Capabilities

A full capability ledger, not a claim that every lane is finished.

Every public capability card carries maturity state, publication state, proof artifact, current limitation, persona, and a deeper link only when the page is supported by evidence.

Request the capability map

Catalog rules

Sell by capability. Navigate by workflow. Prove by evidence.

15 of 15 capability lanes shown.

LivePublic / indexed

Cyber Risk Quantification

Translate verified exposure into decision-support financial estimates with visible assumptions.

Proof artifact: EBITDA bridge, confidence band, source citations, assumptions affordance
Current limitation: Decision-support estimate only; not actuarial, insurance, accounting, legal, or investment advice.
Primary persona: PE operating partner, CFO, board

LivePublic / indexed

GRC / IRM / ERM

Turn framework work into current proof, named owners, and business-facing risk decisions.

Proof artifact: Control evidence freshness, proof pack excerpts, audit workflow status
Current limitation: Does not replace customer auditors, counsel, or required certification bodies.
Primary persona: CISO, compliance lead

LivePublic / indexed

Portfolio Operations

Give operating partners a ranked view of which cyber moves change portfolio value.

Proof artifact: Portfolio command center, board pack, action queue
Current limitation: Future lifecycle depth is labeled until product proof exists for each operating motion.
Primary persona: PE operating partner

LivePublic / catalog-only

Trust Center / Audit Proof

Make proof current, scoped, and inspectable for buyers, auditors, insurers, and assessors.

Proof artifact: Proof pack, freshness state, export preview
Current limitation: NDA access-request workflows are design-partner gated until access controls are finalized.
Primary persona: Compliance, buyer security

Design partnerPublic / indexed

AI Security & Governance

Put authorization, financial thresholds, and evidence around AI systems and autonomous agents.

Proof artifact: Agent authorization gate, AI governance checklist, evidence trail
Current limitation: EU AI Act and regulated AI claims require claim review before publication.
Primary persona: CISO, AI governance lead

Design partnerPublic / indexed

AppSec / ASPM

Connect application security findings to verified fixes, release risk, and proof artifacts.

Proof artifact: SARIF finding proof, fix verification, release evidence
Current limitation: Does not claim replacement for customer SAST, SCA, CI, or repository enforcement systems.
Primary persona: Engineering security, AppSec lead

Design partnerPublic / indexed

Exposure Management

Prioritize the findings that change enterprise value and prove closure when the work is done.

Proof artifact: Findings table, remediation queue, closure evidence card
Current limitation: Advanced FR-D15 depth remains design-partner gated until live validation evidence is complete.
Primary persona: CISO, security operations

Design partnerGated or noindex

Federal / Regulatory

Structure evidence-supported readiness packages without implying unearned authorization.

Proof artifact: Framework crosswalk, readiness package, factual status statement
Current limitation: No authorization or certification claims publish without recorded claim sign-off.
Primary persona: Federal supplier, compliance lead

Design partnerPublic / catalog-only

Supply Chain / TPRM

Package supplier and component evidence into readiness decisions buyers can inspect.

Proof artifact: Component provenance, readiness areas, submission blockers
Current limitation: Federal and UAS readiness language requires factual status and claim review before deeper publication.
Primary persona: Supply-chain lead, federal supplier

Integration/control planePublic / catalog-only

CNAPP / CSPM

Convert cloud security source signals into ranked decisions and proof-backed remediation.

Proof artifact: Cloud finding evidence card, exposure graph summary
Current limitation: Native cloud enforcement remains customer-owned unless a specific integration proves otherwise.
Primary persona: Cloud security, CISO

Integration/control planePublic / catalog-only

Detection & Response

Tie detection and response work to proof-backed closure and business impact.

Proof artifact: Incident-to-proof trail and response validation summary
Current limitation: VALTY integrates and validates; it does not claim to own response execution by default.
Primary persona: SOC, CISO

Integration/control planePublic / catalog-only

Endpoint Awareness

Represent endpoint and human-risk signals as source lanes in the proof graph.

Proof artifact: Endpoint posture source-lane card and human-risk evidence summary
Current limitation: Source-lane/control-plane only unless native endpoint capability is proven.
Primary persona: IT, security awareness, CISO

Integration/control planePublic / catalog-only

Zero Trust Assurance

Verify zero-trust posture across systems the customer already owns.

Proof artifact: Cross-control proof card and readiness matrix
Current limitation: Control-plane assurance only; VALTY is not a ZTNA, SASE, NAC, or IdP replacement.
Primary persona: CISO, identity lead

Roadmap previewPublic / catalog-only

API Security

Show how API posture becomes a governed, proof-backed risk lane.

Proof artifact: Planned API contract and auth posture proof artifact
Current limitation: Dedicated API security page remains gated until FR-D14 surfaces are green.
Primary persona: AppSec, platform engineering

Roadmap previewPublic / catalog-only

Software Assurance / QA

Attach release confidence to visible proof rather than status claims.

Proof artifact: Planned release evidence and proof-of-quality packet
Current limitation: Dedicated QA workflow is roadmap/design-partner until paid workflow evidence exists.
Primary persona: Engineering, QA, product