Natalia On-Premise Security

Architecture designed to pass a fast CISO audit in Strict mode. NIST SP 800-53 / ISO 27001 / ANSSI referenced.

✅ No outbound connectivity (Strict mode) ✅ GDPR by design ✅ Cryptographic pseudonymization ✅ Immutable audit log ✅ RBAC (4 roles) ✅ At-rest + in-transit encryption ⏳ SOC 2 (roadmap) ⏳ ISO 27001 (roadmap)

3 contractual modes — summary

Security guarantees depend on the contractual mode selected at installation. Full reference: contractual modes matrix.

Disconnected architecture (Strict mode)

  • No outbound connectivity required for nominal operation.
  • Data processed and stored exclusively on your infrastructure.
  • Local logs only.
  • No Natalia sub-processor.
  • No GDPR art.28 DPA to sign.

Encryption

At-rest

Industry-standard encryption (NIST SP 800-175B algorithms) applied to configuration and datastore on the appliance.

In-transit

TLS 1.2+, customer-provided or self-signed certificates for the local web UI.

PII pseudonymization

Cryptographic pseudonymization at column level for phone numbers, with per-tenant salted derivation.

RBAC — 4 roles

Viewer

Read-only analytics dashboard.

Admin

Configuration, export, and audited "phone reveal" procedure.

Auditor

Read-only access to audit log + reveal log.

Integrator

License management. No CDR access.

Authentication & failed-login handling

Authentication is local. Failed logins are surfaced explicitly to the operator, throttled at the source, and recorded as a discrete event in the audit log so an Auditor can review them later.

  • Strong password hashing (Argon2id, OWASP 2025 parameters).
  • Rate-limited login attempts with exponential backoff.
  • No silent failure: each error is visible to the operator and audited.
Administrator login screen showing an incorrect-password error message
Failed login is explicit and the corresponding event is added to the audit log.

Immutable audit log

  • Every sensitive action is logged with a signed timestamp.
  • Cryptographic integrity verification via hash chain.
  • CSV export to your SIEM (Splunk, ELK, Graylog).
  • Configurable retention (default: 13 months).

License & integrity verification

  • Local cryptographic license verification (Ed25519, NIST FIPS 186-5).
  • No network communication required for validation.
  • Post-expiry grace period (preventive alert before lockout).
  • Clock-tampering / rollback detection.

VM hardening

  • Minimalist hardened VM image (CIS Benchmark Level 1).
  • Process confinement (NoNewPrivileges, ProtectSystem=strict, RestrictSUIDSGID).
  • No user shell, administration via serial console + web UI.

Reversibility / portability

  • Standard CDR export (CSV, JSON).
  • Standard SQL dump.
  • Portable OVA across hypervisors.

GDPR art.17 — right to erasure

  • Selective erasure procedure by extension (cascading on all associated CDRs).
  • Erasure certificate issued.

RFP appendix

  • Pre-filled CISO questionnaire (on request under NDA, CAIQ-Lite / SIG-Lite format).
  • Editor letter (CVE disclosure commitment, security support, CycloneDX SBOM on request).
  • Frameworks: NIST SP 800-53 Rev.5 (AC/AU/SC/IR), ISO 27001:2022 Annex A, ANSSI hygiene guide.

Last updated :

Suggest an edit