Reports · ComplianceAuditor download bundle /ZIP with chain-of-custody hash

Evidence Pack

Build New Evidence Pack

Framework

Reporting Period

Options

Include audit log (I12) — who-touched-what during the period

Bundle Preview

Select a framework to preview the bundle.

Pick a framework and period before building.

Recent Builds · 0

Loading builds…

Chain of Custody — What's Inside the ZIP

manifest.jsonBundle metadata + per-file SHA-256 hashes

controls.jsonFull control list for the selected framework + period

evidence/<framework>_<control_id>.jsonPer-control evidence files referenced from manifest

audit-log.csvWho-touched-what during the period (optional, I12)

Chain-of-Custody HashThe top-level bundle_sha256 is computed over the entire .zip file bytes (and exposed on the X-Bundle-SHA256 response header). To verify integrity after download, run sha256sum evidence-pack.zip (or shasum -a 256 on macOS) and compare the result to the SHA-256 shown in the Recent Builds table. The inner manifest.json additionally lists per-file SHA-256 hashes for finer-grained verification of any single control or evidence file inside the bundle.