THE BRONZE SHIELD
Control alignment to NIST/ISO/RMF and data sovereignty requirements.
| Requirement | How We Comply | Artifact |
|---|---|---|
| Data Residency | All production data in DRC DCs; backups encrypted with state-owned keys. | Hosting contract; KMS/HSM policy |
| NIST CSF | Identify–Protect–Detect–Respond–Recover mapped to services and SLAs. | Control matrix; SOC runbooks |
| ISO 27001 | ISMS scope; policies; risk & treatment plans; audits. | ISMS docs; SoA |
| RMF | Baseline controls; ATO package; continuous monitoring. | SSP; POA&M; ATO letter |
| Privacy | Data minimization; DPIAs; access logging; breach notification. | DPIA forms; audit trails |