Reporting routes
CISA, FBI, IC3, local law-enforcement, regulator, and legal/privacy review routes must be visible before any future report-assistance feature exists.
Reporting Routes and Closed Response Authority
Incident reporting and response boundary
Latticra records incident reporting vocabulary, evidence-preservation expectations, and future response gates. It does not monitor systems, detect compromises, collect forensic artifacts, contact agencies, notify customers, recover systems, or provide incident-response services.
Current Rule
Reporting awareness is not response authority.
The baseline documents how future Latticra work should talk about vulnerability reports, suspected compromise triage, ransomware and data-extortion reporting paths, evidence preservation, communications routing, and public non-claims. It keeps all response effects closed until separate operator-approved contracts and evidence exist.
Incident classification
Incident kind, asset scope, data sensitivity, reporting owner, and operator authorization must be known before action is even considered.
Evidence preservation
Evidence, volatile-evidence decisions, chain-of-custody expectations, and out-of-band communications must be recorded before response claims.
Response gate
Host isolation, forensic collection, credential rotation, reporting submission, notification, restoration, and artifact deletion remain denied.
Current Snapshot
The baseline is present, but response behavior is zero.
These fields should be read as an incident-response non-claim: Latticra has records and guardrails, not operational response capability.
Response Gate
No future response request can act without a complete gate.
Operator confirmation may be recorded as metadata in a later system, but it cannot override a denied response effect. Any real reporting or response path needs policy decision visibility, denial reason reporting, an audit record, and legal/privacy review prompts before promotion.
Present now
Reporting-route vocabulary, response-gate fields, status record, guard script, public non-claims, and source references for CISA, FBI, IC3, and joint ransomware guidance.
Required before assistance
Reporting subject, incident class, affected asset, affected data sensitivity, operator authorization, organizational reporting owner, route visibility, and legal/privacy review prompts.
Denied now
Host isolation, forensic collection, credential rotation, system restore, federal report submission, law-enforcement contact, customer notification, breach notification, ransomware payment decision support, indicator publication, and artifact deletion.
Closed Effects
The baseline names response work so it cannot appear by implication.
Incident-related wording is guarded because it sits next to high-risk operational, legal, and privacy boundaries. A visible denial is better than an implied capability.
Reporting routes
Future interfaces may display reporting-route prompts only after source, ownership, authorization, and legal/privacy boundaries are explicit.
Forensic behavior
Latticra does not collect volatile evidence, acquire artifacts, preserve chain of custody, image systems, or perform forensic analysis.
External contact
Latticra does not submit reports, contact agencies, notify customers, publish indicators, or speak for an operator or organization.
Recovery behavior
Latticra does not isolate hosts, rotate credentials, restore systems, delete artifacts, make ransomware payment decisions, or provide recovery services.
Local Commands
Validate the reporting boundary without doing response work.
These checks validate records and public-entry alignment only. They do not monitor, investigate, report, notify, contact, collect, contain, restore, or delete anything.
Incident baseline
sh scripts/test-cyber-incident-reporting-response-baseline.shRelease gate context
sh scripts/test-supply-chain-security-baseline.shRuntime authority context
sh scripts/test-zero-trust-runtime-authority-baseline.shSource Records
Use exact records before repeating incident-response wording.
Incident reporting baselineReporting routes, evidence preservation, response gate, and incident-response non-claims.
Incident reporting statusStatus fields and expected guard output for the reporting and response baseline.
Security policyPrivate reporting expectations, safe testing, scope, and project security non-claims.
Security overviewSafe testing, effect gates, runtime boundary, and security non-claims.
High-assurance baselineSource-tracked security posture and future control allocation.
Zero-trust runtime authority baselinePer-request authority prerequisites and closed runtime effects.
Supply-chain baselineCI, dependency, SBOM, release, and update-lane security gates.
Supply-chain gatesReader-facing release authority and update-delivery blockers.
Security logging and monitoringEvent-source inventory, audit events, retention, detection triage, and incident handoff non-claims.
Backup and recovery resilienceRecovery prioritization, restore testing, rollback planning, incident handoff, and no recovery-service claims.
Network exposure and remote accessRemote access, RMM inventory, network flow visibility, incident handoff, and no remote administration claims.
Data classification and protectionPII review, data extortion context, incident handoff, breach-notification non-claims, and redaction gates.
Vulnerability management gateKEV/NVD review, disclosure paths, exception records, release blocking, and product-security non-claims.
Threat-model validationDefensive threat model validation posture and refinement inputs.
Non-claimsUnsupported security, OS, hardware, incident-response, and production-readiness claims.
Evidence modelPromotion levels, public claim boundaries, and exact source records.
Status indexDetailed status records and current public status navigation.