Solutions

Regulated ops & change control

KCS provides procurement‑grade, offline‑verifiable conformance artifacts for release, policy, and evidence bundles — with pinned trust anchors and signed checksums.

Procurement‑gradePinned fingerprintsSigned checksums
Open DSSE viewer Download Ticket Pack Verify offline

Expected outputs: PASS (verifiable), FAIL (mismatch), HOLD (missing evidence/signatures; fail‑closed).

RisksTop 5

What can go wrong

  • Release integrity cannot be verified (or depends on vendor dashboards).
  • Supply chain drift: dependencies or artifacts change between approval and deployment.
  • Silent key rotation or unpinned trust anchors break diligence and audit trails.
  • Artifacts exist but are not discoverable (reviewers miss the authoritative pointers).
  • Audit cannot reproduce PASS/FAIL/HOLD outcomes offline.
ReceiptsTicket‑ready

What reviewers attach

  • 1 URL (DSSE)/.well-known/mvg-procurement-ticket-pack.dsse.json.
  • 1 ZIP — Ticket Pack (offline verifier kit + receipts).
  • Site release receiptssigned site release pointers (verifier UI integrity).
  • Identity receiptsCompany (KYB) + Governance.
  • Transparency — append‑only log + inclusion proof pointers.
Open DSSE viewer Site release integrity

Where MVG gates

1VERIFY

Verify release artifacts

Signed manifests + pinned fingerprints; mismatches escalate immediately (FAIL/HOLD).

2PERMIT

Change approval as a receipt

Approvals are expressed as portable receipts (not screenshots), and can be replayed.

3GATE

Fail‑closed promotion

If signatures/pointers are missing, promotion must HOLD until evidence is complete.

ReferencesPublic‑safe

Standards & papers

Canonical pointers live on the standards surface; immutable deposits on Zenodo.

KCS — DOI 18623859 KCS spec (PDF) Kingdom RFC lineage — DOI 18236114
All solutions Executive briefing