Skip to content

2. Guides

Task-oriented how-tos. Each page solves a specific operational need.

Pages in this section

  • Run gap analysis — full CLI walkthrough: catalog selection, evidence-dir conventions, output formats, framework crosswalks, partial-coverage handling, faithfulness threshold.

  • Ingest OCSF — ingest OCSF Detection Finding output from Prowler / AWS Security Hub / etc.; the --block-private-ips SSRF mitigation; the v0.10.1 trust-unmapped contract.

  • Emit SARIF — SARIF 2.1.0 output for CI gates; GitHub Code Scanning ingestion; severity mapping rationale.

  • Emit OCSF Detection — OCSF Detection Finding class_uid 2004 emit; SIEM ingestion; sample queries.

  • Emit CycloneDX VEX — CycloneDX 1.6 VEX statements; supply-chain composition with the release-time SBOM via standard CycloneDX merge.

  • Manage POA&M — POA&M data model + 5-state lifecycle; CLI verbs; OSCAL POA&M emit; integration patterns (Jira, ServiceNow, etc.).

  • Generate and quantify risk — qualitative NIST SP 800-30 risk statements (LLM-backed) + deterministic FAIR / Monte-Carlo quantification (risk generate / risk quantify).

  • Explain a control — stream a plain-English explanation of any control (what it means, why it matters, what to do) in the web console; LLM-backed with on-disk caching (explain).

  • Manage third-party risk — vendor inventory, concentration-risk reporting, and CAIQ / SIG due-diligence questionnaires (tprm), plus the in-browser TPRM screen for browsing, filtering, and adding vendors.

  • Manage model risk — SR 11-7 / OCC 2026-13a model inventory, model documentation, and validation reports (model-risk).

  • Governance metrics and workflows — KRI / KPI / KGI metrics, Effective Challenge, Three-Lines reporting, and process-as-code workflows (governance).

  • AI governance — EU AI Act risk-tier classification + NIST AI RMF system inventory, FIPS-199 + OMB impact leveling (ai-gov).

  • CONMON deployment — CONMON cadence library + CLI; 7 bundled federal cadences; daemon vs read-only deployment patterns.

  • Sign and verify evidence — signing + verifying evidence and MCP tool output (SignedToolOutput Sigstore keyless) and OSCAL documents (GPG detached); the verification recipe; the append-only / WORM evidence store. (CIMD is the separate OAuth client-scope mechanism, not a signing primitive.)

  • Air-gapped install — wheelhouse pattern + offline catalog updates; GPG-only fallback for environments without Sigstore reach.

  • CI integration — GitHub Actions sample workflow (gap analysis on PR + SARIF upload); GitLab CI sample; Jenkins sample.

  • OSPS self-assessment — walk through OSPS-CONFORMANCE.md + the verify-osps-conformance.yml CI gate; how to fork the pattern for your own project.

  • MCP client setup — run the Evidentia MCP server and wire its 13 tools into Claude Desktop / Claude Code / Cursor (mcp).

  • Serve the web UI — launch the local browser UI for gap analysis + the 8-format gap-export control (evidentia serve).

  • Run evidence collectors — gather findings from AWS, GitHub, Okta, SQL databases, Snowflake, and more (collect); credentials stay server-side, with the --block-private-ips SSRF guard and the console's auth-gated run buttons.

  • Browse and manage catalogs — list, inspect, crosswalk, import, and remove framework catalogs (catalog); the bundled-vs-user-imported split and per-catalog license tiers.

  • Track evidence lineage — append-only, WORM-enforced evidence-artifact versioning (evidence save / history / show); distinct from the signing chain.

  • Manage audit retention — per-record retention metadata, the WORM extend-only lock, legal holds, and the active → preserved → expired → purged lifecycle (retention).

  • Emit a traceability matrix — emit a signed OSCAL Profile mapping controls to threats (traceability emit); plus the read-only console view.

  • Push to integrations — push gaps to Jira / ServiceNow and publish to Tableau / Power BI (integrations); credentials server-side, with an external-push confirmation step.

How to use this section

Jump directly to the page that solves your problem. Each guide is self-contained; cross-references to Concepts point at the "why" if you need depth.

All twenty-five guide pages above are live. New guides land here as new operational surfaces ship; see the ROADMAP for the forward cadence.