Engineered to clear procurement
Every audit framework asks the same question: "Show me the log, prove it wasn't tampered with." IntentGate was built to make that conversation take minutes, not weeks. Below is how each major framework maps to specific IntentGate capabilities.
| Framework / control | What IntentGate gives you |
|---|---|
| SOC 2 CC6.3 — Logical access controls | JIT admin elevation replaces standing admin. Every privileged operation is linkable back to the operator, the approval, and the documented reason. "No operator held admin without approval" is a single audit query. |
| SOC 2 CC7.2 — System monitoring | Tamper-evident audit chain over every authorization decision. Per-tenant SHA-256 hash chain serialized with FOR UPDATE inside the insert transaction. One-click verification dashboard. |
| ISO 27001 A.9.2.5 — Review of user access | OIDC SSO + SCIM 2.0 push from your IdP. Off-boarding is automatic when the IdP marks the user inactive. Quarterly access reviews query the live console state. |
| ISO 27001 A.12.4.1 — Event logging | Every authorization decision, every admin action, every approval, every revocation lands in the persistent audit log with operator identity, policy reason, capability token id, tenant, and elevation id. |
| GDPR Article 30 — Records of processing | CSV / NDJSON export of the filtered audit set with tenant + time-window filters. Pair with a verification screenshot dated within the reporting period for the evidence pack. |
| AI Act Article 12 — Record-keeping | The audit log captures agent identity, tool, arguments, policy decision, reason, and timestamp. Schema is OCSF-lite, streams to your SIEM, exports as a portable artifact. |
| NIS2 / DORA — Operational resilience | Multi-replica gateway, fail-closed on revocation-store error, tenant-isolated chain heads, bounded buffers on audit fan-out so a slow SIEM never blocks authorization decisions. |
Posture
Cryptographic audit
Each event hashed into a per-tenant SHA-256 chain. FOR
UPDATE serializes concurrent emitters. Pre-feature rows
surface as skipped; verification doesn't fail over
legacy data.
Fail-closed
Revocation-store error blocks the call. Master key unset returns 503 on mint. The gateway refuses to authorize when it can't be sure the answer is correct.
Constant-time secrets
Admin tokens compared in constant time. Webhook signatures verified constant-time. No timing oracles on shared-secret comparisons.
AES-256-GCM at rest
Notification webhook URLs and TOTP secrets encrypted at rest with a customer-supplied key. Console reads on demand; consumers never touch ciphertext.
HMAC-signed webhooks
Gateway-to-console webhook traffic carries an
X-IntentGate-Signature: sha256=... header verified
constant-time on receive. Shared secret rotates without code
change.
Bounded buffers
Audit fan-out (SIEM, webhooks) runs through per-emitter bounded buffers and worker pools. A slow Splunk endpoint produces a dropped-count counter, never a backpressure failure on the hot path.
Disclosure
Coordinated vulnerability disclosure: security@netgnarus.com — dedicated channel for security researchers. PGP fingerprint will be published alongside the docs site.
Embargo policy: 90 days from confirmed receipt, or earlier if a patch is available and customer-deployed.
Need the compliance one-pager?
Mapping of GDPR, AI Act, SOC 2, ISO 27001 controls to IntentGate evidence available on request — useful for your security review ahead of a pilot.
Request the compliance kitCoordinated vulnerability disclosure (security researchers only): security@netgnarus.com. Embargo policy: 90 days from confirmed receipt.