Compliance
OpenBox provides built-in support for security and compliance requirements. Generate audit evidence and cryptographic attestations.
Overview
| Capability | Description |
|---|---|
| Cryptographic Attestation | Tamper-proof evidence of agent behavior |
| Audit Trails | Complete history of all actions |
| Evidence Export | Export evidence for auditors |
Key Features
Immutable Audit Trail
Every agent action is logged with:
- Timestamp
- Actor identification
- Action details
- Trust decision
- Cryptographic signature
Automated Evidence Collection
OpenBox automatically collects evidence for:
- Access control enforcement
- Policy evaluation records
- Approval workflows
- Trust score changes
- Incident responses
Evidence Export
Export evidence on-demand:
- Go to Audit Log or Attestation
- Choose date range
- Export evidence
Export formats:
- CSV
- JSON
Attestation
Cryptographic proof of agent behavior. See Attestation for details.
Compliance Dashboard
The compliance dashboard shows:
Control Status
View overall evidence coverage and readiness signals.
Evidence Gaps
Identifies missing evidence:
- Policies not reviewed in 90+ days
- Agents without risk assessments
- Incomplete audit trails
Upcoming Audits
Track audit schedule and preparation status.
Best Practices
- Regular reviews - Review policies quarterly
- Document changes - Add comments to all configuration changes
- Test controls - Validate trust controls work as expected
- Export regularly - Maintain off-platform backups
- Train approvers - Ensure HITL reviewers understand requirements
Next Steps
- Set Up Attestation - Enable cryptographic proof of agent behavior
- View Audit Log - Export organization activity logs for auditors