IthilPenetration Testing
Ithil is penetration tested by Cobalt, a CREST accredited offensive security firm. Results are available on request. Network, application, and data layers are each secured independently with defense in depth.
Security Overview
SOC 2 Type I readiness controls are implemented across the platform. Type II audit is scheduled. NIST 800-53 Rev 5 control mapping is documented across nineteen control domains for federal compliance assessments.
Data Protection
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Tenant data is isolated at the database schema level. Each tenant has its own schema, and no query executes without tenant context. Backups are encrypted and stored in geographically separated locations.
Compliance
The platform is built to WCAG 2.1 AA standards, meeting Section 508 accessibility requirements. The data model supports GASB 34 compliance for government asset reporting. Compliance controls are enforced at the database and application level for every customer.
Infrastructure
Ithil runs on AWS in US regions (us-west-2). All infrastructure is deployed within isolated Virtual Private Clouds (VPCs). Database endpoints are never publicly accessible. Infrastructure is managed as code with automated security scanning on every deployment.
Domestic Operations
Ithil is built entirely by a US based team. All development, operations, and customer support are performed domestically. No work is outsourced offshore. All data is handled exclusively by personnel within US jurisdiction.
Access Control
Role based access control (RBAC) governs all operations. Single sign on (SSO) is supported via WorkOS. Multi factor authentication (MFA) is available for all accounts. Sessions are managed with secure, HttpOnly cookies with configurable timeout policies.
Audit Trail
Every operation in Ithil generates an immutable event in the audit log. Work orders and inspections use append only event stores that support point in time reconstruction. Authorization denials are logged. Data retention policies are configurable per tenant.
Session Management
Sessions enforce a 30 minute maximum inactivity timeout with a 2 minute idle warning, aligned with NIST 800-53 AC-12. All session tokens are stored in secure, HttpOnly cookies with SameSite protection. CSRF tokens are validated on every state-changing request.
Multi Factor Authentication
Multi factor authentication via TOTP (Time based One-Time Password) is available for all accounts. MFA adds a second verification step beyond passwords, protecting accounts even if credentials are compromised.
IP Allowlisting
Tenants can restrict platform access to specific IP addresses or CIDR ranges. This network level control, aligned with SOC 2 CC6.6 and NIST 800-53 SC-7, ensures the platform is only accessible from authorized networks.
Cryptographic Standards
Ithil uses FIPS 140-3 validated cryptographic modules through AWS KMS. Data at rest is protected with KMS envelope encryption using AES-256-GCM. All hash chains use SHA-256 for tamper evident audit trails. TLS 1.3 protects all data in transit.
Immutable Audit Logs
The platform maintains approximately 25 append only tables and 45 soft delete tables protected by database-level triggers. No audit record can be altered or deleted, even by administrators. Event sourcing with SHA-256 hash chains provides tamper evident, point in time reconstructable history. Infrastructure audit logs are written to an Object-Lock-protected store with multi-year retention and cross-region replication, so the record of who did what to the platform itself is also immutable.
Continuous Integrity Verification
A background worker replays every aggregate's SHA-256 hash chain across every tenant on a daily schedule and pages on any mismatch. Tampering with an audit record is detected by construction, not by spot check. This aligns with NIST 800-53 AU-9 (protection of audit information) and AU-10 (non-repudiation).
Database Destruction Defense
Production data is protected by seven independent layers rather than by policy alone. The application's runtime role holds no destructive database or RDS permissions. The runtime database user has no schema-altering grants. Production databases sit in private subnets reachable only from the application. The event store is append-only at the application, trigger, and backup layers. Backups are copied to a separate region into a vault-locked store that cannot be deleted before its retention floor, and every production deploy carrying a destructive migration requires an explicit human acknowledgement. The capability to destroy is removed, not merely discouraged.
Independent Evidence Verification
Audit evidence exports as cryptographically signed packets. A recipient verifies a packet offline using their own copy of the trust anchor, with an open-source command-line verifier. A public-records officer or opposing counsel can confirm the signature without trusting Ithil and without Ithil holding the key. The audit trail is verifiable by the party that needs to rely on it.
Federal and DoD Deployment
For federal and DoD-adjacent deployments, Ithil runs as a separate deployment fork rather than a code fork, so the same product serves civilian agencies and base public works. FedRAMP Moderate and GovRAMP Moderate control mappings are in progress. CMMC Level 1 self-attestation is drafted. The edge collector ships a FIPS 140-3 build. The federal fork enforces the NIST AC-12 thirty-minute idle session ceiling.
NIST 800-53 Alignment
Ithil's security controls align with NIST 800-53 requirements including session management (AC-12), network boundary protection (SC-7), access control (AC-2), audit generation (AU-12), and audit protection and non-repudiation (AU-9, AU-10). Controls are documented and mapped for federal compliance assessments.
Incident Response
Ithil maintains a documented incident response plan. Security incidents are communicated to affected customers within 24 hours. Our security team monitors for threats continuously. Contact security@ithil.ai for any security concerns.
Responsible Disclosure
We welcome reports from security researchers. If you discover a vulnerability, please report it to security@ithil.ai. We commit to acknowledging reports within 48 hours and will work with you on remediation timelines. We do not pursue legal action against researchers who report vulnerabilities in good faith.
For security inquiries, contact security@ithil.ai.