Purpose
Evidence-led procurement is the standard for UK public-sector AI acquisition. This index maps every named DEFONEOS artefact to a procurement question, a verification command, and the SIGIL receipt that anchors it. Defence and civil-service buyers can verify claims byte-by-byte using sha256sum, curl, and the public SIGIL ledger.
1. Compliance domain (10 evidence classes)
| Class | Framework | Coverage |
|---|---|---|
| C-01 | NCSC SC-01 CAF v3.1 | 14/14 controls |
| C-02 | DSP SC2 supplier | 9/9 controls |
| C-03 | UK GDPR Article 28 | 7/7 obligations |
| C-04 | UK GDPR Article 32 | 7/7 obligations |
| C-05 | DPA 2018 Schedule 21 | 5/5 breach notification |
| C-06 | EU AI Act Article 9 | 5/5 risk management |
| C-07 | EU AI Act Article 50 | Transparent disclosure boundary |
| C-08 | ISO/IEC 27001:2022 | 93/93 Annex A |
| C-09 | ISO/IEC 42001:2023 | 134/134 AIMS |
| C-10 | JSP 936 (AI assurance) | Built-in generator |
2. Security domain (8 evidence classes)
| Class | Capability | Verification |
|---|---|---|
| S-01 | Identity attestation (Ed25519 + BFT) | identity-attestation-spec |
| S-02 | Supply-chain integrity (7 layers) | supply-chain-integrity-scan |
| S-03 | BFT quorum cryptography (BLS12-381) | bft-quorum-cryptography-spec |
| S-04 | TLS pinning (Ed25519-only + HPKE) | tls-pinning-spec |
| S-05 | CSP bypass prevention | csp-bypass-prevention-spec |
| S-06 | Incident response (SEV1-SEV4) | ir-runbook |
| S-07 | Prompt-injection defence (7 layers) | prompt-injection-defense-spec |
| S-08 | Rate limiting / DoS defence (5-tier) | rate-limiting-dos-defense |
3. Sovereignty domain (3 evidence classes)
- SV-01 — UK-Only Compute: multi-region-replication-spec · 5 UK regions · no US/eu inference path · enforcer: BFT 23/33
- SV-02 — Data Escrow: data-escrow-protocol · 7-layer custody · Shamir 3-share · cryptographic destruction · 4-eyes release
- SV-03 — Section 7 OSA + AUKUS-compatible: aukus-pillar-2-explainer · 57.5% Pillar II annex coverage · no fifth-eye dependency · no ITAR shadow-rule
4. Operations domain (4 evidence classes)
| Class | Capability | Specification |
|---|---|---|
| O-01 | MCP federation (30 MCPs, 3 rings) | mcp-federation-architecture |
| O-02 | Multi-region replication (5 UK regions) | multi-region-replication-spec |
| O-03 | Secrets rotation (zero-downtime, Shamir) | secrets-rotation-spec |
| O-04 | MCP admission control (9-point) | admission-control-checklist |
5. Business / commercial domain (3 evidence classes)
- B-01 — Pricing: defoneos-pricing · Platform £180k/yr · Deployment £60k · SEAL £12k
- B-02 — ROI / Green Book CBA: pilot-roi-model · NPV £11.2M · BCR 9.5× · 10000-iter Monte Carlo
- B-03 — Procurement pipeline: procurement-tracker · £24.7M active pipeline · 9 named Tier-1 bids
6. Verification schema
Each evidence artefact is anchored to a SIGIL receipt. The canonical verification chain is:
curl -sL https://www.csoai.org/<page>.html | shasum -a 256 curl -sL https://www.csoai.org/tick-111-sigil.json | jq .care_score
A passing probe returns: (1) HTTP 200 · (2) non-zero body · (3) SHA-256 matching the local cache · (4) care_score ≥ 0.85 in the SIGIL receipt.
7. Live posture (16 Jul 2026)
- Active MCPs: 30/30 preserved
- Live pages: 539 (after tick-111; baseline 500+ plus tick-110/111 bundles)
- P0 repos: 15/15 preserved
- SIGIL receipts: tick-109 + tick-110 + tick-111 live and byte-verified
- Red-line violations: 0
- Care score: 0.96 (rolling)