Active Posture
Zero-Trust
Architecture
The Aegis security model treats disclosure as a governed workflow. We implement cryptographic boundaries and immutable audit trails to protect high-consequence information.
Architecture Matrix
System Specifications
Identity LayerKYC records isolated in segregated service/DB boundary. Handle-first public identity.
EncryptionPer-record envelope encryption. KMS/HSM wrapped platform keys.
Auth PolicyMandatory 2FA. Hardware keys/Passkeys enforced. SMS discouraged.
RecoveryUser-managed (unrecoverable) or Platform-managed (KYC re-verification).
Audit SurfaceAppend-only logs. 7-year retention target. Sealed admin records.
PrivacyZero app-level IP retention. Ephemeral WAF-only processing.
Access Control
Multi-Factor Protocol
Enrollment Requirements
Minimum of 2 enrolled factors required for full account activation. WebAuthn + TOTP is the recommended configuration.
01
Step-up MFA
Required for key changes, MFA rotation, and administrative actions.
02
Recovery Codes
One-time codes are argon2 hashed at rest and rotated immediately upon use.
Administrative
Authority Boundaries
US ONLY JURISDICTION
RBAC Configuration
sysadmincompliancemoderatorkyc_reviewer
- !Posts are immutable and non-deletable by users after release.
- !Legal deletion requires sysadmin + sealed audit trail entry.
- !Moderation scope limited to profiles and KYC workflow.
This document represents the current security posture of the Aegis Protocol. All implementations are subject to third-party audit and formal verification.