Invariant Vector Defense logo Control-plane security infrastructure
Independent evaluation posture

Designed for independent federal evaluation.

IVD is positioned for structured technical review rather than unsupported operational claims, with defined objectives for network behavior and before-trust input decisions.

The current posture is evaluation-ready, not a claim of production deployment, accreditation, or endorsement. The purpose of the federal package is to allow qualified reviewers to test the architecture, evidence, and assumptions in a controlled environment.

Concept

Architectural premise and earlier-decision model.

TRL-5

Subsystem maturity and controlled prototyping.

TRL-6

Controlled-environment validation highlighted in the current package.

TRL-7 Next

Independent third-party transition testing and broader operational review.

Current status

Current maturity posture: IVD has controlled-environment validation evidence supporting a TRL-6-style posture within its tested scope. TRL-7-oriented independent testing is underway with Gear Six Labs, a European third-party software testing lab, with completion targeted for June 25, 2026. Federal lab evaluation remains a separate pending pathway and has not yet been completed. IVD is not presented as production-accredited or as having completed federal-lab validation at this stage.

References to Gear Six Labs describe the current independent testing pathway and do not indicate completed TRL-7 validation until the final testing report is complete.

What this is for

The package is meant for independent review of grouped attack-object detection, limited mitigation behavior, pre-index ACP checks, outcome assignment, and the assumptions behind both prongs. It is designed for a relevant or controlled environment, not as a shortcut to certification claims.

Evaluation objectives

Grouped attack-object detection, limited mitigation behavior, FlowSpec rule installation and withdrawal, pre-index ACP enforcement, policy outcome enforcement, and protection of the decision path.

What evaluators can test

Controlled lab replay, evidence package review, scoped ACP control-surface tests, routing-realistic network tests, exploit-card scenario review, the active TRL-7-oriented third-party testing pathway, and the separate pending federal lab evaluation path.

What is out of scope

Production deployment claims without scoped validation, enterprise accreditation, router vendor certification unless specifically tested, and blanket replacement claims for all downstream controls.

Requested next step

Structured technical review, independent review of frozen evidence bundles, completion of the current European third-party testing cycle, and preparation for a separate pending federal lab evaluation pathway.

Maturity Ladder

Current, underway, pending, and not claimed.

  • Current: Controlled-environment validation evidence, TRL-6-style tested-scope posture, and frozen evidence bundles for qualified review.
  • Underway: TRL-7-oriented independent third-party testing with Gear Six Labs, targeted for June 25, 2026.
  • Pending: Federal lab evaluation pathway, operationally representative testing, and broader production-readiness assessment.
  • Not claimed: Production accreditation, federal validation, national-lab certification, production deployment, or prevention of named public incidents.
Evidence Available for Qualified Review

Public-safe evidence summary

IVD maintains controlled-environment evidence materials for qualified technical review, including structured audit logs, policy decision records, rule lifecycle records, validation summaries, and hash-anchored evidence bundles. Public excerpts are illustrative; full review materials are made available through qualified evaluation channels.

Additional review materials may include controlled test summaries, quarantine and event records for ACP, methodology notes, and replay or review materials prepared for qualified technical evaluators. Federal lab evaluation remains a separate pending pathway and is not represented here as completed.

Review resources Request technical evaluation materials
Review validation scope Review threat model and boundaries
Tested Scope

What was tested

IVD-N Controlled-Environment Testing

IVD-N was tested in controlled routing and testbed environments. Testing focused on traffic-pattern observation, compact traffic fingerprint creation, attack-pattern grouping, limited policy decisions, FlowSpec-compatible rule behavior, rule withdrawal, SIL relief governance, and audit or evidence capture.

The work used controlled scenarios rather than production carrier traffic. The resulting evidence supports controlled-environment validation claims, not production-scale or carrier-wide deployment claims.

  • Distributed traffic-pattern detection
  • Macro-object and limited attack-object formation
  • FlowSpec-compatible mitigation rule generation
  • Rule lifecycle behavior, including creation and withdrawal
  • Routing stability observations in controlled runs
  • Benign versus hostile traffic scenarios within tested scope
  • Evidence capture and hash-anchored artifact packaging
IVD-ACP Controlled-Environment Testing

IVD-ACP was tested in controlled representative environments. Testing focused on pre-execution and pre-index control. Inputs or requests were assigned explicit outcomes such as READ_ONLY, SANDBOX, QUARANTINE, or REJECT before reaching protected execution or indexing paths.

The work supports controlled-environment validation claims, not broad enterprise production deployment claims.

  • Administrative request classification
  • Non-destructive administrative request handling
  • Destructive or non-admissible command blocking
  • Clean ingest artifact admission
  • Non-admissible ingest artifact quarantine before index entry
  • Audit-log generation
  • Policy and enforcement-state recording
Reviewer Concerns

Reviewer concerns addressed by controlled testing

Reviewer concern What was tested Public-safe result summary Boundary / not claimed
FlowSpec sounded conceptual Controlled FlowSpec lifecycle testing evaluated policy-to-rule behavior, rule creation, rule withdrawal, cleanup behavior, and evidence capture in a lab routing environment. Rule creation and withdrawal behavior was demonstrated within controlled routing scope. Does not establish broad router-vendor compatibility, carrier acceptance, production router certification, or production deployment.
BGP and routing stability sounded unproven Controlled routing runs evaluated whether mitigation behavior stayed limited and whether rule withdrawal completed cleanly within the tested environment. Tested-scope rule limits and clean withdrawal were observed in controlled runs. Does not substitute for multi-vendor hardware-in-the-loop testing, carrier operational validation, or line-rate production validation.
SIL sounded hand-wavy SIL testing evaluated signed relief handling in controlled scenarios. A valid signed relief request was accepted within policy, an invalid signature was rejected, and cleanup confirmed no router state was changed. SIL is not identity inside BGP and does not claim universal preservation of all legitimate production traffic.
AS-boundary export sounded risky AS-boundary governance testing evaluated whether out-of-scope, unauthorized, overbroad, unsafe, or excessive policy requests were rejected before export-style enforcement. Unsafe or unauthorized export-style policy requests were rejected in staged validation. Not a claim of live cross-AS carrier propagation or third-party carrier acceptance.
RTBH sounded dangerous RTBH safety testing evaluated whether authorized scoped actions were accepted and whether unauthorized, overbroad, missing-expiry, excessive-lifetime, or invalid-provider-community requests were rejected. Scoped safety-governance behavior was demonstrated in staged validation. Not a claim of production RTBH operation or live provider propagation.
ACP sounded abstract ACP controlled testing evaluated whether representative requests and artifacts could be classified before protected execution or indexing paths. Tested outcomes included READ_ONLY handling, SANDBOX routing, QUARANTINE before execution or index entry, clean artifact admission, and structured audit records. Not broad enterprise deployment, universal malicious-content detection, or production-scale connector coverage.
ACP failure behavior sounded underexplained ACP transition testing evaluated durable policy behavior, replay or restart-oriented behavior, malformed policy rejection, last-known-good policy retention, and limited review-queue behavior within controlled scope. Controlled testing demonstrated policy and failure-governance behavior within tested scope. Does not claim production HA clustering, multi-tenant hardening, enterprise-scale concurrency, or production split-brain protection.
Evidence sounded like free-form logging Evidence testing included structured audit records, policy decision records, lifecycle records, and hash-anchored evidence materials prepared for qualified review. Structured evidence materials exist for qualified technical diligence. Public summaries describe scope and method; full artifacts are reserved for qualified review.
Representative Test Areas

Public-safe result tables

IVD-N controlled test areas

Test area What was evaluated Public-safe result summary Boundary
Traffic-pattern observation Packet, header, and timing-derived behavior in controlled traffic scenarios. System produced compact traffic fingerprints for evaluation. Controlled testbed traffic, not production carrier traffic.
Limited attack-object formation Whether related abnormal traffic behavior could be grouped into one limited decision object. Grouped attack-object behavior was demonstrated in controlled runs. Scenario-specific, not universal attack classification.
FlowSpec-compatible rule lifecycle Policy-to-rule generation, install or withdraw lifecycle, and cleanup behavior. Rule creation and withdrawal behavior was demonstrated in controlled routing environments. Not a broad router-vendor or carrier-policy acceptance claim.
Routing stability and limited rule behavior Whether controlled mitigation behavior stayed limited during tested scenarios. Controlled runs observed limited rule behavior and tested-scope routing stability. Production router TCAM, vendor diversity, and carrier operations require further validation.
SIL relief governance Valid and invalid relief-request handling. SIL relief governance tested: valid signed relief accepted; invalid signature rejected; cleanup confirmed no router state changed. Controlled governance fixture, not production universal relief or live production router mutation.
AS-boundary and RTBH safety governance Whether out-of-scope, unsafe, overbroad, or excessive policy actions were rejected in staged governance tests. Governance checks demonstrated rejection of unsafe or unauthorized requests in controlled scope. Staged validation only; not live carrier export or production RTBH operation.
Evidence capture Whether logs, state records, and evidence artifacts could support review. Structured evidence and hash-anchored materials exist for qualified review. Full evidence is not fully public.

IVD-ACP controlled test areas

Test area What was evaluated Public-safe result summary Boundary
Read-only handling Whether safe or non-mutating administrative requests could be classified and forwarded appropriately. READ_ONLY-style handling was demonstrated in controlled testing. Representative administrative surface only.
Sandbox routing Whether requests requiring isolated evaluation could be routed away from protected production execution. Sandbox outcome behavior was demonstrated. Controlled prototype scope, not broad enterprise integration.
Quarantine before execution or index entry Whether non-admissible commands or artifacts could be blocked before execution or index entry. QUARANTINE-before-execution and QUARANTINE-before-index behavior was demonstrated. Scenario-specific test artifacts.
Clean artifact admission Whether clean ingest artifacts could continue through the permitted path. Clean artifact admission was demonstrated. Tested artifact class only.
Durable policy and restart behavior Policy continuity, replay behavior, and restart-related behavior in controlled validation. Controlled validation demonstrated durable policy and replay-oriented behavior within tested scope. Not a production HA or multi-tenant claim.
Policy failure and last-known-good behavior Malformed policy rejection, invalid policy handling, and last-known-good policy retention. Failure-governance behavior was demonstrated within controlled testing. Not a claim of complete production policy-management hardening.
Queue limits and human review behavior Limited human-review and saturation behavior in controlled ACP scenarios. Queue limits and repeatable rejection behavior were demonstrated in tested scope. Not a production SOC workflow or enterprise-scale capacity claim.
Audit and policy records Whether ACP decisions produced structured records and evidence materials. ACP audit and evidence records exist for qualified review. Full evidence is available through qualified review, not fully public.
Evidence Available for Qualified Review

What evidence exists

IVD maintains controlled-environment evidence materials for qualified technical review, including validation summaries, structured audit logs, policy decision records, rule lifecycle records, quarantine and event records, methodology notes, and hash-anchored evidence bundles. Public excerpts are intended to explain scope and method; they are not a substitute for full technical diligence.

  • Test summaries
  • Audit logs
  • Policy decision records
  • Rule lifecycle records
  • Router or testbed state records where public-safe
  • ACP quarantine and event records
  • Methodology notes
  • Hash manifests or evidence bundle references
  • Replay materials where appropriate
Sample Evidence Record Format

Sample evidence record format

The examples below show the type of structured evidence records used in controlled validation. They are public-safe examples of record categories and do not expose private infrastructure, private hashes, source code, customer data, or confidential artifacts.

TIME              EVENT                         SUMMARY
T+2s              PSI_VECTOR_RECORDED           Compact traffic fingerprint recorded from observable packet/header/timing behavior.
T+3s              MACRO_OBJECT_REGISTERED       Related abnormal traffic grouped into one limited decision object.
T+5s              FLOW_SPEC_RULE_PROPOSED       FlowSpec-compatible rule proposal created within tested policy scope.
T+60s             RULE_WITHDRAWN                Rule lifecycle completed and cleanup recorded.
T+61s             SIL_RELIEF_REJECTED           Invalid signed relief request rejected.
T+62s             ACP_AUTHORITY_ASSIGNED        Artifact assigned QUARANTINE before protected execution or index entry.

Full controlled-environment evidence materials are available for qualified technical diligence.

Not Claimed

Boundary conditions for public review

  • Production deployment
  • Production accreditation
  • Federal lab validation completed
  • National-lab certification
  • Carrier-scale operational validation
  • Broad router-vendor compatibility
  • Zero false positives outside the tested scenario set
  • Prevention of named public incidents
  • Universal detection of all malicious artifacts or attacks
  • Replacement of existing security controls
Review evidence categories Request qualified-review evidence materials
Evaluation Pathway

How a qualified evaluation is expected to proceed.

Step 1

Technical fit review

Determine whether IVD-N, IVD-ACP, or both are relevant to the evaluator's target environment, control surface, and review scope.

Step 2

Evidence review

Qualified evaluators review controlled-environment summaries, audit logs, policy records, rule lifecycle records, and methodology materials appropriate to the requested path.

Step 3

Scoped test plan

Define the attack class, control surface, success criteria, false-positive criteria, and non-claims before any test activity is treated as meaningful evidence.

Step 4

Operationally representative validation

Proceed into a TRL-7-oriented test or a separate federal-lab pathway as appropriate. Federal lab testing remains pending unless explicitly completed and published.

Step 5

Findings and next maturity step

Document pass or fail results, limitations, gaps, and the next validation requirement. No endorsement, procurement signal, or production accreditation is implied by participation.