BLACKSHIELD

Public Guide

What BlackShield Secures for You and What Your Team Owns

BlackShield owns the product controls in the platform; your team owns the way you configure identities, keys, scan scope, and operational approvals inside your workspace. Audience: Security architects, compliance owners, procurement reviewers, and platform administrators. Typical setup time: 10 minutes.

trust

Use this if

BlackShield owns the product controls in the platform; your team owns the way you configure identities, keys, scan scope, and operational approvals inside your workspace.

Audience
Security architects, compliance owners, procurement reviewers, and platform administrators
Typical time
10 minutes

Before You Begin

  • List the controls your team expects BlackShield to operate on your behalf.
  • List the controls your team must still own after deployment.
  • Have `/identity`, `/api-keys`, and `/audit` available during the review.

Guide walkthrough

Step 1

BlackShield-managed controls

These are controls the product and service operate for every customer.

  • BlackShield enforces authenticated access and role permissions on administrative APIs and dashboard surfaces.
  • BlackShield rate-limits sensitive flows such as login, identity writes, API key writes, and tenant deletion.
  • BlackShield records audit queries and audit exports so evidence access is itself traceable.

What success looks like

BlackShield records audit queries and audit exports so evidence access is itself traceable.

Step 2

Customer-managed controls

These are the places your team still needs to make good decisions after purchase.

  • Use `/identity` to configure the approved IdP, group mappings, and SCIM behavior for your users.
  • Use `/api-keys` to rotate, revoke, and review keys used by scanners and automations.
  • Keep integrations and scan targets limited to repositories, images, cloud accounts, and environments your team has approved.

What success looks like

Keep integrations and scan targets limited to repositories, images, cloud accounts, and environments your team has approved.

Step 3

How to run the split in practice

A useful shared-responsibility page should tell the customer where to go in BlackShield, not just tell them to “review responsibilities.”

  • Use `/audit` to verify who changed identity settings, exported evidence, or ran other sensitive actions.
  • Use `/tenant-rights` when the conversation turns to deletion authority, workspace ownership, or exit controls.
  • Use the same BlackShield screens in renewal and audit reviews that you used during initial due diligence.

What success looks like

Use the same BlackShield screens in renewal and audit reviews that you used during initial due diligence.

What success looks like

  • Security and operations teams can point to the BlackShield screen where each shared-control question gets answered.
  • Any shared-control gaps have owners, due dates, and follow-up tracking.
What BlackShield Secures for You and What Your Team Owns | BlackShield Docs