Cortex Engineering Platform ← Back to site

Security Overview

Cortex Engineering Platform is built for governed execution across the Automation Supply Chain, ITSM, and observability integrations. Security controls are designed so both human and AI-driven requests follow the same approvals, scope limits, and traceability — enforced through the Cortex Intelligent Policy Framework (CIPF).

Zero Trust Identity & Access

Every execution is identity-attributed, scoped, and time-bound.

  • OIDC / SAML enterprise identity federation
  • Just-In-Time (JIT) access — no standing privilege
  • Fine-grained RBAC at service and stack level
  • Multi-tenant isolation with hard security boundaries

CIPF — Policy & Guardrails

Every execution enforces policy before changes are applied.

  • OPA/Rego Policy-as-Code at every execution gate
  • Approval requirements by workflow and environment
  • Environment and tenant isolation enforcement
  • Pre-execution Terraform plan policy checks

Secrets & Credential Hardening

Zero static credential storage across all execution paths.

  • Dynamic credential issuance — short-lived per run
  • HashiCorp Vault, Akeyless, AWS/Azure/GCP KMS integration
  • Runtime secret injection — never stored in templates
  • Credential drift detection across integrated systems

Change Traceability & Audit

Every request and run is linked to change evidence.

  • Immutable execution lineage — tamper-proof audit records
  • ServiceNow RITM/CHG linkage and CMDB context injection
  • Jira issue and sprint traceability
  • Full execution log and artifact capture

Deployment Models

Deployment approach selected to meet network and compliance requirements.

  • Customer-Managed — fully in-boundary, air-gap capable
  • Hosted (SaaS/PaaS) — Cortex-managed, outbound connectors
  • Hybrid — managed control plane, isolated data plane

Compliance Posture

Designed for regulated environments from the architecture up.

  • FedRAMP, HIPAA, PCI-DSS compliance pack support
  • CIS benchmark automation workflows
  • CNAPP posture validation and evidence collection
  • Private AI deployment options for sovereign environments

This page is a high-level summary. For architecture details, CIPF control mapping, and implementation guidance, request a security briefing with the Amplify Federal team.

Request security briefing