Security

La sécurité — par défaut, vérifiable, post‑quantique.

Data at rest — envelope encryption by default

Every Osage Finance application stores sensitive data under the canonical envelope: Osage KMS as root of trust (HSM-backed, FIPS 140-3 boundary); per-org Key Encryption Keys; per-row Content Encryption Keys wrapped under the KEK; AES-256-GCM with AAD-bound nonces. Spec at osage.tech/docs/storage.

Crypto-shredding — revoking a client's KEK in KMS renders that client's entire dataset unreadable, instantly. Right-to-erasure and data-residency revocation is one KMS API call.

Data in transit

• TLS 1.3 by default; PQ-hybrid handshakes (X25519 + ML-KEM) on supported endpoints.
• mTLS between every service; SPIFFE / SPIRE identity for service-to-service.
• End-to-end encryption for client ↔ backend on regulated workloads.

Post-quantum posture

The Osage post-quantum stack runs throughout: ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205), Falcon, and the named higher-level primitives — Osage Quasar (round signing / consensus), Osage Pulsar (threshold lattice signing), Osage Magnetar (high-throughput batched signing), Osage Prism (sub-sampled finality), Osage Corona (cross-chain threshold oracle). High-value transactions sign through Pulsar threshold, not single-key custody.

Key management (Osage KMS)

• HSM-backed (Thales Luna, Utimaco, YubiHSM families).
• FIPS 140-3 boundary; keys never leave the module.
• Per-org KEKs, versioned, rotatable, auditable.
• Every unwrap is a logged event — the KMS log is the system of record for sensitive-data access auditing.
• Customer-owned HSM (bring-your-own) for sovereign deploys.

Compliance frameworks

• SOC 2 Type II
• ISO 27001 / 27017 / 27018
• NIST SP 800-171; CMMC Level 2 roadmap; FedRAMP Moderate roadmap on managed-region tier
• PCI DSS Level 1 via card-processing partner
• HIPAA with BAA on health-information workloads
• DFARS 252.204-7012 / -7019 / -7020 / -7021

Supply chain

• SBOM published per release
• Signed releases; reproducible builds where the language permits
• Vulnerability disclosure: [email protected]

Audit & logging

Every administrative action and every KMS unwrap is a logged event. Logs are append-only, content-addressed, anchored to Osage Network for tamper-evidence. Retention per customer policy. Federal customers receive structured-export support on request.

The standing post-quantum brief is held by the Chief Architect & Cryptographer. Full Osage cryptographic posture and NIST participation at osage.cloud/crypto.