Skip to main content
Standards Support

Control Mappings

How Attested Governance Artifacts provide evidence for regulatory framework controls.

Important: References to NIST, CISA, SLSA, and other standards are informational mappings to support governance discussions. This is not certification, endorsement, or compliance advice.

Attested Intelligence™ is not affiliated with, approved by, or endorsed by NIST, CISA, or any standards body. These mappings are provided as a conceptual alignment guide only. Actual compliance depends on implementation context and auditor assessment.

Mappings v1.0Last updated: January 2026
Download PDF

NIST AI RMF 1.0

AI Risk Management Framework (NIST AI 100-1)

ControlRequirementMechanismEvidence Field(s)Verification Step
GOVERN 1.1Policies establishedPolicy Artifact with enforcement_parameterspolicy_reference, sealed_hash, artifact_signatureVerify signature against pinned key, parse enforcement parameters
GOVERN 1.3Oversight mechanismsEnforcement Receipt chainreceipt.decision, receipt.chainVerify receipt signatures, validate chain continuity
MAP 1.5Risk documentedEvidence Bundle commitmentbundle_manifest.policy_hashVerify commitment hash matches policy artifact
MAP 3.1Benefits/costs assessedTelemetry policy thresholdstelemetry_policy.drift_ruleParse threshold definitions from policy
MEASURE 2.3Effectiveness trackedContinuous drift detectionreceipt.event_type: MEASUREMENT_OK/DRIFT_DETECTEDVerify receipt signatures, check measurement hashes
MEASURE 2.6Feedback incorporatedPolicy versioningpolicy_version, previous_artifact_refVerify version chain, check policy_id linkage
MANAGE 2.4Incidents documentedENFORCED receipts with forensic datareceipt.decision.action, receipt.decision.reason_codeVerify enforcement receipt, validate action matches policy
MANAGE 4.1Risk response deployedAutomatic enforcement actionsreceipt.event_type: ENFORCEDVerify enforcement occurred per policy mapping

NIST SSDF

Secure Software Development Framework (SP 800-218)

ControlRequirementMechanismEvidence Field(s)Verification Step
PO.1.1Security requirements definedPolicy Artifact integrity_policyintegrity_policy.baselinesVerify policy signature, parse baseline definitions
PO.3.2Roles and responsibilitiesKey custody and key_id bindingissuer.key_id, signer.key_idVerify key_id matches authorized issuers
PS.1.1Software protectedIntegrity baseline enforcementintegrity_policy.container_image_digestCompare runtime digest to sealed baseline
PS.2.1Software integrity verifiedLaunch Gate validationreceipt.event_type: POLICY_LOADEDVerify POLICY_LOADED receipt exists and is valid
PW.4.4Cryptographic practicesEd25519 signatures, SHA-256 hashingAll artifact.signature fieldsVerify all signatures using declared algorithm
PW.8.1Testing and verificationOffline Verifier conformanceverifier_output.verdictRun verifier, confirm PASS/FAIL matches expectations
RV.1.1Vulnerabilities identifiedDrift detection and reportingreceipt.event_type: DRIFT_DETECTEDVerify drift receipt, parse mismatched_paths
RV.3.3Root cause analyzedReceipt chain forensicsFull receipt chain with timestampsReconstruct event timeline from chain

NIST SP 800-53 Rev. 5

Security and Privacy Controls (Selected)

ControlRequirementMechanismEvidence Field(s)Verification Step
AU-2Event LoggingEnforcement Receipt emissionreceipt.event_type, receipt.timestampVerify all required event types present
AU-9Audit Information ProtectionSigned, hash-chained receiptsreceipt.chain.prev_receipt_hashVerify chain integrity, detect tampering
AU-10Non-repudiationEd25519 signatures on all artifactsartifact.signature, receipt.signatureVerify signatures against published keys
CM-2Baseline ConfigurationPolicy Artifact integrity baselinesintegrity_policy.config_digest, sbom_digestCompare runtime to sealed baselines
CM-3Configuration Change ControlDrift detection + policy versioningDRIFT_DETECTED receipts, policy_versionVerify all changes trigger drift detection
SI-4System MonitoringContinuous integrity measurementMEASUREMENT_OK receiptsVerify measurement cadence matches policy
SI-7Software IntegrityContainer/subject digest verificationintegrity_policy.container_image_digestVerify runtime digest matches sealed value
SA-10Developer Configuration ManagementSBOM and build provenancesbom_digest, build attestationsVerify SBOM hash, check provenance chain

CoSAI MCP Security Threat Coverage

12/12

Coalition for Secure AI (CoSAI), OASIS Open Project, January 2026

The CoSAI MCP Security whitepaper identifies 12 core threat categories and nearly 40 distinct threats specific to Model Context Protocol deployments. AGA addresses all 12 categories through its existing governance architecture.

IDThreat CategoryDomainAGA Governance Mechanism
T1Improper AuthenticationIdentity & AccessEd25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events
T2Missing Access ControlIdentity & AccessPortal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment
T3Input Validation FailuresInput HandlingRuntime measurement against sealed reference, behavioral drift detection
T4Data/Control Boundary FailuresInput HandlingBehavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics
T5Inadequate Data ProtectionData & CodeSalted commitments, privacy-preserving disclosure with substitution, inference risk prevention
T6Missing Integrity ControlsData & CodeContent-addressable hash binding, 10 measurement embodiments, continuous runtime verification
T7Session/Transport SecurityNetwork & TransportTTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts
T8Network Isolation FailuresNetwork & TransportTwo-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action
T9Trust Boundary FailuresTrust & DesignEnforcement pre-committed by human authorities in sealed artifact, not delegated to LLM
T10Resource ManagementTrust & DesignPer-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s)
T11Supply Chain FailuresOperationalContent-addressable hashing at attestation, runtime hash comparison blocks modified components
T12Insufficient ObservabilityOperationalSigned receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles
Source whitepaper

Evidence Artifact Summary

Policy Artifact provides:

  • Governance policy establishment (GOVERN)
  • Baseline configuration (CM-2)
  • Security requirements (PO.1.1)

Enforcement Receipt provides:

  • Event logging (AU-2)
  • Non-repudiation (AU-10)
  • Incident documentation (MANAGE)

Continuity Chain provides:

  • Audit protection (AU-9)
  • Change control (CM-3)
  • Effectiveness tracking (MEASURE)

Evidence Bundle provides:

  • Offline verification capability
  • Third-party audit support
  • Portable evidence packaging
Download Diligence PackView Architecture