Pillar five
The platform's cryptographic posture is built for the standards your assessor will be asking about in 2028, configured now. Hybrid key exchange combines classical and post-quantum primitives in the same handshake so a compromise of either leaves the other intact.
Harvest now, decrypt later only works if the message was harvested in a single layer of cryptography.
In depth
The platform's cryptographic choices follow the published direction of national standards bodies. They are not novel; they are deliberately conservative and verifiable from public references.
Classical elliptic-curve and post-quantum key encapsulation are agreed together in the same TLS handshake.
Each issued policy carries an Ed25519 signature. The agent verifies the signature before honouring the policy.
Update artefacts are signed and verified by the agent before installation. The signing key is configured at deployment time.
Per-deployment encryption keys, never shared across organisations. Customer-managed keys available where the deployment shape supports them.
Comparisons of secret material avoid timing channels that have leaked credentials in other systems.
Choices follow the published direction of NIST and adjacent national standards bodies. No proprietary primitives.
Session and credential tokens are encrypted at rest with authenticated encryption, with rotation tied to administrative action.
Session keys are ephemeral. A future compromise of a long-term key does not reveal past sessions.