Domain.Posture

Audit evidence

Dated proof for the domain-security questions your audits and reviews keep re-asking.

Every domain answer comes with a signed PDF plus JSON sidecar covering the DNS, email-auth and TLS checks behind it — verifiable offline with the published public key, dated as of the scan, and refreshed on a cadence so it stays current between reviews.

Signed

Ed25519 signature over SHA-256 of PDF plus JSON sidecar. Public key at /.well-known/.

Dated

ISO-8601 UTC scan timestamp on every finding, so each answer reads “verified as of <date>” — and a fresh one lands when you keep it current.

Framework-mapped

Each finding cites SOC 2, ISO 27001, or NIST controls so auditors don't have to translate.

Use cases