Feedback integration certs#459
Merged
mattaereal merged 10 commits intosecurity-alliance:developfrom Apr 21, 2026
Merged
Conversation
Sidebar Configuration ReminderThis PR includes added, renamed, or removed documentation files:
Please ensure that:
See Contributing Guide – Sidebar & Navigation for more details. This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message. |
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
ipatka
added a commit
to ipatka/seal-frameworks
that referenced
this pull request
Apr 20, 2026
Both the protocol and auditor signup links in the certs overview were pointing at the same auditor form (CertsAuditor). Protocols should land on the waitlist form (CertsWaitlist) instead. Per PR security-alliance#459 review comment from DicksonWu654. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
mattaereal
added
the
content:update
Collaborator
frameworks-volunteer
left a comment
frameworks-volunteer
left a comment
There was a problem hiding this comment.
Model: z-ai/glm-5.1 Reasoning: high Provider: openrouter
Review Summary
Security: clean. No secrets, injection vectors, or unsafe patterns. The ControlCard change renders control.id from frontmatter (not user input), so no XSS surface. No new dependencies.
QA: one inconsistency worth fixing, otherwise solid.
Inconsistency: IR control ID renames vs "No renames" claim
The PR description states: "Control IDs are stable across this revision. No renames." However, IR Section 2 IDs are explicitly renamed by this PR:
ir-2.1.1→ir-2.1.2(Monitoring Coverage)ir-2.1.2→ir-2.1.3(Alerting, Paging, and Escalation)ir-2.1.3→ir-2.1.4(Tamper-Evident Logs)
The new ir-2.1.1 (Threat Model for Protocol Operations) inserts before them, shifting all three. The changelog body correctly captures this in the workbook compatibility section, but the PR description's "No renames" claim is misleading and should be updated. Protocols using workbooks with saved IR Section 2 data will need manual re-mapping.
What looks good
- Identity and Accounts cert is well-scoped: horizontal account-management pattern, clear dedup from vertical certs, explicit scope boundaries (device/physical/training intentionally out)
- Threat model control (ir-2.1.1) is a strong addition -- anchors monitoring to known threats
- Overview page rewrite is clearer: drops stale RFC language, separates protocol vs auditor sign-ups (CertsWaitlist vs CertsAuditor)
- Versioning mechanic (frontmatter + inline render + changelog page) is clean and extensible
- Control ID display in ControlCard is minimal and useful
- All internal links use clean paths without .mdx extensions
- Workspace Security retirement is handled thoroughly: file deleted, sidebar updated, all references removed, cert-type maps updated, changelog documents what moved vs what was dropped
mattaereal
approved these changes
Apr 21, 2026
Mirrors the revisions applied in the SEAL-Certs-Template repo (see its CHANGELOG.md for full detail). Summary: - sfc-multisig-ops: ms-2.1.2 strengthened from "evaluate" to "implement"; ms-4.1.1 transaction process consolidated 8 to 5 bullets - sfc-treasury-ops: scope note added; per-actor/per-path exposure limits (tro-2.1.3) and privileged access / root account management (tro-3.1.5) added; trusted-parser bullet on tro-4.1.1; various consolidations and softening (session timeouts, impact thresholds, exposure limits) - sfc-devops-infrastructure: di-1.1.4 split into process + di-1.1.5 list; runner hardening on di-3.1.1; network architecture on di-4.1.1; supply chain mention softened; References section added - sfc-dns-registrar: dns-3.1.1 slimmed to reference the new Identity & Accounts cert for account management - sfc-incident-response: four IR controls consolidated (team roles, contacts, alerting, drills); header reference to Identity & Accounts - sfc-identity-accounts (NEW): horizontal cert covering organizational account management (inventory, phishing-resistant MFA, credential management, recovery methods, lifecycle, takeover monitoring, third- party access) Control IDs are stable; no renames. Baseline text changes do not affect workbook import (keyed on control ID). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The old Workspace Security cert drifted far from SEAL's SME (device management, EDR/MDM, physical/travel security, formal training programs). Its crypto-relevant content (account inventory, phishing-resistant MFA, credential management, account lifecycle, takeover monitoring) is now in the new horizontal Identity & Accounts cert. Generic enterprise IT coverage is better left to ISO 27001 / SOC 2 / CIS. - Delete docs/pages/certs/sfc-workspace-security.mdx - vocs.config.tsx: sidebar updated (add Identity & Accounts, remove Workspace Security) - utils/generate-cert-data.js: CERT_ORDER updated so the overview-page "Export All Certifications" xlsx includes I&A and excludes Workspace - utils/generate-printable-checklists.js: CERT_META updated so the Print button generates an I&A checklist and no longer generates one for Workspace - components/certified-protocols/CertifiedProtocols.tsx: certTypeToName map updated (sfc-ida replaces sfc-ws) - docs/pages/certs/overview.mdx: cert list updated - docs/pages/certs/index.mdx: cert list updated - docs/pages/intro/overview-of-each-framework.mdx: cert list updated The fetched-tags.json and cert-data.json artifacts regenerate at build time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Control IDs (e.g., ms-2.1.2) are already in the data model and used by
workbook import/export and aria attributes, but were invisible in the
rendered card. Surface them inline next to the title so readers and
reviewers have a stable reference they can cite.
- ControlCard.tsx: render {control.id} before the title with a muted
separator
- control.css: .control-id styled muted, monospace, 0.875em; .control-id-sep
muted, non-bold
No behavioral change; purely additive display.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Protocols that have certified against an earlier version of a cert need to scope the delta when that cert is revised. Adds explicit versioning so re-certification decisions are data-driven. - Per-cert frontmatter fields: version (semver-ish) and revised (ISO date). Rendered inline near the H1 title: "Revision X.Y · Updated YYYY-MM-DD · Changelog". - New page: docs/pages/certs/changelog.mdx aggregating revision history across all certs with inaugural 2026-04-17 entry covering the feedback-integration-1.1 changes. - vocs.config.tsx: Changelog added to sidebar under SEAL Certifications. All five existing certs stamped at v1.1 (revised 2026-04-17). New Identity & Accounts cert stamped at v1.0. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- docs/pages/certs/index.mdx: generate-folder-indexes added Changelog row - utils/fetched-tags.json: tags-fetcher regenerated tag map (added /certs/changelog entry; workspace-security replaced by identity-accounts; sectionMappings sort order shuffled) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Monitoring coverage is only meaningful if it's pointed at the right things. The existing IR cert had team structure, contacts, monitoring, alerting, and playbooks, but no control requiring an explicit threat picture of protocol operations and external dependencies. This control closes that gap and anchors the monitoring and playbook controls to a known threat model. - Insert new ir-2.1.1 (Threat Model for Protocol Operations) at the start of Section 2 (Monitoring, Detection & Alerting) - Existing Section 2 controls shifted: old ir-2.1.1 to ir-2.1.2, ir-2.1.2 to ir-2.1.3, ir-2.1.3 to ir-2.1.4 - Evidence Tracker count 13 to 14 (template repo only) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The previous overview was written during RFC Phase (ended Dec 31, 2025) and framed certifications as "proposed" and "being developed." The framework is now stable, published, and moving into active certification with accredited firms. Rewritten to: - Open with the same framing as the internal program-and-roadmap doc: code audits don't catch operational failures, certifications target that gap - List the six modules (with the new Identity & Accounts and Incident Response updated to include threat modeling) - Condense "How Certification Works" into a five-step engagement flow with EAS attestation - Replace the RFC Phase section with a plain Program Status summary of where the program is now - Trim outdated FAQ items (the "Q1 2026 rollout" question) and update wording throughout - Link to the new /certs/changelog page for revision history Shorter overall; aligned with the roadmap doc without duplicating its operational detail. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Previous rewrite dropped these along with the RFC Phase framing. Adding them back as a tight "Get Involved" section between Program Status and FAQ. Both entry points currently point at the same typeform (securityalliance.typeform.com/CertsAuditor), matching the original overview page. If protocols and auditors need distinct intake forms later, the URL can be updated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Mirrors template-repo commits acddf5c, 2d3a777, 5ae8d0f which applied DicksonWu654's review feedback. Since v1.1 hasn't shipped yet, the changelog entry for v1.1 is updated to reflect final state rather than documenting an intra-PR iteration. - sfc-devops-infrastructure: di-1.1.2 drops the supply-chain parenthetical (Section 2 already handles supply chain); di-1.1.4 and di-1.1.5 merged back into a single di-1.1.4 covering both the tool approval process and the approved-tools list; References section at the bottom removed (other certs don't carry References, so the inconsistency wasn't earning its keep) - sfc-identity-accounts: ida-2.1.1 drops the "(subject to SIM-swap and interception)" parenthetical; ida-4.1.1 drops the inline "(coordinated with SFC - Incident Response monitoring)" parenthetical (the trailing IR coordination bullet still carries that point); "Related certs" list in the page body removed (cross-refs live inline in each vertical cert) - sfc-incident-response: ir-2.1.1 threat model gains a baseline bullet on identifying single points of failure and highly centralized components across onchain and offchain layers (cross-chain messaging providers, oracle providers, critical infrastructure dependencies) - changelog.mdx: v1.1 entry updated to reflect final merged state; DevOps control count is now unchanged at 16, workbook compat note flags the shifted IR Section 2 IDs Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Both the protocol and auditor signup links in the certs overview were pointing at the same auditor form (CertsAuditor). Protocols should land on the waitlist form (CertsWaitlist) instead. Per PR security-alliance#459 review comment from DicksonWu654. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
ipatka
force-pushed
the
feedback-integration-certs
branch
from
4392da9 to
9698956
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Revise SFC certifications, add Identity & Accounts, retire Workspace Security
Mirrors the cert revisions applied in SEAL-Certs-Template (feedback-integration-1.1) into the live frameworks site, plus a few UX improvements: control IDs are now visible in the card UI, per-cert version stamps render in the page header, and a central
/certs/changelogaggregates revision history.The old SFC Workspace Security cert is retired — its crypto-relevant content (org accounts, phishing-resistant MFA, credential management, account lifecycle, takeover monitoring) is consolidated into a new horizontal SFC Identity & Accounts cert. Everything else that was in Workspace Security (device management, EDR/MDM, BYOD, physical/travel security, formal training programs, insider threat, data classification) is intentionally dropped as out of SEAL SME and better covered by ISO 27001 / SOC 2 / CIS.
Highlights
ms-2.1.2 · Contract-Level Security Controls). Data was already there; now surfaced.versionandrevisedfrontmatter fields stamp each cert; rendered inline near the title with a link to the new/certs/changelogpage.Commits
da9b0ad— Port cert revisions + createsfc-identity-accounts.mdx9fc43e7— Retire Workspace Security (delete file, sidebar, all cert-list references, build-time scripts)92740e4— Surface control IDs in the card UIf8bdd5d— Per-cert version stamps + central/certs/changelogpage9b5d72d— Regenerate build artifacts (index.mdx,fetched-tags.json)Changes by cert
SFC Multisig Operations (v1.0 → v1.1)
ms-2.1.2: "evaluate" → "implement" contract-level security controlsms-4.1.1: transaction process consolidated 8 → 5 bulletsSFC Treasury Operations (v1.0 → v1.1, 20 → 22 controls)
tro-1.1.4: "SLAs" → "timeframes"tro-2.1.1: impact thresholds reframed as example schemetro-2.1.2: renamed to "portfolio concentration limits"tro-2.1.3(NEW): per-actor and per-path exposure limitstro-3.1.1: session-timeout phrasing clarified; geo restriction clause droppedtro-3.1.2: hardware-key MFA for privileged credential access; owner/admin-isolation moved totro-3.1.5tro-3.1.5(NEW): privileged access and root account managementtro-4.1.1: trusted-parser bullet added; 8 → 5 bulletstro-4.1.2: 4 → 3 bulletstro-5.1.1: "TVL history" and "insurance coverage" dropped from baseline; exposure limits softenedtro-6.1.1: 9 → 4 bulletstro-6.1.2: 7 → 4 bulletsSFC DevOps & Infrastructure (v1.0 → v1.1, 16 → 17 controls)
di-1.1.2: supply-chain mention softened (cross-references Section 2)di-1.1.4: narrowed to the evaluation processdi-1.1.5(NEW): approved tools listdi-2.1.1: access review cadence tightened; account controls reference I&Adi-2.1.4: 6 → 3 bulletsdi-3.1.1: runner hardening bullet added; 6 → 5 bulletsdi-4.1.1: network architecture bullet added (segmentation, minimal public exposure, firewall/security group rules)di-4.1.2: account controls reference I&A; break-glass bullets consolidatedSFC DNS Registrar (v1.0 → v1.1, no count change)
dns-3.1.1: slimmed to reference SFC Identity & Accounts for account controls; DNS-specific registrar RBAC bullet retainedSFC Incident Response (v1.0 → v1.1, no count change)
ir-1.1.1: 7 → 3 bulletsir-1.1.2: 7 → 4 bulletsir-2.1.2: 8 → 4 bulletsir-5.1.1: 7 → 4 bulletsSFC Identity & Accounts (NEW, v1.0, 8 controls)
ida-1.1.1Ownerida-1.1.2Org account inventory (social media, email, SSO, registrar, custody, repo admin, cloud root, SaaS)ida-2.1.1Phishing-resistant MFA (FIDO2/WebAuthn for high-privilege; no SMS/voice as primary for high-privilege)ida-2.1.2Password manager and individual accountabilityida-2.1.3Recovery methods restricted to org channelsida-3.1.1Account lifecycle (24-hour offboarding across all org accounts; periodic reviews)ida-4.1.1Account takeover and credential exposure monitoringida-4.1.2Third-party access managementAncillary changes
vocs.config.tsx: sidebar — Workspace Security removed, Identity & Accounts added, Changelog page linkedcomponents/cert/ControlCard.tsx+control.css: control ID rendered inline with muted separatorcomponents/certified-protocols/CertifiedProtocols.tsx:certTypeToNamemap updated (sfc-idareplacessfc-ws)utils/generate-cert-data.js:CERT_ORDER— I&A in, Workspace out (powers the "Export All Certifications" xlsx on the overview page)utils/generate-printable-checklists.js:CERT_META— I&A in, Workspace out (powers the Print button per cert)docs/pages/certs/overview.mdx,docs/pages/certs/index.mdx,docs/pages/intro/overview-of-each-framework.mdx: cert lists updatedWorkbook compatibility
tro-2.1.3,tro-3.1.5,di-1.1.5, allida-*) simply won't be populated from old workbooks, which is expected.localStoragestate for Workspace Security lose that state (that cert is removed). Other certs retain state.cert-data.jsonandprintable/*.htmlare gitignored and regenerate at build time — no manual action needed on deploy.Review checklist
Related
This PR mirrors security-alliance/SEAL-Certs-Template#feedback-integration-1.1. Per-control reasoning and declined feedback items are captured there under
_feedback/review-*.md.