Sanctuary Framework · Family office engagement

The Family Threat Model

One day onsite. One complete picture of your household's posture — across people, institutions, and lifestyle. A living model your family keeps, updates, and owns.

  • Principal-led, one day onsite — walked the way an adversary would
  • 156 controls scored against NIST CSF 2.0, Govern through Recover
  • Private USB deliverable — runs entirely on your devices
  • TargetProof keeps no copy — what remains with you is the model
Schedule Your Assessment Remediation Paths
The deliverable

The Sanctuary Model

After your onsite assessment, you receive a private USB deliverable that runs entirely on your devices. It is not a cloud dashboard or a vendor-held report — a living model your family office keeps, updates, and owns.

Score 156 controls across Govern → Recover. Tally gaps by people, institutions, and lifestyle. Generate a maturity summary, risk-ordered findings, and a 30 / 90 / 180-day roadmap — then link every gap to Sanctuary remediation when you are ready to act.

  • Encrypted vault — assessment data stays on your infrastructure
  • Threat Spectrum mapped to your intake and household context
  • Guided assistant — structured answers from your model, no language model
  • TargetProof keeps no copy of your assessment
Stone Family Office · Overview
Sanctuary Model app for Stone Family Office showing the household overview and Sanctuary Loop

Illustrative view — your household's model runs locally on the USB deliverable.

How the model works

The Sanctuary Loop

Four questions. One integrated picture — from household context through scored controls to a plan you can actually execute.

01
What are we protecting?

Structured intake: properties, participants, advisors, travel, incidents, and goals. Business context before controls — scoped to your household, not a generic checklist.

02
What can go wrong?

156 controls scored across Govern → Recover (NIST CSF 2.0), plus a Threat Spectrum of documented targeting patterns and regulator-aligned fraud warnings.

03
What will we do about it?

Gaps tallied and prioritized. Auto-generated summary and 30 / 90 / 180-day roadmap. Every gap links to a Sanctuary remediation service when you are ready to act.

04
Did we do enough?

Built-in review: effectiveness, explicit residual-risk acceptance, and what to improve next cycle. The framework sharpens over time — without the deliverable growing heavier.

How the assessment works

What it is

A principal-led, one-day onsite engagement. Together you walk your residence and family office context the way an adversary would — physical, digital, and human. Every control is scored. Gaps are tallied. Recommendations tie directly to remediation you can execute on your timeline.

You receive the Sanctuary Model on a private USB deliverable. It runs entirely on your devices. TargetProof keeps no copy of your assessment. What remains is clarity: where you are exposed, what matters most, and exactly how to close it.

Ideal for: Family offices, multi-property estates, and principals who need an integrated picture — not another vendor checklist or enterprise software diagram.

What's Included
  • 156-control Sanctuary Framework (NIST CSF 2.0: Govern → Recover)
  • Structured intake across People · Institutions · Lifestyle
  • Threat Spectrum — documented targeting patterns and FTC-aligned fraud warnings
  • Onsite probes across primary residence and agreed scope
  • Private USB deliverable — vault password, then straight into your model
  • Live maturity dashboard, gap tally, and risk-ordered recommendations
  • 30 / 90 / 180 day remediation roadmap
  • Annual Review loop with explicit residual-risk acceptance
Standard Edition
Guided assistant. No AI. No cloud.

Every household receives the same private USB deliverable: 156 controls, threat spectrum, maturity dashboard, gap-linked remediation, and a rule-based assistant that reads your scored model — no language model, no external AI, no data connectors. Built for family offices that want maximum discretion.

Open source

The Sanctuary Model, published.

The Standard Edition is available on GitHub for practitioners, family offices, and researchers who want the framework without vendor lock-in. Same on-device architecture — encrypted local vault, 156 controls, threat spectrum, maturity dashboard, and guided assistant.

Released under the MIT License: free for personal and commercial use, with no royalties or compensation required. Modify it, embed it in your practice, or hand it to a client household — keep the license notice with any redistribution.

View on GitHub Read disclaimer
What you should know
  • Software is provided as-is — no warranty, no guarantee of security outcomes
  • Not legal, tax, insurance, or professional cybersecurity advice
  • You are responsible for how assessment data is stored and used on your devices
  • A principal-led onsite Family Threat Model engagement remains the white-glove path — USB packaging, probes, and Sanctuary remediation are separate from the open repository
Beyond generic cyber

Full-spectrum threat context

The threats wealthy households actually face — mapped to controls, not buried in a PDF appendix.

NIST CSF 2.0
Household-applied outcomes

Govern, Identify, Protect, Detect, Respond, Recover — translated for estates and family offices, not enterprise software alone.

Regulator-aligned warnings
FTC fraud themes

Impersonation, business email compromise, wire diversion, SIM swap, deepfake voice calls, data-broker exposure, and real-estate closing fraud.

Documented targeting patterns
What adversaries actually do

Home-invasion coercion for crypto assets, family-office wire fraud, integrator backdoor access, OSINT-enabled targeting, staff social engineering, and travel-route surveillance.

Patterns highlight automatically from your intake. You mark what is relevant. Your summary and assistant read from the same context.

Three Dimensions

Not just cyber. Not just physical.
Integrated protection.

Every control is tagged across these dimensions — because adversaries do not respect silos.

People
Family, staff, advisors

Access, behavior, training, and trust boundaries across everyone who touches your world.

Institutions
Family office & entities

Trusts, banks, counsel, insurers — governance and coordination across your professional ecosystem.

Lifestyle
How you actually live

Travel, residences, philanthropy, public profile — the patterns that make you predictable to an adversary.

For advisors

A protection layer alongside the plan

Referring attorneys, wealth managers, and family offices can offer clients two formats: Standard (no AI components) for maximum discretion, or AI for households that want conversational follow-up — still entirely on-device. The assessment complements wealth, succession, and governance work with integrated security most families have never had in one place.

Partner with TargetProof to bring Sanctuary-grade assessment to your clients.

For Advisors →

Peace of mind,
measured and maintained.

A private diagnostic. A living model you own. A clear sequence when you are ready. Discretion is not a feature — it is the foundation.

Arrange a Private Briefing