← Back to Home

Zero-Trust Security Architecture & Compliance Roadmap

ISS LLC / SecureAssure Platform Security Documentation | CMMC 2.0 Level 2 | FedRAMP Moderate | NIST CSF 2.0 | Last Updated: March 2026

1. Encryption Posture

Data in Transit LIVE

All communications use TLS 1.2+ via HTTPS. WebSocket connections (Socket.IO) are encrypted over WSS. No plaintext HTTP connections accepted in production.

Data at Rest LIVE

PostgreSQL database encrypted at storage layer. Client-side data stored in localStorage with application-level ECDSA P-256 signatures via Web Crypto API for integrity verification.

Key Management LIVE

Per-user ECDSA P-256 keypairs generated locally using Web Crypto API. Private keys never leave the device. Public key hashes registered server-side for identity verification.

2. Threat Model

Attack Surface Analysis

Vector	Threat	Mitigation	Status
API Endpoints	Injection, abuse, DDoS	Input validation (Zod schemas), IP-based rate limiting (10 req/hr for reports, 30/hr for reputation), request size limits	LIVE
Community Reports	False reports, spam, coordinated manipulation	Trust scoring, community voting, auto-flagging (3+ downvotes at 3:1 ratio), IP tracking, rate limiting	LIVE
Client-Side Data	localStorage tampering, XSS	CSP headers, crypto-signed data integrity checks, no inline script execution, input sanitization	LIVE
WebSocket	Message spoofing, session hijack	WSS encryption, session-bound Socket.IO with reconnection tokens, server-side message validation	LIVE
File Uploads	Malware, oversized files	Type validation (60+ allowed types), size limits, filename sanitization, server-side MIME checking	LIVE
Authentication	Credential stuffing, brute force	Bcrypt password hashing, rate-limited login attempts, Stripe-integrated session management	LIVE

3. Zero-Trust Role-Based Access Control (RBAC)

Architecture

The platform implements zero-trust, multi-tier access control aligned with NIST SP 800-207 Zero Trust Architecture and CMMC 2.0 Level 2 requirements:

Role	Access Level	Capabilities
Public User	Free Tier	Core safety features, community reporting, basic monitoring
Pro User	Subscription	Tracker detection, deep scan, advanced analytics, travel safety
Enterprise Operator	Organization	ATLAS platform access, multi-user coordination, mission profiles, federal data feeds
Mission Commander	Profile-Based	Role-filtered dashboards (Emergency Manager, SAR Lead, Cyber Analyst, Field Engineer)
Defense Operator	Access-Gated	Defense modules require explicit access code authentication; separated from civilian capabilities

Defense capabilities are firewalled behind zero-trust access gate. Civilian users never see defense-related modules, terminology, or data. MOSA-compliant separation enforced at the application layer. CMMC 2.0 Level 2 compliant access controls with mission-based cyber risk assessment (DoWM 5000.103).

4. Audit Logging

Immutable Event Tracking

All security-relevant actions are recorded in an append-only audit log stored in PostgreSQL:

Community report submissions (type, severity, IP)
Panic event activations (event ID, coordinates)
Reputation checks and reports (phone, URL, text analysis)
Trust verification registrations and lookups
Data exports and administrative actions
Authentication events and session management

Audit logs include: timestamp, actor identifier, action type, resource affected, request details, and source IP address. Logs are queryable via API with pagination and filtering support.

5. Data Retention Policy

Data Type	Retention	Purge Method
Community safety reports	365 days	Auto-archive after expiry, manual purge on request
Panic events	365 days	Immutable for investigation period, then archived
Audit logs	730 days (2 years)	Append-only, no modification permitted
Session/analytics data	90 days	Rolling window, aggregated then purged
Client-side localStorage	User-controlled	Data Ownership Dashboard provides one-click purge
Reputation database	180 days per entry	Crowd-sourced data refreshed continuously
Uploaded files/media	30 days or session	Auto-cleanup on session end or TTL expiry

6. SOC 2 Readiness & Compliance Framework Roadmap

Trust Service Criteria: Security IN PROGRESS

TLS encryption, input validation, rate limiting, RBAC, audit logging, vulnerability scanning pipeline.

Trust Service Criteria: Availability IN PROGRESS

DDIL-capable (Denied, Disrupted, Intermittent, Limited) PWA architecture, service worker caching, multi-CDN static hosting, health monitoring endpoints. Full mission functionality in contested environments.

Trust Service Criteria: Confidentiality PLANNED

Data classification framework, encryption key rotation, DLP controls, access review procedures.

Trust Service Criteria: Processing Integrity PLANNED

Input validation pipeline, data quality checks, error handling with client error reporting, reconciliation procedures.

Trust Service Criteria: Privacy IN PROGRESS

Privacy impact assessment, consent management, data minimization, user-controlled data export and purge.

7. Disaster Recovery Architecture

Recovery Objectives

Metric	Target	Strategy
RTO (Recovery Time Objective)	< 4 hours	Automated redeployment from version control, database point-in-time recovery
RPO (Recovery Point Objective)	< 1 hour	Continuous PostgreSQL WAL archiving, real-time backup
DDIL Resilience	Indefinite	DDIL-capable PWA service worker caches core functionality. Full mission operations in denied, disrupted, intermittent, limited environments

The DDIL-capable architecture ensures critical safety features (panic button, SafeWalk, tracker detection, cached maps) remain mission-assured during server downtime and in contested environments. Data queued offline syncs automatically on reconnection with zero-trust integrity verification.

8. Penetration Testing Plan

Annual third-party penetration testing by CREST/OSCP-certified assessors
Continuous automated vulnerability scanning (OWASP ZAP, Snyk)
Responsible disclosure program for security researchers
Internal red team exercises on API endpoints, WebSocket, and file upload vectors
Remediation SLA: Critical (24h), High (72h), Medium (14d), Low (30d)

9. Classification Boundary Statement

Civilian Mode (Default): All platform content, data, and capabilities are UNCLASSIFIED and suitable for public use. No controlled unclassified information (CUI), no export-controlled data, no classified material. Federal data feeds (NASA, FEMA, USGS, NOAA, CISA) are all public APIs.

Defense Mode (Zero-Trust Access-Gated): When defense capabilities are activated via zero-trust access gate, the platform operates at UNCLASSIFIED // FOR OFFICIAL USE ONLY level. MOSA-compliant, JADC2-aligned architecture. CMMC 2.0 Level 2 compliant. Mission-based cyber risk assessment (DoWM 5000.103). No classified data processed, stored, or transmitted. Operational use requires organizational deployment with appropriate security controls.

10. Performance Benchmarks

Metric	Target	Measured
Initial Page Load (PWA)	< 3s on 3G	~2.1s (cached), ~3.4s (first load)
WebSocket Connection	< 500ms	~120ms (domestic), ~400ms (international)
Federal Data Feed Latency	< 5s per source	~1-3s (NASA, USGS, NOAA), ~2-5s (FEMA, CISA)
Offline Cache Size	< 50MB	~12MB core + map tiles variable
Concurrent Users (Socket.IO)	100+ per room	Tested to 50 concurrent; horizontal scaling via Redis adapter planned
Audit Log Write	< 50ms	~8ms average (async, non-blocking)

11. Deployment Tiers

Tier 1: Cloud PWA LIVE

Browser-based deployment via Replit/cloud hosting. No installation required. Suitable for evaluation, training, and civilian operations.

Tier 2: On-Premise Server PLANNED

Self-hosted Node.js + PostgreSQL on organizational infrastructure. Full data sovereignty. Air-gapped network compatible.

Tier 3: Containerized ROADMAP

Docker/Kubernetes deployment for elastic scaling. Helm charts for automated provisioning. STIG-hardened base images.

BRIEF CHEATSHEET

TF DAGGER · ONE FIGHT · 9 STEPS

UNCLASSIFIED // FOR OFFICIAL USE ONLY

Greg Funk Teams brief · 29 APR 2026 1000 EDT · ISS LLC / Dr. Terry Flood / CAGE 9VKK3

OPENING (30 sec)

"One fight, one screen. TF DAGGER, hostile UAS swarm bearing 270, 22km. PTDS-1 has it. ALPHA-1 through 8 are airborne, BRAVO-6 is C-RAM, CHARLIE-1 is on shore, LOG-1 is the tail. I'm going to walk you the kill chain end to end — sensor to shooter to BDA — in nine steps."

THE 9 STEPS · CLICK EACH

1. DETECT — Swarm C2

"PTDS-1 picks up 4 hostile UAS. ALPHA-1..8 receive cue at H+0."

2. CLASSIFY — CRAM Dashboard

"BRAVO-6 confirms hostile UAS, declares THREATCON RED at H+1."

3. FUSE — DoD Common Op Picture

"All four domains on one screen. Land/air/sea/cyber. No swivel-chair."

4. EXTEND — Maritime Domain

"CHARLIE-1 sees the surface threat. AIS + radar + visual cross-cue."

5. PRIORITIZE — Commander Dashboard

"Critical/High/Med/Low live counts. Commander sees the queue."

6. ASSESS — DIME-PMESII

"Operational Environment overlay. Diplomatic / Info / Mil / Econ options."

7. LOCATE — Peer Geolocation

"GPS-denied. Multi-node TDOA. Covariance ellipse on the map."

8. DECIDE — Intel Fusion

"AI never authors lethal numbers. Human-in-loop for every kinetic call."

9. ACT + BDA — Brief Runbook (full script)

"LOG-1 closes the loop. BDA back to PTDS-1. One fight, one screen."

SLIDE QUICK-JUMP · DEFENSE BRIEFING DECK

Echelon Break — Strategic / Op / Tactical / Edge

Navy / USMC — EABO, Stand-In Force, POSEIDON

Army — ADOC complement, BCT-down, ATAK

Air Force — ABMS, ACE, AOC-edge node

Space Force — SDA, LEO-PNT, Spectrum/EW

Firestorm Labs — xCell + Tempest + Swarm C2

Link 16 / J-Series / COMSEC posture (plain English)

This Week · What's Done / In Flight / On Deck

Single source of truth post-Greg-Funk brief. POC targets (Jaded Thunder Visceral, Booz Allen, EUD) tracked here, not as sales slides.

IF ASKED: LINK 16 / COMSEC — PLAIN ENGLISH

If you only remember one line:
"We don’t transmit on Link 16, and we don’t hold the secret keys. We read a translated unclassified copy that the unit’s government-owned translator box hands us."

If pressed for more:
• Link 16 is the military’s classified group-chat for jets, ships, ground — you need an encrypted radio (MIDS) and the day’s secret keys to talk on it. We have neither. We don’t need either.
• The unit’s person who safeguards those keys (the COMSEC custodian) keeps that job. We change nothing about their security setup.
• The unit also has a government-owned translator box that copies Link 16 messages to the unclassified side. We read from that box. We never write back into the secret side.
• What we add: we mix those tracks with our 9,500+ aircraft and 12,000+ ship feeds onto one map and give the commander a clean picture with a decision queue.
• If the translator goes dark we keep running on commercial feeds and clearly label the Link 16 picture as stale. No silent failures.

Why it matters to them: "Days to stand up, not 18 months. No new accreditation. No new keys. No new custodian. Their security chain is unchanged."

HARD RULES — SAY THESE

• "No FedRAMP, no IL-5, no CAC, no SIPRNET, no FIPS, no ATO — this is unclas commercial."
• "AI never authors ballistic numbers. Lethal calls are human-in-loop."
• "468 docs in the RAG corpus. No live web fetch."
• "SDVOSB-pending, CAGE 9VKK3."

CLOSING (15 sec)

"That's the kill chain. One screen, nine steps, every domain. Lattice gives you a map; we give you the fight. Cost? A fraction of a prime program. Standards? Open. Schedule? Today. Let me know what you want to drill into."

Press ESC or click X to close · Drawer is overlay-only, won't navigate away