The Guardians standing watch over the fortress — Trust Is Our Fortress
The Zero Trust Architecture

Vigil.
Trust is our fortress.

Built for the mission. Standing with the frontier.

Vigil is the Zero Trust security architecture that powers the Standfast platform. It is not a framework borrowed from a whitepaper. It is an architecture built, operated, and defended in production — by practitioners who carry the same compliance requirements you do.

Marshal
Holds the Gate
Identity & Access
Vaquero
Signs the Trust
PKI & Certificates
Ranger
Reads the Trail
Continuous Monitoring
What Zero Trust means on the frontier

No one enters the fortress
without being seen.

Zero Trust is not a product. It is a posture — a deliberate decision to trust nothing by default and verify everything by design. Every user, every device, every connection must prove its legitimacy before being granted access. Not once at login. Every time.

Vigil implements that posture as a living architecture — one that enforces boundaries, validates identities, monitors continuously, and generates the evidence trail that proves your compliance holds. The fortress is not a metaphor. It is what we build.

The Vigil Architecture

Five layers. One defended frontier.

Vigil is structured in five interlocking layers — each one a discipline, each one a line of defense, all of them running continuously under the watch of the three Guardians.

Layer 01
The Gate
Marshal — Holds the Gate

No one enters without being challenged. The gate layer enforces identity verification at every entry point — multi-factor authentication, privileged access management, and least-privilege enforcement. Marshal does not assume legitimacy. He requires it to be proven, every time, for every user and every device attempting access to CUI systems.

Multi-Factor Authentication Privileged Access Management Least-Privilege Enforcement Identity Lifecycle Management
Layer 02
The Trust Layer
Vaquero — Binds the Trust

Trust is not inherited — it is issued, signed, and time-bound. The trust layer manages the PKI infrastructure, certificate authority, and credential framework that validates every identity and every communication within the enclave. Vaquero binds the trust so that nothing in the environment operates on assumptions. Every connection has a certificate. Every certificate has an owner. Every owner is accountable.

Public Key Infrastructure Certificate Authority Signed Credentials Trust Chain Validation
Layer 03
The Enclave
All Three Guardians

The fortress itself. The CUI enclave is the hardened boundary that separates systems handling Controlled Unclassified Information from everything else in your environment. Defined in your SSP, enforced in your network, and validated in your assessment. The enclave is not theoretical — it is a real boundary with real controls, documented and operable by name.

CUI Boundary Definition Network Segmentation Microsegmentation SSP Documentation Hardened Endpoints
Layer 04
The Trail
Ranger — Reads the Trail

The Ranger reads what others miss. The trail layer is the continuous monitoring infrastructure — telemetry, logging, SIEM, and behavioral analytics that surface anomalies, drift, and indicators of compromise before they become incidents. Every action leaves a trail. The Ranger follows it. Configuration changes, unauthorized access attempts, policy deviations — nothing passes unread.

SIEM & Log Aggregation Behavioral Analytics Configuration Drift Detection Anomaly Alerting Audit Trail
Layer 05
The Evidence
Ranger — The Posture Loop

Compliance is only as real as the evidence that proves it. The evidence layer is the Standfast posture loop running continuously — scanning, remediating, verifying, and documenting. Every finding catalogued. Every fix timestamped. Every control domain current. When the C3PAO assessor arrives, the evidence is not assembled for the occasion. It has been building every day since the loop started.

Continuous Posture Scanning Managed Remediation Verification & Rescan POA&M Currency C3PAO-Ready Evidence
Who operates the architecture

The Guardians inside Vigil.

Each Guardian commands a domain within the architecture. Together they cover every layer — from the gate to the trail to the evidence that proves it all held.

Blue Guardian

Marshal

"Holds the Gate"

Marshal commands Layers 01 and 03 — the identity gate and the enclave boundary. He is the enforcer of access policy, the definer of the CUI boundary, and the one who ensures your SSP describes your actual environment. No entry without challenge. No trust without verification.

Gold Guardian

Vaquero

"Signs the Trust"

Vaquero commands Layer 02 — the trust layer. He manages the PKI infrastructure, issues the credentials, and binds the certificates that every system in the enclave depends on. Trust in Vigil is not assumed. It is issued by Vaquero and earned by everyone who operates within the fortress.

Red Guardian

Ranger

"Reads the Trail"

Ranger commands Layers 04 and 05 — the trail and the evidence. He is the one who never sleeps, reading every log, following every anomaly, running the posture loop continuously. While you sleep, Ranger is at the perimeter. When the assessor arrives, Ranger's work is what they find.

Not built in a lab

We operate Vigil.
Every day.

The same architecture we build for our clients, we run against our own infrastructure. MoGhraOps is a DIB company carrying the same CMMC requirements you carry. Vigil is not a design we sell. It is the environment we live in.

That is the difference between a vendor and a practitioner. We know what the architecture surfaces, what it catches, and what it takes to keep it clean — not because we built it in a whitepaper, but because we operate it in production. Every day. The watch never ends.

See the Platform Explore Services

Built for the mission  ·  Standing with the frontier