14.0 — Appendix Index
Quick links to all appendices in this section.
A
Glossary of Terms
36 security and cloud terminology definitions used throughout this report.
B
Compliance Framework Mapping
Cross-framework control mapping across CIS, NIST, PCI-DSS, HIPAA, and SOC 2.
C
Tool Versions & Configuration
Software versions, SDK configurations, and scanning engine parameters used.
D
Assessment Team & Credentials
Team members, certifications, and roles for the assessment engagement.
Appendix C — Tool Versions & Configuration
Technical ReferenceThe following tools, SDKs, and libraries were used during this assessment. All tools were verified to be running the latest stable releases at the time of scan execution on February 4, 2026.
| Tool / Component | Version | Category | Purpose |
|---|---|---|---|
| AiVRIC Vision Platform | v5.4.0 | Security Platform | Unified cloud security scanning, AI-powered analysis, and multi-cloud correlation |
| Prowler Core | v5.4.0 | Security Scanner | Open-source security scanning engine (integrated into AiVRIC Vision) |
| AWS CLI | 2.15.x | Cloud SDK | AWS API interaction, credential management, and resource enumeration |
| Azure CLI | 2.56.x | Cloud SDK | Azure subscription access, resource group scanning, and Defender configuration |
| Google Cloud SDK (gcloud) | 461.0.x | Cloud SDK | GCP project scanning support (available but not used in this assessment) |
| kubectl | 1.29.x | Kubernetes | AKS cluster inspection, RBAC enumeration, and pod security analysis |
| Helm | 3.14.x | Kubernetes | Chart deployment verification and release inspection |
| Python | 3.12.x | Runtime | Core runtime for Prowler engine and AiVRIC Vision API |
| Django REST Framework | 5.1.10 | Framework | API backend for scan orchestration and findings management |
| Next.js | 14.x | Framework | Web UI for interactive dashboards and report rendering |
| Chart.js | 4.4.1 | Visualization | Interactive charts and data visualizations in report pages |
| Tailwind CSS | 3.4.x | Styling | Utility-first CSS framework for report layout and responsive design |
Scan Configuration: All scans were executed with default check profiles (no checks excluded). Prowler was configured with
--severity all to capture findings across all severity levels. Network-level scanning (port scanning, vulnerability exploitation) was explicitly excluded from scope.
Appendix D — Assessment Team & Credentials
PersonnelThe following team members contributed to the planning, execution, analysis, and reporting of this ROAR assessment. All team members hold relevant industry certifications and have prior experience conducting multi-cloud security assessments.
| Name | Role | Certifications | Organization | Responsibilities |
|---|---|---|---|---|
| J. Martinez | Lead Assessor | CISSP CISA | 3HUE Cybersecurity | Assessment planning, executive briefing, risk analysis, final report review |
| S. Chen | Cloud Security Engineer | AWS SAP AZ-500 | 3HUE Cybersecurity | AWS and Azure scanning, finding validation, compliance mapping |
| R. Patel | DevSecOps Engineer | CKS CKAD | 3HUE Cybersecurity | Kubernetes and GitHub scanning, container security, RBAC analysis |
| K. Thompson | AI/ML Analyst | Internal | AiVRIC Platform Team | AI-powered finding correlation, severity scoring, report generation |
4
Team Members
6
Certifications
2
Organizations
14
Engagement Days
14.1 — Document Revision History
This document has undergone the following revisions. Each revision was reviewed by the Lead Assessor before distribution.
| Version | Date | Author | Changes | Status |
|---|---|---|---|---|
| v1.0 | January 15, 2026 | S. Chen | Initial draft with AWS findings and methodology sections | Draft |
| v1.1 | January 22, 2026 | S. Chen, R. Patel | Added Azure and Kubernetes findings, compliance mapping appendix | Draft |
| v1.5 | January 26, 2026 | R. Patel | Added GitHub provider findings, updated risk heatmap and severity charts | Review |
| v2.0 | January 29, 2026 | J. Martinez | Final report with all four providers, executive briefing, and remediation roadmap | Final |
| v2.1 | February 4, 2026 | K. Thompson | AI-generated interactive HTML report with full visualizations and appendices | Published |
14.2 — Distribution List
CONFIDENTIAL
Restricted Distribution: This report contains sensitive security vulnerability information. Distribution is limited to the individuals listed below. Unauthorized sharing, forwarding, or reproduction of this document is strictly prohibited. Recipients must store this document in accordance with their organization’s data classification and handling policies.
| Recipient | Title | Organization | Access Level | Delivery Method |
|---|---|---|---|---|
| M. Richardson | Chief Information Security Officer | 3HUE Cybersecurity | Full Report | Encrypted email + secure portal |
| D. Kowalski | VP of Engineering | 3HUE Cybersecurity | Full Report | Encrypted email + secure portal |
| A. Yamamoto | Director of Cloud Operations | 3HUE Cybersecurity | Technical Sections | Secure portal |
| L. Nguyen | DevOps Team Lead | 3HUE Cybersecurity | Technical Sections | Secure portal |
| J. Martinez | Lead Assessor | 3HUE Cybersecurity | Full Report | Internal access |
| External Auditor | Compliance Audit Lead | Deloitte (engagement ref: DL-2026-0412) | Executive Summary Only | Encrypted email |