TRUST Security posture documentation available for government evaluation — Request access →
Trust Center · Security

Security Posture

This page provides a public-safe summary of MTSAi's security control areas and the evidence available for government evaluation. Detailed configurations are shared under NDA/RFP.

Domain Security
Posture Evidence-First
Status Designed · Claims-Safe
Configs Under NDA Only

High-Level Control Areas

IAM

Identity & Access Management

Least-privilege access model. Administrative separation of duties. Session and access logging as default.

ENC

Encryption & Data Protection

Encryption in transit and appropriate encryption at rest.

LOG

Logging & Audit Trails

Designed for auditability — access logs, admin actions, policy changes, and operational events.

VUL

Vulnerability Management

Secure development expectations and release discipline.

INC

Incident Response

Defined triage and escalation workflows.

Key Commitment

Security configurations are not published publicly by design. All detailed control implementations are available to government reviewers under a formal NDA or RFP process.

CERT-In Readiness Framing

MTSAi's security posture is designed to be aligned with CERT-In cybersecurity guidelines. These references describe design intent. Final compliance is verified through government audit per contract scope.

Key Commitment

CERT-In incident reporting timelines are incorporated into the incident response design. Notification workflows are documented and reviewable under NDA.

Evidence You Can Request

  • DOCSecurity Overview (vX.Y)
  • DOCIncident Response Playbook (vX.Y)
  • DOCConfiguration Baseline Summary (public-safe; details under NDA) (vX.Y)
  • DOCAudit Event Catalog — sample/redacted (vX.Y)
  • DOCPen-test / assessment plan (planned) where applicable (vX.Y)

What We Do Not Publish Publicly

By design, we do not publish exploitable configuration specifics, infrastructure diagrams with sensitive detail, security bypass instructions, or customer-specific/deployment-specific data. These are available under controlled NDA/RFP conditions.

Compliance Status

Designed

CERT-In Alignment

Security posture designed to align with CERT-In cybersecurity guidelines and incident reporting requirements.

In Build

IAM Controls

Least-privilege model and administrative separation of duties under implementation for production deployment.

Reviewable

Audit Log Export

Structured security event logging designed; export formats and schemas reviewable under NDA.

Full security posture documentation available for qualified procurement teams. — Request documentation →

Access Security Materials

Request the versioned Security Overview or arrange a security diligence call with our team.

Request the Security Overview → Request a security diligence call
Platform Status Disclosure
Pre-Deployment Status (Jan 2026)

No live city implementations are currently operational. All deployment, outcome, and operational capability references are design specifications subject to government procurement, contract execution, and implementation.

Compliance Status

All references to regulatory frameworks represent design intent and readiness posture. Final compliance is verified through government audit per contract scope.

International References

Case study outcomes cited from London, Singapore, Stockholm, and other cities are external examples from independent transportation authorities, not MTSAi deployments.