What is CSA STAR Level 1 certification?

CSA STAR Level 1 is a self-assessment certification from the Cloud Security Alliance that documents security controls across the CSA Cloud Controls Matrix (CCM). CUI Labs is registered in the CSA STAR Registry at Level 1, demonstrating our commitment to transparency and industry-standard security practices.

What ISO certifications is CUI Labs pursuing?

CUI Labs is preparing for ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 9001 (Quality Management), ISO 14001 (Environmental Management), and ISO 45001 (Occupational Health & Safety) certifications. Formal certification processes are scheduled to commence Q2 2026, subject to funding and customer acquisition milestones. These are not yet certified.

How does CUI Labs ensure compliance with MAS TRM, MiCA, and DORA?

CUI Labs is built for regulatory compliance from day one. Our architecture includes forensic-grade audit trails, automated compliance reporting, sovereign deployment models, and evidence-grade telemetry designed specifically for MAS TRM, MiCA, DORA, FATF, GDPR, CNSA 2.0, and FIPS 140-3 requirements.

Can I request compliance evidence and audit artifacts?

Yes. CUI Labs provides control mappings, technical artifacts, operational runbooks, and audit trails to qualified enterprise buyers under NDA. Contact us to request an evidence package tailored to your deployment scope. Performance metrics in documentation represent design targets and are subject to operational conditions.

Security & Certifications

Back to Trust Hub

CSA STAR Level 1 certified with ISO track in progress

Detailed certification roadmap, security framework, compliance artifacts, and evidence packages. Part of the comprehensive Trust Hub covering security, compliance, privacy, policies, and customer enablement.

CSA STAR Level 1 Certified

CUI Labs is registered in the Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) Registry at Level 1 (Self-Assessment).

Our STAR submission documents security controls across the CSA Cloud Controls Matrix (CCM) v4.1.0, demonstrating our commitment to transparency and industry-standard security practices for cloud-based services.

View STAR Registry Listing

Listed Since: 02/23/2026 • Last Updated: 02/23/2026

Third-Party Certification Track

Moving beyond self-attestations toward independent, audited assurance. CUI Labs is preparing for ISO certification across five management systems, with formal processes scheduled to commence Q2 2026 subject to funding and customer acquisition milestones.

Q2 2026

Certification Track Initiation

Planned kickoff of ISO 27001, 22301, 9001, 14001, 45001 certification processes (subject to funding, customer acquisition, and certification body availability)

Gap Analysis & Remediation

Control mapping, policy documentation, and management system process alignment

Stage 1 Audit (Documentation Review)

Independent auditor reviews management systems and documentation

Stage 2 Audit (Implementation Review)

On-site verification of control implementation and effectiveness

Certification Issuance

Accredited certification body issues ISO certificates

ISO Management Systems in Scope

ISO 27001

Information Security Management System

Systematic approach to managing sensitive information with risk-based controls

Scope: All CUI Labs systems, data, and operations

ISO 22301

Business Continuity Management System

Framework for preventing, preparing for, responding to, and recovering from disruptions

Scope: Critical infrastructure and service delivery

ISO 9001

Quality Management System

Consistent delivery of products and services that meet customer and regulatory requirements

Scope: Software development and delivery processes

ISO 14001

Environmental Management System

Systematic approach to managing environmental responsibilities

Scope: Operational footprint and supply chain

ISO 45001

Occupational Health & Safety Management System

Framework for improving employee safety, reducing workplace risks

Scope: Team operations and facilities

Important: CUI Labs does not represent any ISO standard as certified until certificates are issued by an accredited certification body. The certification process is ongoing and subject to independent audit outcomes.

Certification Disclaimer: ISO certification processes are subject to independent third-party audit schedules, certification body availability, and successful completion of all audit stages. Timelines may be affected by external factors including regulatory changes, certification body capacity, and audit findings. No ISO standard is represented as certified until official certificates are issued by an accredited certification body.

Security & Compliance Framework

Production-grade security controls and compliance mappings designed for regulated environments.

Quantum Threat Model v2.0

Comprehensive threat modeling aligned with NIST PQC standards and CRQC timeline assumptions.

4 attacker classes: Script Kiddie → Nation-State with CRQC
HNDL (Harvest Now, Decrypt Later) timeline modeling
15+ security controls mapped to specific threats
Legacy migration milestones with staged classical deprecation

Cryptographic Attestation

Forensic-grade cryptographic evidence with NIST algorithm lifecycle tracking.

NIST algorithm registry with lifecycle status
CBOM (Cryptographic Bill of Materials) export
Automated CNSA 2.0 and FIPS 140-3 compliance checks
Machine-verifiable compliance snapshots with PQC signatures

Cryptographic Policy Engine

Tenant-configurable PQC enforcement with algorithm allowlists and HSM requirements.

KEM: ML-KEM-512/768/1024
Signatures: ML-DSA, Falcon-512/1024, SLH-DSA
4 policy tiers: Default → Government/Defense
HSM-enforced root key protection

Key Compromise Response

Automated incident response for suspected or confirmed key compromises.

5-step remediation: record → rotate → rewrap → revoke → audit
Automatic capability token revocation
Sub-10s response target for critical incidents (subject to network conditions)
Correlation tracking across services

Regulatory Framework Alignment

MAS TRM

Monetary Authority of Singapore Technology Risk Management

MiCA

Markets in Crypto-Assets Regulation (EU)

DORA

Digital Operational Resilience Act (EU)

FATF

Financial Action Task Force AML/CFT Standards

GDPR

General Data Protection Regulation (EU)

CNSA 2.0

Commercial National Security Algorithm Suite

FIPS 140-3

Federal Information Processing Standard (Cryptographic Modules)

Evidence & Compliance Artifacts

We organize and provide evidence in layers for institutional due diligence and regulatory inquiries.

Control Mappings

ISO 27001 Annex A control mapping (available under NDA)
NIST Cybersecurity Framework (CSF) 2.0 mapping (available under NDA)
CIS Controls v8 coverage mapping (available under NDA)
Control-to-evidence register tailored to your deployment scope

Technical Artifacts

Architecture diagrams (network, data flow, trust boundaries)
CBOM (Cryptographic Bill of Materials) exports
Telemetry samples (OpenTelemetry traces, metrics, logs)
PQC algorithm lifecycle tracking reports

Operational Runbooks

Incident response procedures (detection → containment → recovery)
Disaster recovery and business continuity plans
Change management workflows with approval gates
Key compromise response playbooks (5-step remediation, target response times subject to conditions)

Audit Trails

Merkle-anchored audit logs (tamper-evident)
Policy decision records with cryptographic attestation
Access control logs (who, what, when, why)
Configuration change history with rollback capability

Requesting Compliance Evidence

If you are conducting due diligence or regulatory review, we can provide relevant materials under NDA and scope.

Initial Contact

Reach out with your scope and timeline

NDA & Scoping

Execute NDA and define evidence requirements

Secure Delivery

Access artifacts via secure data room

Request Evidence Package

Regulatory Timeline & Mandates

CUI Labs is engineered to meet upcoming regulatory deadlines, not react to them. Our PQC-native architecture and compliance-first design position us ahead of the regulatory curve.

Hover or click nodes to explore regulatory connections • Lines show framework relationships

PQC

Post-Quantum Cryptography

5 regulations

Digital Assets

Digital Assets & Blockchain

4 regulations

Financial

Financial Resilience

3 regulations

AI Governance

3 regulations

Data

Data Sovereignty & Privacy

3 regulations

Why CUI Labs for Regulated Environments

We don't retrofit compliance. We architect systems that must not fail in adversarial, regulated, and mission-critical contexts.

Built for adversaries, not convenience

Defense-in-depth architecture assuming breach. Least-privilege access, zero-trust networking, and cryptographic attestation at every layer.

Evidence-grade telemetry by default

OpenTelemetry instrumentation with Merkle-anchored audit trails. Every workflow emits forensic-grade artifacts for compliance and incident response.

Sovereign deployment models

Air-gapped, on-prem, and private cloud options with customer-controlled HSMs. No vendor lock-in, no data exfiltration, no compliance compromises.

PQC-native from day one

NIST-finalized post-quantum cryptography (ML-KEM, ML-DSA, SLH-DSA) in production. CNSA 2.0 compliant with automated algorithm lifecycle management.

Explore the Technology Stack

Regulatory Compliance Disclaimer: Regulatory frameworks (MAS TRM, MiCA, DORA, FATF, GDPR, CNSA 2.0) are subject to ongoing interpretation, updates, and jurisdictional variations. Compliance alignment is based on current understanding of published regulations and may require adjustment as regulatory guidance evolves. CUI Labs maintains ongoing monitoring of regulatory developments and adapts controls accordingly.