🔒 title: Security of Support description: How Control Core secures support diagnostics with privacy and integrity controls.
🔒 Security of Support
Support workflows are designed to maximize diagnosability while minimizing data exposure.
📌 Secure Package Expectations
Diagnostic or audit package filenames must follow:
[TYPE]_[CUSTOMER_ID]_[YYYYMMDD_HHMMSS]_[TICKET_REF].tar.gz
TYPE:DIAGorAUDITTICKET_REF: short issue slug such aspolicy-latency-issueREADME.txt: required in package root; explains observed behavior and impact
📌 Integrity and Trust Controls
- Package SHA-256 digest is generated at export time
- Signature metadata is attached for verification workflows
- Optional encrypted payload mode protects package contents in transit/storage
📌 Privacy Promise
Control Core support can only access what your shared package or connector scope provides.
- Redacted/masked fields remain masked
- Support does not gain implicit access to unrelated tenant data
- Connector integrations should be least-privilege and time-scoped
What to Include in README.txt
- Customer-visible symptom
- First observed timestamp (UTC preferred)
- Affected resource(s), bouncer(s), and environment
- What already changed/tested
- Desired outcome for this support request