# MAQUEOSYSTEM Security Baseline

**Status:** Production-ready

**Baseline Version:** v2026.01

**Scope:** Local endpoint security (Windows 11 Pro)

**Owner:** Andrés Maqueo

## Overview

This repository contains the **public security baseline, evidence, and architecture**

for the MAQUEOSYSTEM endpoint security model.

It is designed to demonstrate:

- Hardware-backed trust

- Deterministic security controls

- Verifiable evidence

- Audit-ready documentation

- Attestation preparedness

All content is **non-sensitive** and suitable for public review.

## What This Repository Contains

### 📐 Architecture

- Hardware Root of Trust (TPM 2.0)

- Secure Boot trust chain

- Virtualization-Based Security (VBS / HVCI)

- Trust boundary definitions

- Attestation readiness model

### 🧪 Audit Evidence

- Deterministic PowerShell assertions

- Signed evidence manifests (SHA-256)

- Drift detection

- Scored security posture

### 📊 Governance

- Security control traceability matrix

- Risk model

- Audit methodology

- Executive security summary

## Security Model Highlights

- TPM-backed disk encryption (BitLocker)

- Secure Boot enforced

- Hypervisor-enforced Code Integrity

- Firewall enforced across all profiles

- Evidence integrity verified cryptographically

## Automation

This repository includes:

- PowerShell assertion scripts

- Drift detection logic

- Evidence signing

- CI validation workflows

- GitHub Pages publication

## Intended Audience

- Security architects

- Auditors

- DevSecOps engineers

- Organizations evaluating endpoint trust models

## Disclaimer

This repository represents a **point-in-time snapshot** of a security baseline.

It does not replace organizational security policies or managed security services.

## License

See LICENSE.