Ratings summarize coverage, freshness, drift, hygiene, and review readiness.
Posture API
The posture API area summarizes evidence for access review and operational control questions. It helps security teams pull compliance-rating summaries, policy coverage, stale account signals, drift findings, failed verification events, and audit evidence into review workflows.
Verification, rotation, reconcile, and session results shape posture.
Weak signals point to cleanup work instead of raw export hunting.
Posture stays attached to resources, accounts, policy, logs, and evidence.
Evidence Sources
Section titled “Evidence Sources”Relevant sources include user permissions, scope membership, resource inventory, account state, policy bindings, resolved behavior, session events, execution jobs, verification results, rotation posture, reconciliation history, logs, Anchor Ledger integrity, and Anchor Compass findings.
Review Automation
Section titled “Review Automation”Posture workflows help teams answer operational review questions:
- Which resources are missing expected policy coverage?
- Which accounts appear stale, unmanaged, or unclear in ownership?
- Which verification or rotation workflows failed?
- Which resources have unresolved policy drift?
- Which evidence package supports the current access review?
- Which Anchor Connect sessions, components, or recording metadata need review?
- Which Ledger-backed events support the integrity of the review period?
- Which Compass findings explain the root cause behind a weak rating?
Representative API Examples
Section titled “Representative API Examples”The examples below use version-neutral shapes that illustrate the integration pattern.
| Review question | Useful posture source |
|---|---|
| Which resources need review? | Compliance rating, failed jobs, stale account, drift, and policy coverage signals. |
| Which controls are missing? | Effective policy, policy binding, resource state, and account posture context. |
| Which evidence supports the review? | Logs, audit records, Ledger integrity, Compass findings, and session metadata. |
Rating Model
Section titled “Rating Model”Compliance Ratings should make privileged access health easy to discuss without reducing the product to a compliance checklist. A rating can summarize policy coverage, account hygiene, verification freshness, rotation posture, drift, stale access, session review, audit evidence, Ledger integrity, and Compass findings.
The buyer value is speed and clarity. Security teams can see where the privileged access program needs attention; auditors can understand the evidence; leadership can review posture without asking operators to rebuild the story from exports.
Drift and Hygiene
Section titled “Drift and Hygiene”Drift is the gap between intended policy state and observed operational reality. Hygiene is the day-to-day condition of privileged accounts: stale, overexposed, missing owner, overdue rotation, failed verification, unmanaged key material, or unclear lifecycle.
Anchor brings those signals into one review model so teams can act before an audit or incident forces the issue.
Integration Advice
Section titled “Integration Advice”Start by defining the review questions before building exports. Anchor’s API-first value is strongest when evidence retrieval maps to actual security, IAM/PAM, audit, and leadership workflows.