evidence for transport encryption and encryption at rest.

HTTPS / TLS evidence

  • HTTPS redirect enforcement documented at edge/CDN.
  • Certificate validity and renewal automation verified.
  • HSTS header presence reviewed for production endpoints.
  • Periodic endpoint scans confirm no HTTP downgrade paths.

Encryption at rest evidence

  • Managed database/storage encryption settings verified.
  • Backups and snapshots inherit encryption settings.
  • Key management ownership and rotation process documented.

Claim language policy

Security claims must map to current runtime evidence. Absolute wording is avoided unless continuous verification is in place.