Draft:Rowan Framework

Submission declined on 11 May 2025 by KylieTastic (talk).

This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are:

in-depth (not just passing mentions about the subject)
reliable
secondary
independent of the subject

Make sure you add references that meet these criteria before resubmitting. Learn about mistakes to avoid when addressing this issue. If no additional references exist, the subject is not suitable for Wikipedia.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by KylieTastic 6 days ago. Last edited by KylieTastic 6 days ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

The Rowan Framework is a conceptual model for post-quantum and zero-trust encryption. It emphasizes the use of single-use, stateless cryptographic keys and integrates security into user experience design. The framework aligns with cybersecurity standards from governing bodies such as the National Institute of Standards and Technology (NIST)^[1] and the Cybersecurity and Infrastructure Security Agency (CISA)^[2], aiming to address emerging risks associated with quantum computing, distributed systems, and human factors in security.

Overview

The Rowan Framework proposes a five-part approach to secure system design. It encourages cryptographic operations that are short-lived and context-bound, promotes immutable logging for traceability, and embeds usability into every layer of the security experience. It is intended for use in environments that require continuous compliance, automation, and resilience to future cryptographic threats.

Core Principles

1. Perpetual Rotation

Every cryptographic operation uses a one-time-use, stateless encryption key that is generated automatically and discarded after a single use. This eliminates persistent key risk and supports mitigation against "harvest now, decrypt later" threats expected to increase with advances in quantum computing. A patent has been filed for the "Rowan Key"—a one-time-use, stateless encryption methodology used within the framework.^[3]

2. Obfuscation

Rather than securing just the system, the framework emphasizes encryption that travels with the data. This ensures confidentiality even in stateless or untrusted environments and supports resilient data flows across cloud-native and distributed architectures.

3. Assurance

Each action within the framework produces a cryptographically verifiable, tamper-evident audit log. These logs are timestamped and tied to specific identities, enabling regulatory compliance, operational transparency, and forensic traceability.

4. Non-Repudiation

All security operations are cryptographically signed to guarantee authenticity and accountability. These records ensure that users or systems cannot deny having performed an operation, while avoiding the long-term storage risks associated with static cryptographic keys.

5. Secure Interaction Architecture (SIA)

The framework incorporates human behavior as part of the security model. Security measures are designed to be intuitive and embedded into workflows, reducing the likelihood of accidental misconfiguration or user bypass and promoting frictionless compliance.

Alignment with NIST Cybersecurity Framework 2.0

The Rowan Framework supports and complements the six core functions of the NIST Cybersecurity Framework 2.0:^[1]

Govern: Establishes enforceable policies around cryptographic lifecycle management.
Identify: Assists in recognizing sensitive data, assets, and risks requiring encryption.
Protect: Implements proactive safeguards via single-use keys and automated security actions.
Detect: Supports monitoring for abnormal key usage or process deviations.
Respond: Enables immediate remediation through automated key revocation and rotation.
Recover: Ensures system resilience through distributed, stateless encryption logic.

Integration with CISA’s Secure by Design Principles

The Rowan Framework shares several priorities with CISA’s Secure by Design initiative:^[2]

Security Ownership: Security is architected into system operations, not retrofitted.
Radical Transparency: Cryptographic processes and logs are visible, traceable, and auditable.
Leadership Engagement: Designed for environments where executive-level governance over security posture is required.

Implementation Considerations

To adopt the Rowan Framework effectively, organizations should:

Integrate automated key generation and destruction into all critical workflows.
Avoid persistent secrets and instead implement one-time-use credentials where feasible.
Embed encryption into DevSecOps processes for early-stage security inclusion.
Train users on secure interaction patterns that align with the framework's usability goals.

References

^ ^a ^b National Institute of Standards and Technology. (2024). NIST Cybersecurity Framework (CSF) 2.0. Retrieved from https://www.nist.gov/cyberframework
^ ^a ^b Cybersecurity and Infrastructure Security Agency. (2023). Secure by Design. Retrieved from https://www.cisa.gov/securebydesign
^ "Patent pending. Rowan Key encryption methodology." Filing information on record with the United States Patent and Trademark Office (USPTO), 2025.

[nist2-1] National Institute of Standards and Technology. (2024). NIST Cybersecurity Framework (CSF) 2.0. Retrieved from https://www.nist.gov/cyberframework

[cisa2-2] Cybersecurity and Infrastructure Security Agency. (2023). Secure by Design. Retrieved from https://www.cisa.gov/securebydesign

[patentpending4-3] "Patent pending. Rowan Key encryption methodology." Filing information on record with the United States Patent and Trademark Office (USPTO), 2025.

[1]

[2]

[3]