Recent Breaches
Breaches
View All →
All Control Blueprints
VAULT-ledCP-06Protects the asset

Prove Compliance Through Control

Compliance becomes stronger when control can be demonstrated, not just documented.

All Blueprints
What it does

Compliance becomes stronger when control can be demonstrated, not just documented.

Where it fits

Audit-grade governance of access and evidence

Who uses it

Financial services, Healthcare, Public sector, Critical infrastructure

CP-06 topology

How CP-06 proves compliance through control.

A VAULT-led pattern. Every governed action produces signed evidence; every protected dataset is reachable only as a named, recorded event; everything is sealed offline.

Grounded in ISO 27001 A.5.34, A.8.15, A.8.16 and NIST CSF GV.OC-3.

Z0

Operators and analysts

Named individuals

Operators and analysts zone

Named individuals raising requests and acting on them

ValidateLockRelay

Reach is named, time-bound and validated against an authorised request.

Z1

Controlled data zone

Records, evidence

Controlled data zone zone

Records, evidence and sensitive datasets

TransferExecuteFirebreak

Movement out is governed; the boundary is physical, not just policy.

Z2

Evidence and audit zone

Where signed

Evidence and audit zone zone

Where signed attestations are gathered for review

OSS

Crown jewels · detail callout

Sealed evidence vault

Attestations, audit trails and protected records sealed offline for the retention period.

Modules & symbols

ValidateIntegrity check
LockNamed access
RelayTime-bound path
TransferControlled move
ExecuteApproved action
FirebreakPhysical sever
ConduitEnforced module path
┄┄┄
Crown jewelsOffline · detail callout
How it reads end to end

Validate checks the request or command before it proceeds. Lock proves access was restricted. Archive proves records, logs and evidence were preserved. Transfer proves data movement was controlled, Relay proves access was temporary, Execute proves the control fired and Firebreak proves the control was physical, not just policy-based.

Sector relevance
Financial servicesHealthcarePublic sectorCritical infrastructure
Mark Fermor
David Bailey
Kenny Phipps
Online Now
Concierge

Build control around your environment

Talk to our team about composing this Blueprint for your estate.

Takes about 2 minutes. No account needed.

Free2 minsNo sign-up

    Firevault

    Firevault is Offline Secure Storage. Hardware you own, physically disconnected by default, with KYC-verified access. Ransomware-proof by design, not by patch.

    © 2026 Firevault Limited. Disconnect to Protect®