Immutable audit chain

CHRONICLE

Prove what happened, when it happened, who approved it, which artifact was evaluated, what the tool reported, and which authorization-relevant decision was made — with cryptographic certainty.

Explore the platform

The problem

Audit trails are reconstructed, not recorded

Approval records go missing. Timestamps don't match control requirements. Evidence is assembled under pressure the week before the assessor arrives. CHRONICLE records compliance events in an append-only, tamper-evident log anchored to the Sigstore Rekor transparency log — supporting AU-2, AU-3, AU-9, AU-10, and AU-12 by construction rather than by procedure.

CHRONICLE exists to prove compliance — not assert it.

Core capabilities

What it does

Hash chain service

Tamper-evident event sequencing — every record cryptographically bound to its predecessor.

·Append-only by construction
·Any alteration breaks the chain
·Consumes events from all four engines

Signing service

Events and evidence artifacts signed at the moment of creation.

·Cosign signing by default
·Customer-approved signing keys supported
·Tool version and artifact hash captured

Rekor / Fulcio anchoring

Events anchored to a public transparency log — or an internal one.

·Public Sigstore Rekor in connected mode
·Self-hosted Rekor + Fulcio for air-gapped
·Independent verifiability

Evidence manifests

Signed manifests for evidence packages and local evidence bundles.

·SHA-256 hashes for every file
·Package-level integrity verification
·3PAO-verifiable provenance

Audit replay

Reconstruct historical posture and the context of any control decision.

·Point-in-time posture reconstruction
·Decision context preserved
·Disaster-recovery replay

Retention service

FISMA-aligned retention without manual archive management.

·Hot 90 days · warm 1 year · cold 3 years
·Never delete
·Archive integrity maintained

How it works

Step-by-step lifecycle

01
Event consumed
The event bus subscriber receives every compliance event from RAMPART, AXIOM, PHAROS, and ADVERSARIUS over NATS.
02
Chained
The hash chain service sequences the event — each entry bound to the previous, making tampering evident.
03
Signed
The signing service signs the event and any evidence artifacts with Cosign or the customer's approved key.
04
Anchored
The event is anchored to the Sigstore Rekor transparency log — public in connected mode, internal in air-gapped deployments.
05
Manifested
Evidence packages receive signed manifests with per-file hashes, ready for assessor verification.
06
Replayable
The audit replay service can reconstruct posture and decision context for any point in the past three years.

Example scenario

An assessor verifies a gate decision from eight months ago

A 3PAO asks why a specific deployment was allowed in October. The answer is not a meeting — it is a signed, anchored, independently verifiable record.

Illustrative example. Not real customer data.

Demo · Illustrative only

Event

Gate decision · ALLOWRECORDED

Artifact

sha256:9f31…e2a4HASHED

Approved by

ISSO + 3 CAB signaturesSIGNED

Rekor entry

Independently verifiedANCHORED

Chain integrity

1.2M eventsINTACT

Retention

Hot 90d · Warm 1y · Cold 3yFISMA

Audit output

What CHRONICLE generates

Rekor-anchored event log
Signed evidence manifests
Chain-of-custody records
Audit replay reconstructions
Approval and signature records
Retention-compliant archives

The boundary

Append-only, by construction.

Nothing in CHRONICLE can be silently edited or deleted — not by customers, not by REAEGIS staff. The chain makes tampering evident, the transparency log makes verification independent, and retention makes history durable.

The other engines