Show examples as

Compliance enablement

kcore is infrastructure software. Your organisation owns compliance scope. kcore provides controls, APIs, and isolation properties assessors can test — a compliance-enabling platform.

kcore is not a substitute for your own certifications. You inherit platform controls and document your policies on top.

Compliance report

Retrieve the compliance report with kctl get compliance-report or kctl describe compliance-report. The report covers the following categories:

1. Cryptography

Library: aws-lc-rs / AWS-LC (FIPS 140-3 certificate #4816). TLS 1.3 and TLS 1.2 cipher suites, key-exchange groups, and excluded algorithms are enumerated. Maps to FIPS 140-3, PCI DSS 4.2, SOC 2 CC6.1.

2. Encryption in transit

mTLS enabled or disabled. gRPC over mTLS with X.509 client certificates. Maps to SOC 2, PCI DSS, GDPR Art. 32.

3. Access control

RPC methods mapped to allowed identities (static CN-based authorisation). Maps to SOC 2 CC6.3, PCI 7.1, GDPR Art. 32.

4. Node inventory

Total, approved, pending, and rejected node counts. Maps to SOC 2 CC6.2, PCI 2.4.

5. VM inventory

Total, running, and stopped VM counts.

6. Network segmentation

Network counts by type (NAT / bridge / VXLAN). Maps to PCI 1.3, SOC 2 CC6.6.

7. Certificate lifecycle

Sub-CA enabled, auto-renewal window (30 days), expiring and unknown certificate counts. Maps to SOC 2 CC6.1, PCI 3.6.

8. Encryption at rest

LUKS2 mandatory. TPM2, key-file, and unknown node counts. Maps to NIST 800-53 SC-28, SOC 2 CC6.1.

9. Infrastructure

NixOS, Cloud Hypervisor (KVM), VM isolation (per-VM TAP + per-network bridge), node approval. Maps to SOC 2 CC8.1, PCI 2.2.

Implemented security features

In progress