Standards & compliance, control by control. live
DAIT is engineered to enterprise security standards from genesis. This page tracks every control DAIT implements, the standards it maps to, and where DAIT exceeds the baseline.
What this page is not. A formal certification. DAIT is built to SOC 2 / ISO 27001 / PCI-DSS standards but has not yet completed external audits. The first third-party security audit is scheduled for the 2026-06-02 to 2026-07-07 window. Once that report lands, the relevant rows below flip from Full (self-assessed) to Full (audited).
Live updates. Status flags below are read from the chain repository's CI gate, the public Livepaper revision, and the Foundation's compliance log. When a control's implementation changes in forge.dait.io/dait/dait-chain, this page reflects it within one block.
Compliance matrix
| Control | DAIT implementation | SOC 2 | ISO 27001 | PCI-DSS | Status |
|---|
Where DAIT exceeds the baseline
| Capability | What DAIT does | Standard requirement | How DAIT exceeds |
|---|
Upcoming
Quantum-resilience: day-1 posture live at genesis
DAIT is engineered to be quantum-resilient from genesis-day. NIST FIPS 204 / ML-DSA-65 (CRYSTALS-Dilithium Mode 3) signatures are required by default for every new agent registration on the agent module (x/agent); legacy secp256k1-only agents fail authentication at the chain's smart-account substrate hook. A governance kill-switch (AllowPostQuantum) lets the path be disabled without a hard fork in the event of a circl-library CVE.
Validator consensus signing (ed25519) and EOA account signing (secp256k1) continue on classical schemes in v1 because the framework's consensus engine does not yet ship a finalized PQ KEM-based path. The governance migration extending PQ to consensus + EOA is scheduled for chain Year 1, tracking the underlying framework's PQ roadmap (was Year 3 in earlier revisions). Because PQ is genesis-day for the most-exposed surface (agents that sign on behalf of operators for years), there is no "harvest-now-decrypt-later" debt accumulating against agent identities.
Third-party security audit scheduled
External audit firm engagement targets the 2026-06-02 to 2026-07-07 window. Audit findings drop publicly with the mainnet launch (2026-07-14) so anyone can read the report before staking.
Continuous attestation of node operators
Every node operator (validator, host, oracle) submits an attestation of their TEE configuration once per epoch. The attestation is verified on-chain and recorded as a public proof. This goes beyond SOC 2's quarterly attestation cadence.
Public bug bounty
Bug bounty opens at Phase 2 (public testnet, 2026-06-02). Severity table mirrors HackerOne's standard: Critical $50k, High $20k, Medium $5k, Low $500. Payouts in DAIT and USDC equivalents.
Need detailed control documentation?
For enterprise customers and audit firms requesting full control documentation under NDA, use the contact form on the Foundation page. Public-readable controls land here as soon as they ship.