{"doctrine":"v11","lambda_axes":[{"axis":1,"lambda_axis":"scoring methodology / documentation","nist_measure":"MEASURE 2.1","nist_text":"Test methods and metrics for AI risk","credo_dimension":"Information Integrity (methodology)","mechanism":"Λ 13-axis scoring rubric documented + exposed in every DSSE receipt","coverage":"COVERED"},{"axis":2,"lambda_axis":"factual accuracy / hallucination rate","nist_measure":"MEASURE 2.2","nist_text":"Evaluating AI systems for accuracy, interpretability","credo_dimension":"Information Integrity","mechanism":"Lean-proven formula verification; factuality axis scored per inference","coverage":"COVERED"},{"axis":3,"lambda_axis":"robustness / adversarial resistance","nist_measure":"MEASURE 2.3","nist_text":"Evaluating for reliability / robustness","credo_dimension":"Security (adversarial resistance)","mechanism":"Red-team / prompt-injection resistance score feeds the robustness axis","coverage":"PARTIAL"},{"axis":4,"lambda_axis":"operational resilience","nist_measure":"MEASURE 2.4","nist_text":"Evaluating for resilience","credo_dimension":"Security (resilience)","mechanism":"Resilience axis from szl_resilience degradation/fallback telemetry","coverage":"PARTIAL"},{"axis":5,"lambda_axis":"safety / harm avoidance","nist_measure":"MEASURE 2.5","nist_text":"Evaluating for safety","credo_dimension":"Harmful Content Generation","mechanism":"Output content-safety classifier feeds the safety axis; gate halts on DENY","coverage":"COVERED"},{"axis":6,"lambda_axis":"fairness / demographic parity","nist_measure":"MEASURE 2.6","nist_text":"Evaluating for fairness / bias","credo_dimension":"Fairness and Bias","mechanism":"Statistical bias detection on outputs feeds the fairness axis","coverage":"PARTIAL"},{"axis":7,"lambda_axis":"privacy / data minimization","nist_measure":"MEASURE 2.7","nist_text":"Evaluating for privacy","credo_dimension":"Privacy","mechanism":"PII detection on inputs/outputs feeds the privacy axis","coverage":"PARTIAL"},{"axis":8,"lambda_axis":"transparency / explainability","nist_measure":"MEASURE 2.8","nist_text":"Evaluating for transparency / explainability","credo_dimension":"Information Integrity (transparency)","mechanism":"Lean-proven formula output exposed in the DSSE receipt for every decision","coverage":"COVERED"},{"axis":9,"lambda_axis":"security posture score","nist_measure":"MEASURE 2.9","nist_text":"Evaluating for security","credo_dimension":"Security","mechanism":"SLSA build posture + signed deployment digest + sentinel rules score","coverage":"PARTIAL"},{"axis":10,"lambda_axis":"societal impact / mission alignment","nist_measure":"MEASURE 2.10","nist_text":"Evaluating impacts / risks across the lifecycle","credo_dimension":"Societal Harm","mechanism":"Authorization-boundary + human-override gate firing rate feeds the impact axis","coverage":"PARTIAL"},{"axis":11,"lambda_axis":"autonomy scope / action class","nist_measure":"MAP 2.1","nist_text":"AI system categorization — type, capabilities, scope","credo_dimension":"AI Agency and Autonomy","mechanism":"Action-class gate thresholds bound autonomous actions; irreversible → human override","coverage":"COVERED"},{"axis":12,"lambda_axis":"third-party / vendor risk","nist_measure":"GOVERN 6.1","nist_text":"Policies for third-party / supply-chain AI risk","credo_dimension":"Third-Party and Vendor Risk","mechanism":"Third-party model attestation + vendor DSSE receipt verification","coverage":"PARTIAL"},{"axis":13,"lambda_axis":"malicious-use / intent classification","nist_measure":"MEASURE 2.5","nist_text":"Evaluating for safety (misuse intent)","credo_dimension":"Malicious Use","mechanism":"Use-case intent classifier + policy gate; DENY on prohibited use class","coverage":"PARTIAL"}],"axis_count":13,"primary_target":"NIST AI RMF MEASURE 2 (10 subcategories) + GOVERN/MAP for governance axes","taxonomy_alignment":"Credo AI 10-dimension (derives from MIT AI Risk Repository)","dsse_receipt_schema_v2":[{"field":"inference_timestamp_utc","controls":["NIST80053/AU-3","EUAIAct/Art.12","ISO42001/A.6.5"]},{"field":"model_id_version_digest","controls":["NIST80053/CM-8","NIST80053/CM-2","EUAIAct/Art.12","ISO42001/A.6.6"]},{"field":"policy_bundle_digest","controls":["NIST80053/CM-3","EUAIAct/Art.9","ISO42001/A.9.2"]},{"field":"input_hash_sha256","controls":["NIST80053/AU-3","NIST80053/SI-10","EUAIAct/Art.12","ISO42001/A.7.2"]},{"field":"output_hash_sha256","controls":["NIST80053/AU-3","NIST80053/SI-7","EUAIAct/Art.12","ISO42001/A.6.6"]},{"field":"policy_gate_verdict_and_rule_id","controls":["NIST80053/AU-2","EUAIAct/Art.9","EUAIAct/Art.14","ISO42001/A.9.3"]},{"field":"lambda_score_13axis","controls":["NIST80053/RA-3","EUAIAct/Art.9","ISO42001/A.5.4"]},{"field":"operator_role_clearance","controls":["NIST80053/AC-2","NIST80053/AC-3","EUAIAct/Art.14","ISO42001/A.3.2"]},{"field":"ecdsa_p256_signature","controls":["NIST80053/AU-9","ISO42001/A.4.2"]},{"field":"reverification_endpoint","controls":["NIST80053/AU-6","EUAIAct/Art.12","ISO42001/A.8.2"]}],"policy_bundle_digest":"sha256:4b035da9e752dcdb81c8390974752fc729da8192e60a0459de50a05d4c9563ba","rego_gates":[{"name":"classification_boundary","package":"a11oy.gates.classification_boundary","controls":["ISO42001/A.9.6","NIST80053/AC-3","EUAIAct/Art.14"],"rego":"package a11oy.gates.classification_boundary\n\n# DENY when output classification exceeds the operator's clearance level.\ndefault allow := false\n\ndeny[msg] {\n  input.output_classification > input.user_clearance_level\n  msg := sprintf(\"output classification %v exceeds user clearance %v\",\n                 [input.output_classification, input.user_clearance_level])\n}\n\nallow {\n  count(deny) == 0\n}\n"},{"name":"human_override_required","package":"a11oy.gates.human_override_required","controls":["ISO42001/A.9.3","ISO42001/A.4.6","NIST80053/AU-2","EUAIAct/Art.14"],"rego":"package a11oy.gates.human_override_required\n\n# Require a human override for irreversible actions or when Λ < threshold.\ndefault require_human := false\n\nrequire_human {\n  input.action_class == \"irreversible\"\n}\n\nrequire_human {\n  input.lambda_score < input.lambda_halt_threshold\n}\n"},{"name":"deployment_readiness","package":"a11oy.gates.deployment_readiness","controls":["ISO27001/8.25","NIST80053/CM-3","ISO42001/A.6.7"],"rego":"package a11oy.gates.deployment_readiness\n\n# Block model promotion unless the signed package digest + Λ floor are met.\ndefault promote := false\n\npromote {\n  input.package_signed == true\n  input.slsa_level >= 2\n  input.lambda_score >= input.lambda_promote_floor\n}\n"}],"honest":"Coverage assessments reflect a11oy's INTERNAL analysis of its mechanisms against published framework control text. a11oy ALIGNS WITH / MAPS TO these frameworks; it does NOT claim certification. No third-party certification has been obtained for any framework as of Doctrine v11. Gaps are shown honestly. Λ = Conjecture 1; locked-proven = 8 @ c7c0ba17; trust never 100%.","status":"ALIGNMENT","sources":{"ISO/IEC 42001:2023 (AI management system)":"https://www.iso.org/standard/81230.html","ISO 42001 Annex A control list (reference)":"https://mindsetcyber.com.au/iso-42001-controls-list/","NIST AI RMF 1.0 Core":"https://airc.nist.gov/airmf-resources/airmf/5-sec-core/","NIST AI RMF Playbook (subcategory detail)":"https://airc.nist.gov/docs/AI_RMF_Playbook.pdf","NIST SP 800-53 Rev 5 catalog (OSCAL JSON)":"https://raw.githubusercontent.com/usnistgov/oscal-content/main/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5_catalog.json","OSCAL (usnistgov/OSCAL)":"https://github.com/usnistgov/OSCAL","OSCAL content (usnistgov/oscal-content)":"https://github.com/usnistgov/oscal-content","Open Policy Agent / Rego":"https://www.openpolicyagent.org/docs/latest/policy-language/","Credo AI risk taxonomy / MIT AI Risk Repository":"https://airisk.mit.edu/","EU AI Act high-level summary":"https://artificialintelligenceact.eu/high-level-summary/"}}