Certus logoCertusby Octave-X
DocsPilot
Enterprise Security Library

Blueprint bundles with evidence baked in

Each pack blends automation, guardrails, and out-of-the-box exports. Start with our curated bundles or adapt them to the regulators and customers you answer to.

18
Active blueprints
12
Frameworks supported
< 9 days
Median onboarding

Bundle 1

Application Security

Fortify code paths, authentication flows, and data surfaces with pre-built automation.

Maintained quarterlyEvidence-ready exportsCustom extensions supported
General Availability

Security Headers

Enforce CSP, HSTS, X-Frame, and custom header policies across every route.

  • OWASP ZAP passive scan wired into PR gates
  • Per-route header diffing with regression alerts
  • Evidence: Header manifest + signed variance report
SOC-2ISO 27001PCI-DSS
General Availability

Auth Hardening

Codify MFA, session policies, and OAuth/OIDC guardrails with deterministic checks.

  • Static analysis rules for session management
  • Dynamic MFA smoke tests triggered nightly
  • Evidence: Auth baseline report + control map
SOC-2HIPAAGDPR
Limited Beta

PII Redaction

Detect and mask PII across logs, telemetry, and exported artifacts.

  • Runtime log sampling with Bloom filter matches
  • PII classifiers tuned per data residency region
  • Evidence: Sanitization attestation & sample corpus
GDPRHIPAACCPA

Bundle 2

Supply Chain & Infrastructure

Secure dependencies, infrastructure as code, and runtime environments with signed proof.

Maintained quarterlyEvidence-ready exportsCustom extensions supported
General Availability

Dependency Hygiene

Continuously build SBOMs, identify CVEs, and enforce upgrade windows before merges.

  • Syft + Grype scanning with severity SLA tracking
  • Signed SBOM artifacts with tamper-evident hashes
  • Evidence: CVE digest + remediation timeline table
SOC-2ISO 27001NIST CSF
Limited Beta

Secrets Rotation

Automate scanning, rotation playbooks, and drift detection with Vault & cloud KMS integrations.

  • Secrets-as-code linting and Git history sweeps
  • Rotation orchestration via Terraform/Vault modules
  • Evidence: Rotation ledger + vault policy snapshot
SOC-2PCI-DSSFedRAMP
Private Preview

Runtime Shielding

Baseline container/serverless runtimes, enforce image signing, and block unverified deploys.

  • Cosign signature verification per deployment
  • Runtime policy drift reports across clusters
  • Evidence: Signed SBOM + runtime attestation bundle
SOC-2ISO 27001CIS Level 1

Bundle 3

Governance & Reporting

Give auditors the same telemetry your engineers see—no spreadsheet gymnastics.

Maintained quarterlyEvidence-ready exportsCustom extensions supported
General Availability

Audit Logging

Capture a tamper-evident trail of every change, reviewer, and control decision.

  • Immutable ledger backed by AWS QLDB
  • Reviewer coverage analytics & segregation-of-duties checks
  • Evidence: Signed event bundle + reviewer roster export
SOC-2HIPAAPCI-DSS
General Availability

Control Map

Translate raw evidence into framework-ready narratives with automated crosswalks.

  • Bidirectional sync with Vanta, Drata, Tugboat, ServiceNow
  • Inline policy exceptions with owner assignments
  • Evidence: Control coverage matrix per release
SOC-2ISO 27001Custom
Limited Beta

Cloud Posture Mirror

Ingest CSPM signals and apply them to pull request gates, with audit-ready proof.

  • Auto-generates Jira tickets for failing controls
  • Ties IaC diffs to cloud drift snapshots
  • Evidence: Consolidated CSPM report appended to merges
SOC-2CISISO 27017