Proof, Evidence & Compliance | Rathsted Foundations

Published mappings and verification records show what Rathsted Foundations validates and what your team can produce for review.

Published mappings and verification records for the single-node baseline are not certification, attestation, or a substitute for organizational controls.

When a customer or reviewer asks who manages the environment, who approved a change, and how you know what is running, a general hosting claim is not enough.

Procurement, security review, customer diligence, and internal governance all go faster when reviewers have clearer records than ad hoc screenshots and explanations.

Audit and Review

Audit friction

Missing records force last-minute reconstruction during audits and customer security reviews.

Business impact

Delays push back launch dates, stall contract cycles, and break delivery commitments that depend on security, audit, or procurement sign-off.

Clearer records

Your team spends less time rebuilding records. Reviewers have something clearer to inspect.

Clearer records mean fewer surprises, faster reviews, and lower delivery risk.

Control Mappings

CIS Kubernetes Benchmark NIST 800-53 SOC 2 (Trust Services Criteria)

Rathsted Foundations maps a published set of baseline controls to selected CIS, NIST, and SOC 2 controls. They are a starting point for review work, not a certification package.

What a Run Produces

A validated run produces a plain-text verification packet your team can review or share.

Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.04 (CIS), Debian 12, and Rocky Linux 9 all passed the latest published compatibility run on April 23, 2026.

The published compatibility matrix is separate from the release evidence bundle. It shows which operating systems passed the latest validation run.

Environment identity - Foundations version, OS, hostname, kernel, and run timestamp.
Cluster health - k3s, Flux, and Kyverno (cluster engine, change delivery, and policy enforcement) status with pod-level checks.
Rule enforcement - baseline control checks with negative tests confirming rejection of non-compliant workloads.
Supply chain - Signed release verification, software inventory, and vulnerability scan output when that scan is run.
Access control - Access control snapshot (RBAC) showing who has permission to do what.
Network segmentation - Baseline network policy and namespace-level isolation rules from the shipped stack.
Hardening - API server audit logging and secrets encryption at rest.

Each packet includes a formatted summary and full detail log. This is verification output, not a compliance attestation. External records like CI run URLs, registry audit exports, and key-usage audit references are attached separately when available.

Sample verification packet

Preview of a plain-text verification packet from a recent validated run against the current baseline:

Validation target Download

Source: loading...

Loading sample evidence...

JavaScript is required for the interactive evidence viewer. You can still download the current Ubuntu 24.04 sample files directly: summary and full detail.

Rathsted Foundations provides technical controls, mappings, and verification records for the baseline. It does not replace legal advice, formal audit services, or certification work.

See evaluation steps Qualified support

If the real question is deployment approach, provider choice, or jurisdiction requirements, use the qualified support path.