Aegis SafeForge Data Room
Product

Product Feature List

Product Feature List

Purpose: Provide a concise feature inventory that pilot partners and technical evaluators can use to understand the current platform scope and roadmap direction. Core Product Capabilities

Industry Profile Adaptability The platform is designed to adapt terminology, labels, artifact structures, and risk calculation logic using industry profiles. This enables the same product foundation to support multiple regulated domains over time.

Current Stage Positioning Working platform under active development. Suitable for pilot and design partner validation using synthetic, public, sanitized, or agreed customer data. Not positioned as an automatic compliance or certification tool. Designed to support compliance-oriented workflows through structure, traceability, review, and evidence preparation.

Current Feature State - July 2026

The current codebase supports more than the original HARA/TARA pilot scope. Public and pilot-facing descriptions should include the following capabilities where relevant:

  • Structured safety artifacts: HARA, FMEA, FMEDA, hazard logs, safety goals, functional safety requirements, technical safety requirements, and verification evidence.
  • Structured cybersecurity artifacts: TARA assets, threat scenarios, vulnerabilities, attack paths, risks, cybersecurity goals, cybersecurity requirements, controls, cybersecurity claims, verification/validation evidence, cybersecurity events, vulnerability management, and incident-response plans.
  • SBOM and dependency evidence: software bill of materials records, source format and source credibility metadata, and links to vulnerability-management evidence.
  • Compliance engine: compliance scopes, facts, evidence items, evidence assertions, applicability assessments, reviewer decisions, lifecycle cases, release packages, and package-driven evidence expectations.
  • CRA readiness: pilot-level CRA applicability, classification, SBOM/dependency inventory, vulnerability handling, support-period record, reporting readiness, VEX/affectedness, Annex II/Annex VII indexes, conformity-readiness summary, lifecycle panel, gap panel, and gap-report export.
  • Process model overlays: current process, target compliance process, CRA gap snapshots, readiness scoring, and closure actions through artifacts, uploads, requirements, or manual attestation.
  • Governance: lifecycle states, review queues, approved-row protection, stale/impacted states, deterministic calculations, role-based permissions, and AI job/event records.

Not yet safe to claim as complete:

  • Full ISO/IEC 27001 control mapping or ISMS management.
  • Full IEC 62443 security-level assessment, zone/conduit lifecycle, or control-by-control compliance package.
  • Complete legal/commercial CRA conformity operations.
  • Automatic certification, regulator-ready approval, or guaranteed compliance.

On this page