Aerospace & Defense · the same standard, extended
The accountability standard, read in aerospace & defense.
Configuration, maintenance, and controlled-information records that are tamper-evident by construction — provable to the FAA, DCMA, or a prime without trusting the contractor's word. Instantiated for CMMC / DFARS and airworthiness records. The eight axes never change; only what they mean here does.
Don't trust us — the integrity of this page is recomputable in your own browser
Patent-pending — U.S. Provisional 63/921,717
For aerospace & defense
Who it's for, what it promises, how it's proven.
How it works
From a record to a proof, in four moves.
The mechanism is the same for every record and every access. Nothing here asks you to trust a vendor's word — the last step is something you do yourself.
The record is written
A record (or an edit to one) is committed and bound into an append-only chain — sensitive fields encrypted at the record.
Every access is stamped
Each read or change becomes a WORM event — who, what, when — that nobody can quietly remove or rewrite after the fact.
Access is gated
A person authenticates with a phishing-resistant passkey; access is least-privilege and the access itself is recorded.
You recompute the proof
Open the verifier and recompute the hash yourself. If the record changed, the hash changes — integrity resolves to math, in your browser.
One framework · eight axes
The eight axes — read in aerospace & defense.
The canonical axis codes, names, and roles are frozen by the engine and shown unchanged. Only the gloss — what the axis means in aerospace & defense — is specific to this domain. No axis is relabeled; no named entity is measured.
PO · Physical & Outdoor
Somatic foundation
Production & airworthiness foundation — manufacturing, sustainment, and the soundness of the airworthiness record.
NM · Nutritional & Metabolic
Somatic foundation
Program & supply intake — contracts, funding, and the qualified supply chain that feeds programs.
ER · Emotional & Relational
Resilience wing
Customer, prime & warfighter trust — relationships with the customer, primes, and the mission served.
SC · Social & Communal
Spirit term
Program & sector standing — coherence with DoD / FAA, primes, and the defense-industrial base.
RS · Religious & Spiritual
Resilience wing
Mission & export-control adherence — fidelity to ITAR / EAR, the safety duty, and program integrity.
ES · Environmental Stewardship
Environment term
Controlled-information & configuration stewardship — custody of CUI, ITAR data, and configuration records.
TA · Technological & Adaptive
Technology term
Systems & security modernization — CMMC controls, secure tooling, and adaptive engineering systems.
PV · Purposeful & Vocational
Purpose exponent
Clearance & vocational fitness — facility clearance, certifications, and fitness for the mission.
The composite is multiplicative — you can't paper over a missing pillar to lift the score — and the consistency exponent rewards steadiness across all eight. See the canonical eight axes →
Engineered for the rules, not badged against them
How the standard maps to DFARS / NIST 800-171 / CMMC.
We don't ask you to take a certificate on faith — a logo on a page proves nothing you can check. Each obligation maps to a mechanism you can inspect or recompute — the difference between asserting compliance and demonstrating it.
| Obligation | How the standard satisfies it | Status |
|---|---|---|
NIST 800-171 · 3.3Audit & accountability |
Every access is an append-only, chain-stamped WORM event — who, what, when — that no one can quietly remove. | Built |
NIST 800-171 · 3.1Access control |
Least-privilege access, and every access recorded to the audit chain — enforced and observable, not just configured. | Built |
NIST 800-171 · 3.5Identification & authentication |
WebAuthn passkey sign-in — phishing-resistant, with no shared secret to steal or replay. | Built |
NIST 800-171 · 3.13System & communications protection |
Records move only inside an authenticated, encrypted transport — TLS at the edge, sealed-header frames between internal nodes. | Built |
ITAR · 22 CFR §120–130Controlled technical-data custody |
End-to-end provenance — each step is a chained leaf, so chain-of-custody is reconstructable and tamper-evident from creation onward. | Built |
DFARS 252.204-7012(c)72-hour cyber-incident reporting |
Because the access and event log is tamper-evident, the scope of an incident is reconstructable and provable — a defensible basis for an accurate notification. | Built |
DFARS 252.204-7012 / CMMC L2Assessment & affirmation |
Mechanism mapping to the 800-171 controls; a CMMC assessment is performed by a third party (C3PAO) — our stance is verifiable evidence, not a logo. | Roadmap |
Status is honest. Each row is Built (the mechanism exists in the gold stack) or Roadmap (the Aerospace / Defense-specific instantiation is planned). Medicine is the one live, shipped domain today. This maps mechanism to obligation — it is not a claim of certification, because the standard is to prove integrity, not badge it.
Same engine · illustrative archetype
An illustrative aerospace & defense archetype, scored by the same engine.
Illustrative profile: a contractor with strong mission discipline and configuration control, maturing its CMMC posture and tamper-evident record-keeping.
These are illustrative inputs — not a measurement of any named entity. Feed them through the same public compute() on The Standard page, change any slider, and recompute it yourself.
What you get
The standard, in your hands.
- The accountability score — your eight axes scored by the public engine, recomputable by anyone.
- The tamper-evident record — records and access history on an append-only chain.
- The in-browser verifier — recompute any record's integrity yourself, no trust required.
- A verifiable export — a portable, independently-checkable account of who-saw-what, when.
- Encrypted data at rest — field-level AES-256-GCM on sensitive fields (rolling in).
- A standard, not a lock-in — the proof is open math you can run even if you leave.
Questions a CMMC lead and an export officer ask first.
Do you handle CUI / ITAR data, and where does it reside?
Data residency, US-person access, and the controlled boundary are the first part of any conversation — least-privilege access is enforced and every access recorded. Talk to us about your boundary before any data moves.
How does this fit with my PLM / configuration-management system?
It adds tamper-evident provenance over your configuration and airworthiness records, not a replacement. Tell us your systems.
If you go away, can a prime still verify our records?
Yes. Integrity is open math over an append-only chain — a prime or the government can re-verify independently of us.
What's live today versus on the roadmap?
Medicine is the live, shipped anchor. For aerospace & defense the core 800-171 mechanisms are Built; CMMC assessment is Roadmap.
Why one framework covers it
The same formula, the same chain, the same verifier.
Accountability has the same shape in aerospace & defense as anywhere else: a foundation, the relationships built on it, the capability to adapt, and the consistency to sustain it. The proof is identical — and it resolves to math, not to our word.
One formula over eight axes
The composite is multiplicative and the consistency exponent rewards steadiness — so you can't fake a missing pillar to lift your standing. The same engine that scores every domain.
One append-only chain
The record — and every access to it — sits on a chain where nobody can quietly rewrite the past. Tamper-evident by construction, not by promise.
One verifier anyone can run
Don't trust us — recompute the chain in your own browser. Every domain runs the exact same proof. Open the verifier →
Looking for another regulated world? The same standard reads in all ten domains. Medicine is the one that is live and shipped today — see the live anchor →