Compliance / GRC Alignment ALIGNS WITH · NOT CERTIFIEDΛ = Conjecture 1 0 runtime CDN

a11oy's mechanisms cross-referenced to ISO/IEC 42001:2023, NIST AI RMF 1.0, NIST SP 800-53 Rev 5, and the EU AI Act. The 13 Λ trust axes map to NIST AI RMF MEASURE 2; policy gates are published as OPA/Rego; a machine-readable OSCAL component-definition is committed to the repo. ← a11oy console · estate hub →
Coverage assessments reflect a11oy's INTERNAL analysis of its mechanisms against published framework control text. a11oy ALIGNS WITH / MAPS TO these frameworks; it does NOT claim certification. No third-party certification has been obtained for any framework as of Doctrine v11. Gaps are shown honestly. Λ = Conjecture 1; locked-proven = 8 @ c7c0ba17; trust never 100%.

Coverage matrix — ● COVERED=19 · — NA=1 · ◐ PARTIAL=10 · ○ ROADMAP=2

Honest per-control state. COVERED = a specific testable mechanism; PARTIAL = mechanism exists but incomplete; ROADMAP = planned; N/A = out of scope (with reason). EU AI Act self-classification: High-Risk (defense-tech agentic orchestrator).

a11oy Restraint contribution (R5): the governed code-minimization / dependency-frugality ladder (/api/a11oy/v1/restraint/{evaluate,bench,info}) contributes 6 rows below — controls A.6.2, CM-7, MANAGE 2.3, SA-15, SA-8, SR-3 (NIST 800-53 SA-8/SA-15/CM-7/SR-3, NIST AI RMF MANAGE 2.3, ISO 42001 A.6.2). Less code + fewer dependencies = smaller attack / maintenance surface. Wired into Auto-Review as rule AR-006-prefer-minimal-diff. ALIGNS WITH / MAPS TO — NOT certified. open Restraint →

ControlFrameworkTitlea11oy mechanismCoverage
A.2.2ISO 42001AI policyDoctrine v11 is the published AI policy; versioned + change-controlled● COVERED
A.3.2ISO 42001AI roles & responsibilitiesOperator role + clearance captured in every DSSE receipt (AC-2/AC-3)● COVERED
A.3.3ISO 42001AI risk reportingΛ score reported per-inference; no formal periodic risk REPORT output yet◐ PARTIAL
A.4.6ISO 42001Human oversight & monitoringhuman_override_required Rego gate fires before irreversible actions / low Λ● COVERED
A.5.4ISO 42001AI system risk management13-axis Λ score computed per inference; sealed into the DSSE receipt● COVERED
A.6.4ISO 42001Data provenanceInput hash + model version + lineage recorded in the receipt● COVERED
A.6.6ISO 42001AI system verificationOutput hash + Lean-verified formula path; locked-proven = 8 @ c7c0ba17◐ PARTIAL
A.9.3ISO 42001Human oversight (use)Human-override gate; irreversible actions require human confirmation● COVERED
A.9.4ISO 42001Incident managementIncident receipt + tamper-evident re-verification at /cosign.pub◐ PARTIAL
A.10.4ISO 42001Supplier monitoringThird-party model attestation; vendor DSSE receipt verification◐ PARTIAL
GOVERN 1.1NIST AI RMFAI policies & processesDoctrine v11 + policy-gate configuration inventory● COVERED
MAP 2.3NIST AI RMFAI capability characterizationΛ scoring methodology + model registry classification● COVERED
MEASURE 2.8NIST AI RMFTransparency / explainabilityLean-proven formula output exposed in the receipt● COVERED
MEASURE 3.1NIST AI RMFRisk tracking over timeContinuous Λ score with a timestamp chain of receipts◐ PARTIAL
GOVERN 3.2NIST AI RMFWorkforce DEIOut of scope for an orchestration layer (organizational control)— NA
MANAGE 4.1NIST AI RMFPost-incident after-actionIncident receipt replay + independent re-verification◐ PARTIAL
MEASURE 4.2NIST AI RMFMeasurement-effectiveness feedbackΛ-score calibration feedback loop○ ROADMAP
AU-2NIST 800-53r5Event loggingDSSE-signed audit event per inference (verdict + rule ID)● COVERED
AU-3NIST 800-53r5Content of audit recordsTimestamp + input/output hash in every receipt● COVERED
AU-9NIST 800-53r5Protection of audit informationRecords sealed in DSSE envelopes signed by ECDSA-P256; tamper-detectable● COVERED
CM-8NIST 800-53r5System component inventoryModel ID + version + digest recorded per inference● COVERED
RA-3NIST 800-53r5Risk assessment13-axis Λ trust score is the per-inference risk assessment● COVERED
SI-10NIST 800-53r5Information input validationInput hash + classification-boundary gate◐ PARTIAL
Article 12EU AI ActRecord-keeping / loggingImmutable DSSE receipt per inference satisfies automatic logging● COVERED
Article 14EU AI ActHuman oversightHuman-in-the-loop override gate; human-on-loop for SIMULATED effectors● COVERED
Article 9EU AI ActRisk management system (High-Risk)Λ-gated policy enforcement; no formal QMS document yet○ ROADMAP
SA-8NIST 800-53r5Security engineering principles (economy of mechanism)Restraint 6-rung frugality ladder runs before every diff; the agent emits the minimal viable code (fewest files, smallest surface); each decision is a signed DSSE receipt + Λ score (/api/a11oy/v1/restraint/evaluate)● COVERED
CM-7NIST 800-53r5Least functionalityYAGNI rung skips speculative abstractions; the ladder prefers stdlib/native over bespoke code, minimising functionality + attack surface. Auto-Review rule AR-006 (prefer-minimal-diff) narrows a bloated diff that skipped the ladder● COVERED
SA-15NIST 800-53r5Development process, standards & toolsRestraint is wired into the dev path as a pre-write reflex with a promptfoo-style two-arm benchmark (baseline vs restraint), honestly labelled MEASURED-or-SAMPLE/ROADMAP; restraint: ceiling comments name each deliberate simplification's upgrade path◐ PARTIAL
SR-3NIST 800-53r5Supply chain controls & processesDependency-frugality: the 'already-installed dependency' rung prefers deps already in the image and discourages adding new third-party packages, shrinking supply-chain exposure. No formal SBOM gate on the restraint path yet◐ PARTIAL
MANAGE 2.3NIST AI RMFManage residual / supply-chain risk (code & dependency frugality)Restraint reduces residual maintenance + supply-chain risk by minimising generated code and new dependencies; the Auto-Review classifier consumes the restraint verdict as a governance signal (AR-006) and seals the rung into the signed verdict● COVERED
A.6.2ISO 42001AI system lifecycle — responsible design & developmentFrugality ladder is applied in the design/development phase of the AI code agent; deliberate simplifications are documented via restraint: ceiling comments and signed receipts, supporting responsible, auditable development◐ PARTIAL

13 Λ axes → NIST AI RMF MEASURE 2 (+ Credo AI / MIT taxonomy)

Each proprietary Λ axis gets an industry-standard referent so external evaluators recognise it without a custom glossary.

Λ axisTrust dimensionNIST AI RMFCredo AI / MITMechanismState
Λ1scoring methodology / documentationMEASURE 2.1Information Integrity (methodology)Λ 13-axis scoring rubric documented + exposed in every DSSE receiptCOVERED
Λ2factual accuracy / hallucination rateMEASURE 2.2Information IntegrityLean-proven formula verification; factuality axis scored per inferenceCOVERED
Λ3robustness / adversarial resistanceMEASURE 2.3Security (adversarial resistance)Red-team / prompt-injection resistance score feeds the robustness axisPARTIAL
Λ4operational resilienceMEASURE 2.4Security (resilience)Resilience axis from szl_resilience degradation/fallback telemetryPARTIAL
Λ5safety / harm avoidanceMEASURE 2.5Harmful Content GenerationOutput content-safety classifier feeds the safety axis; gate halts on DENYCOVERED
Λ6fairness / demographic parityMEASURE 2.6Fairness and BiasStatistical bias detection on outputs feeds the fairness axisPARTIAL
Λ7privacy / data minimizationMEASURE 2.7PrivacyPII detection on inputs/outputs feeds the privacy axisPARTIAL
Λ8transparency / explainabilityMEASURE 2.8Information Integrity (transparency)Lean-proven formula output exposed in the DSSE receipt for every decisionCOVERED
Λ9security posture scoreMEASURE 2.9SecuritySLSA build posture + signed deployment digest + sentinel rules scorePARTIAL
Λ10societal impact / mission alignmentMEASURE 2.10Societal HarmAuthorization-boundary + human-override gate firing rate feeds the impact axisPARTIAL
Λ11autonomy scope / action classMAP 2.1AI Agency and AutonomyAction-class gate thresholds bound autonomous actions; irreversible → human overrideCOVERED
Λ12third-party / vendor riskGOVERN 6.1Third-Party and Vendor RiskThird-party model attestation + vendor DSSE receipt verificationPARTIAL
Λ13malicious-use / intent classificationMEASURE 2.5Malicious UseUse-case intent classifier + policy gate; DENY on prohibited use classPARTIAL

Policy gates as OPA/Rego + DSSE Receipt Schema v2

Gates are published policy-as-code; the bundle is version-locked by a SHA-256 digest that every DSSE receipt cites, so a receipt proves WHICH policy version made the decision. Each receipt field maps to specific control IDs (800-53 AU/CM/RA family, EU AI Act Art. 12/14, ISO 42001 A.x). Receipts are ECDSA-P256/DSSE signed; re-verify at /cosign.pub.

policy bundle digest: sha256:4b035da9e752dcdb81c8390974752fc729da8192e60a0459de50a05d4c9563ba
raw /grc/mapping (Λ→NIST, Rego, DSSE schema)
loading…

OSCAL component-definition

Machine-readable OSCAL (control source = usnistgov/oscal-content SP 800-53 Rev 5 catalog), committed to the repo at compliance/oscal/a11oy-component-definition.json and served live below. ALIGNMENT only — never a certification artifact.

raw /grc/oscal (component-definition)
loading…

3D Coverage Matrix — floating OSCAL control grid

The SAME live /grc/matrix + /grc/oscal controls rendered on the shared 0-CDN holographic kit as a floating control grid: a green sphere = COVERED (a specific testable mechanism), amber = PARTIAL, red = ROADMAP / gap. When a control is backed by a signed DSSE receipt, a signed evidence pulse lights its edge to the framework hub. ALIGNS WITH / maps to the frameworks — never certified. CPU/old-GPU renders the same data on a 2D canvas fallback; the coverage table above is the complete non-3D experience. Patterns: NIST OSCAL, Credo AI, OneTrust.

COVERED PARTIAL ROADMAP/gap signed evidence pulses 0
3D is off (default). Click Enable 3D to render the holographic OSCAL coverage matrix on the live /grc/matrix + /grc/oscal endpoints. The coverage table above is always available as the fallback.
Honest: spheres reflect a11oy's INTERNAL analysis of its mechanisms against published control text — ALIGNS WITH / MAPS TO, not a certification artifact. Coverage states (COVERED / PARTIAL / ROADMAP / N/A) come straight from the live /grc/matrix; gaps are shown honestly. 0 runtime CDN · WebGL2 + 2D fallback · Λ = Conjecture 1 (<1.0) · trust < 100%.
Adopted & cited — sources: ISO/IEC 42001:2023 · NIST AI RMF 1.0 · OSCAL (usnistgov) · oscal-content · OPA / Rego · MIT AI Risk Repository (Credo AI taxonomy) · EU AI Act.