01
CBOM connector layout
Recommended connector topology for cloud-only, on-prem-only, and hybrid estates.
Best practices
Field-tested patterns.
Reference architectures, policy-as-code templates, migration playbooks, and operational runbooks from real Quanterios deployments. Designed to be picked up by SREs, security engineers, and compliance leads on day one.
01 · Reference architectures
02
AI Runtime gateway
Sidecar, gateway, and in-process deployment patterns for the AI runtime gate.
03
Crypto Agility API
Library, sidecar, and gateway patterns for runtime cipher abstraction.
04
Evidence packet pipeline
How evidence flows from CBOM/AIBOM source through the Decision Engine to the audit-ready packet.
02 · Policy-as-code templates
01
Default Crypto policy
Block AES-CBC custom, weak randomness, IV reuse, MD5, SHA-1. Warn on RSA-2048.
02
Banking · DORA-aligned
Stricter defaults aligned to DORA Article 6 expectations and BSI TR-02102.
03
Defense · CNSA 2.0
Hard-deadline-aligned policy with time-bounded deprecation windows.
04
AI Runtime · default
Default prompt-injection classifiers, output filtering on PII, MCP scope deny-by-default.
03 · Migration playbooks
01
nginx + 8 services
Reference playbook for the nginx + reverse-proxied-services pattern. Hybrid ML-KEM-768 rollout.
02
Code-signing migration
ML-DSA and SLH-DSA staged rollout across signing pipelines.
03
TLS 1.3 hybrid
TLS 1.3 with ML-KEM-768 hybrid · zero-downtime cutover pattern.
04
Rollback patterns
When and how to roll back a hybrid deployment without breaking downstream services.
04 · Topic explainers
Use these pages when the team needs a shared operating model before moving into templates, policies, or rollout work.
Need a template for your stack?
Email developers@quanterios.com with the deployment shape; we'll send the closest reference architecture and policy template.