bluefennick Talk to us
← Back to Landing Site
Live Interactive Concept

The Active Compliance Console

An interactive walkthrough demonstrating how the platform removes the friction between compliance officers and practitioners through a single continuous evidence stream.

CONCEPT SYSTEM — Simulated environment showcasing Active Compliance Framework workflows. Actions do not affect real cloud infrastructure.

System Overview

Continuous compliance health and real-time posture indicators.

Continuous Posture

74% Compliance

Calculated across 18 frameworks including SOC 2, NIST CSF, and ISO 27001.

Active Compliance Gaps
2
Requires Practitioner Fix
Cryptographic Evidence Logs
4

Real-time Posture Stream

polling interval: 1s

Pillar 1: Assessment

Continuous framework mapping and resource evaluation.

Active Frameworks: NIST CSF v2 SOC 2 Trust Services ISO 27001:2022 CIS Benchmarks

OCI defined_tags Drift Check

Passed

Verifies that all OCI resources match the required tag-namespace schema tags.

Resource: Compartment bluefennick-demo Control: CIS OCI 3.1 Sig: Ed25519_5df87...

OCI PostgreSQL Database Extension Check

Passed

Verifies database configuration does not include unapproved PostgreSQL extensions.

Resource: DB System postgresql-01 Control: SOC 2 CC6.6 Sig: Ed25519_8ae2c...

Azure Defender Plan Check (App Services)

Gap Detected

Checks if Azure Defender security pricing is set to "Standard" to protect App Service resources.

Resource: Azure Subscription sub-prod-01 Control: CIS Azure 1.2 Sig: Ephemeral Preview (Unsigned)

Database Subnet Isolation Check

Gap Detected

Checks that active customer database workloads are isolated in a private subnet, detached from public ingress.

Resource: Legacy Postgres Instance VM-01 Control: NIST CSF PR.AC-5 Sig: Ephemeral Preview (Unsigned)

Pillar 2: Remediation

Close the gap. Review HCL diffs and apply fixes with continuous evidence capture.

Active Gap Queue

Select a gap to view practitioner details and proposed HCL remediation code.

CIS Azure 1.2: Azure Defender Disabled
Subscription: sub-prod-01
Practitioner View — Proposed HCL Fix
subscription_pricing.tf
- resource "azurerm_security_center_subscription_pricing" "app_services" { - tier = "Free" - resource_type = "AppServices" - }
+ resource "azurerm_security_center_subscription_pricing" "app_services" { + tier = "Standard" + resource_type = "AppServices" + }
Officer View — Compliance Context

Control Alignment

SOC 2: CC6.1, CC6.6 | ISO 27001: A.12.6.1

Risk Explanation

With Azure Defender App Services tier disabled, production web applications run without automated vulnerability scanning, threat detection patterns, and active security alerting.

bf-runner@remediation-worker ● ● ●
[system] Ready. Click 'Execute Remediation' to apply the Terraform fix and register evidence.

Pillar 3: Migration

Run infrastructure migrations inside the compliance loop with automated verification.

Active Migration Jobs

Workloads requiring transition into compliant infrastructure.

Secure Database Isolation Migration Queued

Moves customer workloads from public legacy host VM-01 (AD-1) to tenant-isolated OCI Managed Postgres Database with private subnet isolation.

Source (Legacy): postgresql://vm-01-public:5432/db_prod
Target (Compliant): postgresql://db-isolated.private-subnet.oraclevcn.com:5432/db_prod
Migration Pipeline Status
1
Pre-validation
2
SSL Tunnel
3
Data Replication
4
DNS Cutover
5
Signing & Verification
bf-runner@migration-pipeline ● ● ●
[system] Pipeline ready. Initiate migration to run pre-flight checks.

Pillar 4: Attestation

Continuous evidence ledger and cryptographic audit trail packages.

Continuous Evidence Ledger

Cryptographic proof chain generated directly as a byproduct of engineering operations.

Timestamp Pillar Event Details Signature Status

Verification Endpoint Mockup

Paste an Ed25519 signature from the ledger above to verify integrity and provenance of the evidence.

audit-verifier-agent ● ● ●
[verifier] Awaiting signature payload...

Audit-Ready Attestation

The evidence package acts as a continuous ledger. Since every event is cryptographically signed using the platform's private keys, third-party auditors can verify the bundle without relying on manual screenshots or post-hoc query assertions.

"The attestation process becomes a printout against continuous data, not a retrospective project."