Security Posture, COHESION

COHESION Spec v1.0

Product

Demo Run a five minute oversight assessment in the browser. Runs client side. Scorecard Per dimension scores across the seven measured dimensions of oversight. Dashboard Customer sign in. Live runs, evidence receipts, and audit history. Pricing Tiers, deployment models, and volume bands for scoring throughput.

Example output

Illustrative

847

Pass

EnvelopeK8 v2

Dimensions7 / 7

Article 14All thresholds met

Open the live demo

Standard

The Specification Version 1.0. Nineteen sections defining the seven measured dimensions. Methodology Annex Scoring rubric, dimension weighting, and calibration procedure. Case Library Nineteen documented oversight incidents, each scored against the spec. Thesis Why the human layer is the audit surface that governance tools miss.

Spec v1.0 weighting

Escalation integrity

18.0

Review cadence

16.0

Decision authority

15.0

Read the specification

Developers

API Scoring API. Signed evidence envelope. Scores returned synchronously. API Docs Reference, quickstart, and the full response schema. SDKs Typed clients for TypeScript and Python. Status Uptime, latency, and incident history for the scoring API.

Score an assessment

$ curl -X POST \ api.cohesionauth.com/v1/score \ -H "X-API-Key: $COHESION_API_KEY" # 200 OK { "jis": 82.4, "band": "proficient" }

Read the API docs

Company

Design Partner Shape Spec v1.x through an early enterprise engagement. Contact Reach the team on procurement, policy, or partnership.

Trust

Security Posture Controls, data handling, and the signed envelope chain. Subprocessors Every third party that touches assessment data. DPA Data processing agreement, GDPR Chapter II aligned.

Mapped to

EUAI Act Art. 14

US NISTAI RMF 1.0

ISO42001:2023

PatentUSPTO #1414

Become a design partner

Demo Scorecard Dashboard Pricing

The Specification Methodology Annex Case Library Thesis

API API Docs SDKs Status

Design Partner Contact

Trust

Security Posture Subprocessors DPA

Dashboard Get an API key

Encryption

Data is encrypted in transit and at rest. Keys are scoped per environment and rotated on a fixed schedule.

Signed evidence

Every score is sealed in a signed envelope with a SHA-256 hash and an audit-chain entry. Receipts are verifiable after the fact.

Access control

Least privilege access with audit logging. No standing access to customer assessment data.

Data minimization

Only the telemetry needed to score a window is processed. JIS telemetry is treated as personal data.

Deployment options

Hosted, private cloud, or self hosted. Enterprise can keep all data inside its own environment.

Retention

Retention windows are bounded by the data processing agreement and configurable for enterprise deployments.

Documents

The rest of the trust package.

Subprocessors

Every third party that touches assessment data, with the purpose and region for each.

Data Processing Agreement

The DPA, aligned to GDPR Chapter II, covering processing roles, retention, and transfers.

Need a security review before procurement?

Request a review Read the DPA