You can no longer trust an OEM badge or a software vendor's word. TrustGate is a five-tier vetting pipeline that audits every component — hardware, firmware, software and apps — before it is allowed onto the 1Central marketplace. The framework is post-quantum-ready, NDAA aligned, and crypto-agile by design.
Identity, ownership, jurisdiction, sanctions and NDAA screening.
SBOM, chipset & firmware origin, manufacturing path, key material custody.
Static analysis, Ghidra/Binwalk reverse engineering, dependency CVE/VEX.
Live behavioural test in air-gapped lab. Independent auditor panel.
Continuous TPM 2.0 / PCR monitoring. EM and side-channel baseline.
Full SBOM, signed firmware (incl. SLH-DSA path), no untrusted OEMs in BOM, quarterly attestation passes, no critical CVEs unresolved >7 days.
Conditional listing — typically legacy devices, AI-only mode, or restricted to isolated VLAN with no control-plane access.
Backdoor, undisclosed supply-chain change, failed re-attestation, or geopolitical exclusion (NDAA, sanctions).
Rotating third-party security firms perform T3 sandbox work — never the same firm two cycles in a row.
Every device must support TPM 2.0 / secure boot / measured boot to qualify above Amber.
Crypto-agile by default. Hybrid ML-KEM / ML-DSA paths available; SLH-DSA for firmware signing on Red posture.
OEMs, software vendors, app developers and network partners can apply to be listed on 1Central. TrustGate review takes 4–8 weeks depending on tier complexity.