SWT3 Protocol

Independent Anchor Verification

Verify compliance evidence without contacting the vendor, installing software, or exposing sensitive data. Everything runs in your browser.

Try it now with a real example

This demo anchor is pre-loaded. Click Verify Anchor below to see verification in action. Then change any number and verify again to see the tamper detection.

What is This?

When an organization monitors a compliance control (like "are security guardrails active?" or "is the password policy enforced?"), the SWT3 protocol records three numbers as evidence:

A
The Standard -- what the rule requires. Example: "at least 2 guardrails must be active."
B
The Evidence -- what was actually measured. Example: "3 guardrails were active."
C
The Context -- additional detail. Example: "0 guardrails failed." Often 0 when not needed.

These numbers, plus the control identifier and a timestamp, are combined into a SHA-256 hash to produce a unique 12-character fingerprint. That fingerprint is locked inside the anchor token. If anyone changes even a single number after the fact, the fingerprint will not match. That is the tamper-proof guarantee.

Reading an Anchor Token

Every anchor follows this format. Here is what each segment means:

SWT3- E- AWS- ACC- AC21- PASS- 1774800000- 9abafad6c30a
SWT3 = protocol E = Enclave (deployment tier) AWS = cloud provider ACC = Access Control domain AC21 = procedure (AC-2.1) PASS = verdict 1774800000 = when it was checked 9abafad6c30a = fingerprint

Verify an Anchor

Enter the anchor token and the evidence factors. This page recomputes the fingerprint locally and compares it.

The control that was checked (e.g. AC-2.1, AI-INF.1)

The organization's environment identifier

What the rule requires

What was measured

Extra detail (often 0)

Exact millisecond when the evidence was recorded

Zero network requests. Verification runs entirely in your browser. View source to confirm.

Try It: Tamper with the Evidence

Change any single factor above (even by 1) and click Verify again.
Watch the result flip from green to red. That is the immutability guarantee.
If any value was altered after the anchor was minted, the math catches it. Every time.

advanced: paste JSON bundles

If you received a verification bundle from an Axiom export or ledger entry, paste it here. One paste, one click.

Paste a JSON array of verification bundles. Every anchor is verified locally. Results are summarized instantly.

Fingerprint Formula (Technical Reference)

SHA256("WITNESS:" + tenant + ":" + procedure + ":" + A + ":" + B + ":" + C + ":" + timestamp_ms)[0:12]

The same formula is implemented identically in Python, TypeScript, Rust, C#, and Ruby. Any party can independently verify any anchor using standard SHA-256. No proprietary tools or vendor access required.

Want to automate this for your entire organization?

Book a Demo
What is SWT3?
SWT3 (Sovereign Witness Traceability) is an open protocol for cryptographic compliance evidence. Every time a system is checked against a regulatory control, an SWT3 Witness Anchor is minted containing the evidence factors, a SHA-256 fingerprint, and a timestamp. The anchor is independently verifiable by anyone with the factor values. No vendor trust required. No account needed. The math is the proof.
SDK Documentation | UCT Registry | JSON Schema | sovereign.tenova.io

This tool performs independent cryptographic verification of SWT3 Witness Anchors. Verification confirms mathematical integrity of the fingerprint only. It does not constitute a legal opinion, audit finding, or compliance determination. Regulatory compliance depends on the quality and accuracy of the underlying evidence, which is outside the scope of this verifier.

© 2026 Tenable Nova LLC. SWT3 and Sovereign Witness Traceability are trademarks of Tenable Nova LLC. Patent pending.
SWT3 Protocol is open-source under Apache 2.0. Verification is free, forever.