Knox is the immutable audit and compliance backbone powering all Bonis Systems products. Every transaction, deal match, and AI decision is cryptographically hashed (SHA-256) and recorded on-chain.
| Phase | Technology | Status | Description |
|---|---|---|---|
| Phase 1 | Local Chain (SQLite + SHA-256) | DEPLOYED | Immutable append-only ledger with cryptographic hash chaining. Every block references prior block hash. |
| Phase 2 | Google Blockchain Node Engine | READY | Enterprise-grade managed blockchain nodes on Google Cloud. Hyperledger Fabric integration point. |
| Phase 3 | Hyperledger Fabric | PLANNED | Permissioned enterprise blockchain with smart contracts for multi-party deal verification and federal audit trails. |
26 security controls mapped to DealMatcher's AI deal-matching and procurement platform. Each control is implemented or scheduled for implementation.
| Control ID | Control Name | Implementation |
|---|---|---|
| AC-2 | Account Management | Role-based accounts (admin, investor, vendor) with approval workflows |
| AC-3 | Access Enforcement | JWT authentication with role-based API route guards |
| AC-6 | Least Privilege | API endpoints scoped to user role; admin routes require admin JWT claim |
| AC-7 | Unsuccessful Logon Attempts | Rate limiting on auth endpoints; lockout after repeated failures |
| AC-17 | Remote Access | TLS 1.3 enforced on all connections; HTTPS-only in production |
| AU-2 | Event Logging | Knox Blockchain records all deal matches, AI decisions, and user actions |
| AU-3 | Content of Audit Records | Each Knox block contains timestamp, action type, actor ID, SHA-256 hash, and parent hash |
| AU-6 | Audit Record Review | Admin dashboard with filterable audit log; exportable for federal review |
| AU-9 | Protection of Audit Info | Knox ledger is append-only; blocks cannot be modified or deleted |
| AU-11 | Audit Record Retention | All Knox blocks retained indefinitely; 7-year minimum for federal compliance |
| IA-2 | User Identification | Unique user IDs with email verification; bcrypt password hashing |
| IA-5 | Authenticator Management | bcrypt (12 rounds) password storage; no plaintext credentials |
| IA-8 | Non-Org User ID | External vendor/investor accounts with UEI and SAM.gov cross-reference |
| SC-8 | Transmission Confidentiality | TLS 1.3 for all data in transit; HSTS headers enforced |
| SC-12 | Cryptographic Key Management | Environment-variable key storage; no keys in source code |
| SC-13 | Cryptographic Protection | SHA-256 for Knox hashing; bcrypt for passwords; AES-256 for data at rest |
| SC-28 | Protection of Info at Rest | Encrypted database storage; sensitive fields encrypted at application layer |
| CM-2 | Baseline Configuration | Docker containerized deployments; Cloud Run managed infrastructure |
| CM-6 | Configuration Settings | Environment-based configuration; no hardcoded secrets; .env separation |
| CM-8 | System Component Inventory | Package.json dependency tracking; automated vulnerability scanning |
| RA-5 | Vulnerability Monitoring | npm audit on CI/CD; dependency version pinning |
| SI-2 | Flaw Remediation | Automated CI/CD pipeline with pre-deploy security checks |
| SI-4 | System Monitoring | Cloud Run metrics; application-level health checks at /api/health |
| SI-10 | Information Input Validation | Server-side input validation on all API endpoints; SQL injection prevention via parameterized queries |
| PL-2 | Security Plans | This compliance document; BAA template; capability statement maintained |
| PS-6 | Access Agreements | BAA required for all business associates handling deal data |
Three production platforms powered by Knox Blockchain, each with full audit trail and federal compliance capability.
AI-powered deal matching and procurement platform with Bruce AI agent. Matches investors to commercial opportunities using machine learning scoring, SAM.gov verification, and Knox audit trails.
HIPAA-compliant health management platform with AI-powered care coordination. 60+ AI tools, smart forms, Rx scanning, and PHI scrubbing. Knox blockchain for audit compliance.
B2B hemp and cannabis marketplace with seed-to-sale tracking, Metrc/BioTrack integration, Cannaverse 3D experience, and Knox blockchain for compliance chain-of-custody.
© 2026 Bonis Systems LLC. All rights reserved. This document is provided for federal compliance review purposes.
Generated: