Trust model
Evidence auditors can verify without trusting your box
Self-hosting compliance tooling has one structural weakness: the company being audited controls the machine that produces its own evidence. A sharp auditor knows this, and asks the fair question — why should they believe the timestamps? Scorifya Controls answers with RFC 3161, an IETF standard for cryptographic timestamps signed by an independent authority. This page explains what is anchored, how anyone verifies it offline, and what remains outside the model.
The self-hosted evidence problem
Every compliance tool has to answer one question at audit time: did the evidence in the report exist on the date the report says it did? SaaS compliance products answer it with the vendor's reputation — trust that Vanta's or Drata's clock and database are honest. Self-hosted products can't use that answer. The customer runs the database. The customer runs the clock. Nothing stops a determined auditee from backdating an attestation, or from replacing an evidence file with a different one after the fact.
Silence isn't an option: an auditor who notices the gap is right to discount the tool's output. Every meaningful piece of evidence in Controls is therefore anchored to an external cryptographic timestamp before it counts as sealed.
What Controls anchors to an external authority
Policy adoptions
When a policy is adopted, the exact policy text is sealed with an RFC 3161 timestamp from DigiCert or Sectigo. Adoptions are immutable; a new revision needs a new adoption.
Manual control attestations
Every attestation is sealed with an RFC 3161 timestamp. The stamped envelope includes control identifier, status, owner, notes, attestation time, and the SHA-256 hash of every evidence file uploaded at or before attestation.
Check runs
Every completed check run gets one TSA token covering all 54 results in that run — check key, status, SHA-256 of the details payload, and runAt. The canonical JSON is stored with the run so the audit package can prove the exact per-check status set that existed at run completion.
Evidence file content
Uploads compute a SHA-256 that folds into the attestation envelope. Replace the file bytes after attestation and the stamped hash no longer matches — the tampering is provable without trusting the customer's server.
How an auditor verifies it offline
Controls' audit-package export bundles every timestamp token alongside the exact document that was hashed. Auditors run standard OpenSSL against those files. No Scorifya account, no proprietary tooling, no network calls to us. The DigiCert and Sectigo root certificates are already in every modern Linux and macOS trust store; they are not our authorities.
A representative verification for a check run:
# From within the unzipped audit-package directory cat runs/index.json | jq '.runs[] | select(.runId=="<run-id>")' curl -O <tsaCaCertUrl from the JSON> openssl ts -verify \ -data runs/<run-id>.json \ -in runs/<run-id>.tsr \ -CAfile <ca-cert filename> # Expected: "Verification: OK"
"Verification: OK" means the timestamp authority — independent of the customer and of Scorifya — confirmed the exact per-check result set existed at the shown time and has not changed since. The same pattern applies to attestations, adopted policies, and direct evidence-file hash checks.
What the anchor model does NOT prove
- ·That checks weren't re-run. A timestamp proves what was true at run time, not that the customer didn't re-run a failing check ten times until it passed. Auditors reviewing the run history in the audit package see every anchored run, so a suspicious pattern of "run at 4:59 PM, run again at 5:01 PM" is visible.
- ·That the underlying cloud state was accurate. Controls records what the AWS, GCP, Azure, and GitHub APIs returned when the check ran. Auditors independently verify a sample of material findings against the source systems.
- ·That the operator is honest about what evidence exists. A missing attestation is a missing attestation. The model proves the ones that exist are real; auditors verify coverage independently.
- ·That evidence file content is meaningful. The hash proves the bytes have not changed since attestation. It does not prove that the PDF actually documents what its filename claims. That is what auditors do.
Air-gapped and sovereign-cloud environments
Controls defaults to the public DigiCert and Sectigo TSAs because their roots are in nearly every trust store, so verification stays turnkey for auditors. A custom TSA URL (with matching name and CA cert URL) is configurable via environment variables for deployments that cannot reach the public internet or need to use a sovereign timestamping authority.
See Controls in action
Click through the auditor view on the public demo, then compare it to the anchor model above.