Compliance framework mapping

Seven frameworks mapped at the control level — SOC 2 Type II, HIPAA, GDPR, PCI DSS v4.0.1, ISO/IEC 27001:2022, PDPA (Singapore), MAS TRM. Real-time control evaluation via live service-health probes, not retrospective questionnaires.

48 controls across 7 frameworks · per-crypto-tier mapping (default → strict → maximum → government) · live status surfaced in the cloud portal for authenticated tenants · evidence packs on demand.

/trust/compliance →

NIST ACVP conformance — live

Server-rendered evidence that QNSP's two independent PQC providers pass the official NIST ACVP test vectors. SHA-3-256 tamper digest binds every evidence file.

@noble/post-quantum: 435 / 435 passed across FIPS 203 / 204 / 205 · @cuilabs/liboqs-native 0.15.1: 240 / 240 ML-KEM tests via OQS_KEM_keypair_derand + OQS_KEM_encaps_derand · regenerated on every release.

/verify/conformance →

Reproducible PQC benchmarks

Real measurements from the same liboqs build that runs in QNSP production. Re-run the script yourself against the public source mirror to reproduce.

Per-algorithm p50 / p95 / p99 latency and throughput across every ML-KEM, ML-DSA, SLH-DSA, and Falcon variant we ship · published as schema.org Dataset for Google Dataset Search · environment + iteration counts recorded with every run.

/benchmarks →

Auditable entropy chain

Where every random byte in QNSP comes from. End-to-end chain documentation with citations to NIST SP 800-90A / 90B / 90C, OpenSSL DRBG, Linux getrandom, Intel RDRAND / RDSEED, AWS Nitro entropy, and per-vendor HSM FIPS 140-3 DRBG records.

Three documented chains — CSPRNG (default + strict tiers), HSM DRBG (maximum + government via BYOH), QRNG mix-in (sales-assisted byoh-qrng-mixin add-on). Declarative `cryptoEntropySource` field on every tenant crypto policy.

/trust/entropy →