Generated from canonical sources

Standards portal

Explore the normative control baseline, classify workload characteristics, plan assurance evidence, discover crosswalks, and onboard machine-readable conformance tooling without overstating what repository artifacts prove.

78
Normative controls
8
Control families
14
JSON schemas
5
Crosswalks
Normative: creates requirementsInformative: supports interpretationTooling: validates supplied artifacts
normative

Normative control catalog

Every result below is parsed from the normative kernel and control documents. Requirement language and objective evidence are authoritative; portal filters do not decide applicability.

Showing 78 of 78 controls
OAIES-GOV-001Normative · activeGovernance

The organization MUST maintain an approved system boundary covering every component and dependency capable of affecting outputs or actions.

Applicability
Universal
Objective evidence
Versioned boundary record, architecture/data-flow diagram, dependency inventory, owner approval
OAIES-GOV-002Normative · activeGovernance

The organization MUST name one system owner and a control owner for every applicable control.

Applicability
Universal
Objective evidence
Signed ownership register and SoA owner fields
OAIES-GOV-003Normative · activeGovernance

The system owner MUST classify all applicable workload profiles, autonomy level, and impact level before production use and after material change.

Applicability
Universal
Objective evidence
Dated classification record with rationale, approver, and change history
OAIES-GOV-004Normative · activeGovernance

The SoA MUST include every control in the claimed OAIES version and record its applicability disposition and rationale.

Applicability
Universal
Objective evidence
Complete version-controlled SoA; automated or manual completeness reconciliation
OAIES-GOV-005Normative · activeGovernance

A not-applicable disposition MUST NOT be used solely because implementation is costly, difficult, outsourced, or incomplete.

Applicability
Universal
Objective evidence
SoA rationales tied to boundary facts; assessor challenge log
OAIES-GOV-006Normative · activeGovernance

Third-party components MUST remain inside the system boundary wherever their behavior can affect conformance.

Applicability
Universal
Objective evidence
Supplier inventory, contracts/assurance reports, boundary diagram, shared-responsibility matrix
OAIES-RSK-001Normative · activeRisk

A4 deployment MUST NOT enter production without documented executive authorization, independent risk assessment, bounded authority, and tested containment.

Applicability
A4
Objective evidence
Signed authorization, independent assessment report, authority policy, containment test results
OAIES-RSK-002Normative · activeRisk

The system owner MUST maintain a risk register covering intended use, foreseeable misuse, affected parties, failure modes, likelihood, impact, safeguards, residual risk, and treatment owner.

Applicability
Universal
Objective evidence
Approved risk register linked to system version and review history
OAIES-RSK-003Normative · activeRisk

Residual risks above the organization’s approved tolerance MUST NOT be accepted by the system owner alone.

Applicability
Universal
Objective evidence
Risk policy, approval matrix, signed acceptance by authorized risk owner
OAIES-MOD-001Normative · activeModel

The organization MUST define measurable acceptance criteria and evaluate the complete system against representative and adversarial cases before release.

Applicability
Universal
Objective evidence
Versioned evaluation plan, dataset lineage, executable results, threshold decision
OAIES-MOD-002Normative · activeModel

Production model, prompt, policy, tool, and configuration versions MUST be uniquely identifiable and reproducible.

Applicability
Universal
Objective evidence
Immutable release manifest, hashes/versions, configuration snapshot, rebuild or replay result
OAIES-MOD-003Normative · activeModel

Material model or prompt changes MUST NOT bypass regression, safety, and security gates.

Applicability
Universal
Objective evidence
Change diff, CI/release gate logs, evaluation comparison, approval record
OAIES-DAT-001Normative · activeData

Data used for training, tuning, retrieval, evaluation, or inference MUST have documented provenance, permitted purpose, sensitivity, retention, and responsible owner.

Applicability
Universal
Objective evidence
Data inventory, lineage records, legal basis/license, classification and retention policy
OAIES-DAT-002Normative · activeData

Sensitive data MUST be minimized and protected in prompts, logs, memory, evaluation sets, and outputs according to its classification.

Applicability
Where sensitive data is processed
Objective evidence
Data-flow map, minimization decision, access controls, encryption settings, DLP test results
OAIES-SEC-001Normative · activeSecurity

Identity and access controls MUST enforce least privilege for models, tools, data stores, administrative interfaces, and service accounts.

Applicability
Universal
Objective evidence
Access matrix, policy configuration, entitlement review, denied-access tests
OAIES-SEC-002Normative · activeSecurity

Untrusted input and model output MUST be treated as data rather than executable authority across trust boundaries.

Applicability
Universal
Objective evidence
Threat model, parser/validator policy, sandbox configuration, injection test results
OAIES-SEC-003Normative · activeSecurity

Secrets MUST NOT be embedded in prompts, source artifacts, model context, logs, or generated output.

Applicability
Universal
Objective evidence
Secret-scanning results, vault references, redacted telemetry sample, incident review
OAIES-OPS-001Normative · activeOperations

Production releases MUST use an approved, attributable, reversible change process with separation appropriate to impact.

Applicability
Universal
Objective evidence
Release ticket, approver identity, deployment log, rollback plan and exercise
OAIES-OPS-002Normative · activeOperations

The organization MUST monitor safety, security, quality, availability, cost, and policy-relevant events at frequencies justified by risk.

Applicability
Universal
Objective evidence
Monitoring specification, dashboards/alerts, sampled events, alert test and response records
OAIES-OPS-003Normative · activeOperations

AI incidents MUST enter a documented response process that preserves evidence, limits harm, notifies accountable parties, and records corrective action.

Applicability
Universal
Objective evidence
Incident plan, exercise or incident record, preserved logs, notifications, corrective-action closure
OAIES-OPS-004Normative · activeOperations

Users MUST receive accurate notice when they interact with AI or when AI materially influences an outcome, except where lawfully exempted and documented.

Applicability
User-facing or decision-influencing systems
Objective evidence
Interface capture, notice text/version, exemption analysis, usability test
OAIES-ASR-001Normative · activeAssurance

Applicable controls MUST be supported by evidence meeting the quality rules in 03.

Applicability
Universal
Objective evidence
Evidence index linked bidirectionally to SoA and immutable evidence objects
OAIES-MOD-010Normative · activeModel

Assistant output MUST be constrained or reviewed where an unsupported claim could cause material harm.

Applicability
P1, I2–I3
Objective evidence
Output policy, enforcement configuration, test corpus and results, review records
OAIES-MOD-011Normative · activeModel

The system MUST communicate material capability limits and uncertainty at the point where a user relies on output.

Applicability
P1
Objective evidence
Approved UX copy, rendered interface evidence, user-comprehension test
OAIES-MOD-012Normative · activeModel

Safety and refusal behavior MUST be tested against domain-relevant harmful, ambiguous, multilingual, and adversarial requests.

Applicability
P1
Objective evidence
Threat-informed test set, run metadata, results, defect remediation
OAIES-DAT-010Normative · activeData

Retrieval authorization MUST be enforced at query time using the requesting principal and source permissions.

Applicability
P2 with restricted content
Objective evidence
Authorization design, index ACL mapping, positive/negative access tests, query audit logs
OAIES-DAT-011Normative · activeData

Retrieved content MUST retain source identity, version or retrieval time, and trust metadata through generation.

Applicability
P2
Objective evidence
Indexed metadata schema, response trace, citation/provenance tests
OAIES-DAT-012Normative · activeData

The system MUST evaluate retrieval relevance, coverage, grounding, and resistance to content-based instruction injection before release.

Applicability
P2
Objective evidence
Curated evaluation set, metric definitions, thresholds, run results, poisoning/injection tests
OAIES-DAT-013Normative · activeData

Stale, revoked, or deleted source content MUST be removed from serving indexes within a documented risk-based service level.

Applicability
P2
Objective evidence
Freshness SLA, deletion propagation logs, reconciliation report, stale-content alert test
OAIES-AGT-010Normative · activeAgent

Code execution MUST occur in an isolated environment with bounded network, filesystem, identity, compute, and time permissions.

Applicability
P3 with execution
Objective evidence
Sandbox policy/configuration, escape and egress tests, resource-limit logs
OAIES-AGT-011Normative · activeAgent

Generated code MUST pass deterministic tests, static analysis, dependency, license, and secret checks appropriate to the repository before merge or deployment.

Applicability
P3 producing code
Objective evidence
Required-check configuration, CI logs, branch protection, blocked-failure example
OAIES-AGT-012Normative · activeAgent

Security-sensitive or production-impacting code changes MUST receive independent human approval from an authorized reviewer.

Applicability
P3, I2–I3
Objective evidence
CODEOWNERS/approval policy, pull-request approvals, reviewer authorization record
OAIES-SEC-010Normative · activeSecurity

Agent-selected dependencies MUST be resolved through approved registries and verified against integrity and vulnerability policy.

Applicability
P3 adding dependencies
Objective evidence
Registry policy, lockfile/signature or hash verification, SCA report, exception record
OAIES-AGT-020Normative · activeAgent

Every external action MUST pass deterministic authorization, schema validation, policy, and idempotency controls outside the model.

Applicability
P4
Objective evidence
Policy-as-code/configuration, action schema, replay/idempotency tests, allow/deny logs
OAIES-AGT-021Normative · activeAgent

Consequential or irreversible actions MUST require informed human approval bound to the exact action payload before execution.

Applicability
P4, I2–I3
Objective evidence
Approval UX capture, signed payload/hash, approver identity, execution correlation ID
OAIES-AGT-022Normative · activeAgent

Reversible actions MUST have a tested compensation or rollback path before autonomous production execution.

Applicability
P4, A2–A3
Objective evidence
Rollback procedure, test results, recovery objectives, exercise record
OAIES-AGT-023Normative · activeAgent

Action limits MUST bound value, rate, scope, destination, and cumulative exposure independently of model instructions.

Applicability
P4, A2–A3
Objective evidence
Runtime limit configuration, boundary tests, limit alerts, blocked-action logs
OAIES-AGT-030Normative · activeAgent

Delegation MUST NOT increase permissions, data access, or action authority beyond the initiating principal and approved workflow.

Applicability
P5
Objective evidence
Delegation protocol, capability tokens/policies, privilege-escalation tests, trace sample
OAIES-AGT-031Normative · activeAgent

Every inter-agent message and action MUST be attributable to agent identity, version, parent task, and initiating principal.

Applicability
P5
Objective evidence
Trace schema, immutable end-to-end trace, correlation tests
OAIES-AGT-032Normative · activeAgent

Orchestration MUST enforce termination conditions for cycles, fan-out, cost, time, and repeated failure.

Applicability
P5
Objective evidence
Orchestrator limits, loop/fan-out tests, cutoff telemetry, incident procedure
OAIES-AGT-033Normative · activeAgent

Conflicting agent outputs MUST be resolved by an explicit deterministic or human-governed policy before consequential action.

Applicability
P5 producing consequential action
Objective evidence
Conflict policy, scenario tests, decision records and trace
OAIES-RSK-010Normative · activeRisk

A high-impact system MUST complete an impact assessment covering affected groups, rights, safety, accessibility, discrimination, contestability, and cumulative effects before production use.

Applicability
P6 or I3
Objective evidence
Approved impact assessment, stakeholder input, mitigation tracking
OAIES-RSK-011Normative · activeRisk

High-impact deployment MUST have independent pre-release assurance and an organization-approved reassessment interval derived from impact, change rate, incident history, applicable obligations, and claim period; that interval must be shorter than the approved interval for otherwise comparable lower-impact systems.

Applicability
P6 or I3
Objective evidence
Assessor independence declaration, assessment report, approved cadence decision with risk rationale and legal mapping, claim-period record, reassessment schedule
OAIES-RSK-012Normative · activeRisk

Affected persons MUST have an accessible path to explanation, correction, contest, and human review of material adverse outcomes.

Applicability
P6 or I3 affecting persons
Objective evidence
Procedure, interface evidence, service metrics, sampled cases and resolutions
OAIES-MOD-020Normative · activeModel

High-impact performance MUST be evaluated for relevant subgroups, operating conditions, and foreseeable distribution shifts using domain-approved thresholds.

Applicability
P6 or I3
Objective evidence
Evaluation protocol, subgroup results, threshold approvals, drift tests
OAIES-OPS-010Normative · activeOperations

The operator MUST maintain and test an immediate safe-stop, fallback, or service-withdrawal mechanism.

Applicability
P6 or I3; A3–A4
Objective evidence
Mechanism design, access authorization, exercise results, recovery record
OAIES-ASR-010Normative · activeAssurance

High-impact evidence MUST be retained under an approved records schedule that accounts for applicable jurisdictional, regulatory, contractual, claim-period, appeal, incident, investigation, and litigation-hold needs and receives independent legal or records-management approval before disposal.

Applicability
P6 or I3
Objective evidence
Approved records schedule and legal mapping, claim and appeal periods, hold register, disposition approval, integrity and retrieval tests
OAIES-AGT-040Normative · activeAgent

Tool access MUST use explicit allowlists, least-privilege credentials, argument constraints, and default-deny behavior.

Applicability
A2–A4
Objective evidence
Tool registry, IAM/policy configuration, denied-tool and invalid-argument tests
OAIES-AGT-041Normative · activeAgent

Memory that can influence future actions MUST have provenance, access control, retention, integrity protection, and a deletion mechanism.

Applicability
A2–A4 with persistent memory
Objective evidence
Memory schema, ACLs, integrity test, retention/deletion logs
OAIES-AGT-042Normative · activeAgent

Operators MUST be able to suspend autonomous execution without model cooperation.

Applicability
A2–A4
Objective evidence
Out-of-band control design, authorized operator list, kill-switch exercise
OAIES-AGT-043Normative · activeAgent

Autonomous decisions and actions MUST produce tamper-evident traces sufficient to reconstruct inputs, policy decisions, tool calls, approvals, outputs, and outcomes.

Applicability
A2–A4
Objective evidence
Trace specification, integrity controls, sampled reconstruction test
OAIES-ASR-002Normative · activeAssurance

Each evidence item MUST identify source, custodian, collection time, covered period, system scope, control mapping, integrity mechanism, and retention date.

Applicability
Universal
Objective evidence
Evidence index and sampled evidence metadata
OAIES-ASR-003Normative · activeAssurance

Operating-effectiveness evidence MUST represent the full assessment period and include failures and exceptions in the sampled population.

Applicability
Controls expected to operate over time
Objective evidence
Population extract, sampling frame, failure records, sample rationale
OAIES-ASR-004Normative · activeAssurance

Evidence MUST NOT rely solely on a control owner’s uncorroborated assertion.

Applicability
Universal
Objective evidence
Independent system records, configuration export, reperformed test, or corroborating source
OAIES-ASR-005Normative · activeAssurance

The organization MUST protect evidence against unauthorized alteration and verify retrievability throughout retention.

Applicability
Universal
Objective evidence
Immutable/WORM or signed storage settings, access log, integrity and restore tests
OAIES-GOV-010Normative · activeGovernance

The SoA MUST identify system/version, boundary, profiles, autonomy, impact, OAIES version, every control disposition, rationale, owner, evidence, exception, approval, and review date.

Applicability
Universal
Objective evidence
Completed approved SoA and schema/completeness validation
OAIES-GOV-011Normative · activeGovernance

Each not-applicable decision MUST cite a factual boundary or applicability condition and receive system-owner approval.

Applicability
Universal
Objective evidence
SoA rationale, boundary reference, dated approval
OAIES-RSK-020Normative · activeRisk

Each exception MUST identify the unmet requirement, cause, exposure, affected assets/people, likelihood, impact, compensating controls, residual risk, remediation owner, due date, expiry, applicable maximum-duration policy, duration rationale, and approvers.

Applicability
Any exception
Objective evidence
Completed exception record, linked risk-register entry, approved duration policy, claim-period and jurisdictional/contractual mapping
OAIES-RSK-021Normative · activeRisk

An exception MUST NOT remain valid beyond its expiry or after a material change without reassessment and new approval.

Applicability
Any exception
Objective evidence
Expiry automation, reassessment, approval history, blocked-release or alert record
OAIES-RSK-022Normative · activeRisk

Compensating controls MUST be tested for the stated risk before exception approval.

Applicability
Exception using compensation
Objective evidence
Test plan/results, risk comparison, approver review
OAIES-RSK-023Normative · activeRisk

Expired or rejected exceptions MUST cause the affected control to become nonconforming until remediated.

Applicability
Any expired/rejected exception
Objective evidence
SoA status transition, GRC workflow, claim update or suspension
OAIES-RSK-024Normative · activeRisk

The organization MUST approve exception-duration maxima by residual-impact tier, make higher-impact maxima progressively shorter, and review the maxima when risk tolerance, applicable obligations, or claim periods change.

Applicability
Organization permitting exceptions
Objective evidence
Approved exception-duration policy, tier rationale, legal/contractual mapping, risk-committee approval and review history
OAIES-ASR-006Normative · activeAssurance

A conformance claim MUST state system boundary, environments, OAIES version, assessor, assessment period, status, active exceptions, issue date, expiry date, and material-change limitation.

Applicability
Any public or internal claim
Objective evidence
Signed claim or assessment report containing all fields
OAIES-ASR-007Normative · activeAssurance

An OAIES claim MUST NOT be described as certification, accreditation, regulatory approval, endorsement, or organization-wide assurance; any separately issued external certification must be clearly distinguished from the OAIES claim and attributed to its actual scheme and issuing body.

Applicability
Any claim
Objective evidence
Approved claim language, communications review, and separate external certificate/scheme record where referenced
OAIES-ASR-008Normative · activeAssurance

The organization MUST suspend or correct a claim when a major nonconformity, expired exception, material scope change, or unreliable evidence invalidates its basis.

Applicability
Active claim
Objective evidence
Claim register, trigger alert, withdrawal/correction notice, reassessment record
OAIES-GOV-020Normative · activeGovernance

The standard maintainer MUST publish versioned release notes identifying control-level additions, changes, deprecations, retirements, migrations, effective dates, and the evidence-based rationale for each migration window.

Applicability
Every OAIES release
Objective evidence
Signed/tagged release, changelog, control diff, compatibility/risk analysis, adopter migration evidence, migration notice
OAIES-GOV-021Normative · activeGovernance

A deprecated control MUST retain its ID and normative force until its published retirement date.

Applicability
Deprecated controls
Objective evidence
Version archive, release notice, control registry
OAIES-GOV-022Normative · activeGovernance

A retired control ID MUST NOT be reassigned to another requirement.

Applicability
Standard maintenance
Objective evidence
Automated registry uniqueness check and historical catalog
OAIES-GOV-023Normative · activeGovernance

Affected claims MUST be reassessed when a requirement is withdrawn for urgent safety, security, or legal reasons.

Applicability
Withdrawn requirement
Objective evidence
Withdrawal notice, claim register query, reassessment/suspension records
OAIES-ASR-020Normative · activeAssurance

The assessor MUST document scope, criteria, period, team competence, independence, limitations, methods, populations, samples, tests, evidence, findings, and conclusion.

Applicability
Every conformance assessment
Objective evidence
Complete signed assessment report and workpapers
OAIES-ASR-021Normative · activeAssurance

The assessor MUST validate SoA completeness and challenge not-applicable rationales against system-boundary facts.

Applicability
Every conformance assessment
Objective evidence
Catalog reconciliation, challenge log, corrected SoA
OAIES-ASR-022Normative · activeAssurance

The assessor MUST test both control design and operating effectiveness unless the report explicitly provides a design-only conclusion whose approved expiry is bounded by the claim period and whose wording excludes operating effectiveness.

Applicability
Every positive conclusion
Objective evidence
Test workpapers, control-frequency and operating-cycle analysis, period evidence, approved design-only expiry and claim language where applicable
OAIES-ASR-023Normative · activeAssurance

Sample selection MUST be reproducible and risk-based, derive size and census decisions from approved assurance and deviation criteria, include failures and overrides, apply stronger criteria to I3, and preserve the source population or immutable query.

Applicability
Assessment using samples
Objective evidence
Approved sampling methodology, population/control-frequency analysis, assurance and tolerable-deviation decisions, I3 escalation rationale, seed/query, population hash/export, selected records
OAIES-ASR-024Normative · activeAssurance

I3 assessments MUST use an assessor independent of control ownership, implementation, operation, and delivery reporting lines.

Applicability
P6 or I3
Objective evidence
Organization chart, role declarations, conflict check, engagement approval
OAIES-ASR-025Normative · activeAssurance

A positive conclusion MUST NOT be issued when a major nonconformity remains open or a scope limitation prevents sufficient appropriate evidence.

Applicability
Every conformance assessment
Objective evidence
Finding register, limitation analysis, report conclusion, quality review
OAIES-ASR-026Normative · activeAssurance

Assessment reports MUST receive factual review and independent quality review before issuance.

Applicability
Every conformance assessment
Objective evidence
Management responses, review notes, reviewer sign-off, issued report hash
OAIES-ASR-027Normative · activeAssurance

Active claims MUST follow an organization-approved surveillance interval derived from impact, change rate, control frequency, incident history, applicable obligations, and claim period; I3 intervals must be shorter than otherwise comparable lower-impact intervals, and material change, major incident, invalid evidence, or withdrawal of relied-upon supplier assurance triggers immediate review.

Applicability
Active claim
Objective evidence
Approved cadence policy and system-specific rationale, legal/contractual mapping, claim-period record, I3 escalation comparison, surveillance reports, change/incident and supplier triggers
OAIES-ASR-028Normative · activeAssurance

Corrective actions MUST identify root cause, owner, due date, remediation, validation method, and closure evidence.

Applicability
Any nonconformity
Objective evidence
Corrective-action record, validation results, assessor closure
informative

Workload and risk classification worksheet

This informative worksheet identifies a candidate control set for SoA review. It does not classify a system, prove applicability, or produce a conformance result.

1. Select every production behavior
Governance posture: standard review

Candidate SoA review set

24 controls match the universal baseline or selected overlays. Conditional controls and legal or organization-specific requirements still require explicit review.

GOV: 8RSK: 2MOD: 3DAT: 1SEC: 3OPS: 3ASR: 4

Do not describe this candidate set as an assessment or claim. Complete boundary analysis, applicability rationales, approvals, evidence, and catalog reconciliation in the SoA.

normative

Evidence requirements and SoA workflow

The evidence quality attributes, evidence classes, and SoA dispositions below come directly from the normative assurance source.

Admissibility checks

Authentic
Source identity and integrity can be verified.
Attributable
Responsible person, service, or process is identifiable.
Scoped
System, environment, component, control, and period are explicit.
Timely
Evidence falls within the assessment period or proves current design.
Complete
Relevant failures, exclusions, and populations are included.
Reproducible
A competent reviewer can repeat the test or trace the result.
Protected
Access, integrity, retention, and lawful handling are enforced.

Evidence classes

DesignSafeguard is specified and appropriate
approved policy, threat model, architecture, test plan
ImplementationSafeguard exists as configured
policy-as-code, IAM export, deployment manifest
OperationSafeguard worked during the period
logs, tickets, CI runs, alerts, sampled transactions
OutcomeRisk-relevant result stayed within criteria
evaluation trend, incident rate, appeal outcome
  1. STEP 1

    Freeze scope

    Record system/version, boundary, profiles, autonomy, impact, environments, period, and catalog version.

  2. STEP 2

    Reconcile catalog

    Create one decision for every one of the 78 controls in this generated catalog.

  3. STEP 3

    Link evidence

    Map attributable, scoped, timely, complete, reproducible, and protected evidence references.

  4. STEP 4

    Approve and review

    Record owners, exceptions, approvals, validation evidence, material-change triggers, and next review.

Normative Statement of Applicability dispositions
DispositionMeaningClaim effect
Applicable — conformingRequirement implemented and evidencedPass
Applicable — exceptionRequirement not fully satisfied; active exception meets this documentConditional pass; disclosed in claim
Applicable — nonconformingRequirement not satisfied and no valid exception existsFail
Not applicableApplicability condition is factually absentExcluded with rationale; assessor validates

Open normative evidence and conformance source

informative

Standards crosswalk discovery

Crosswalks are informative evidence-discovery aids. They do not establish equivalence, compliance, endorsement, certification, or external validation.

Informative

ISO AI Management, Risk, and Impact Crosswalk

Map OAIES evidence artifacts to the management-system, AI risk-management, and AI system impact-assessment concerns in ISO/IEC 42001, ISO/IEC 23894, and ISO/IEC 42005.

ISO/IEC 42001ISO/IEC 23894ISO/IEC 42005
Informative

NIST AI Risk Crosswalk

Map OAIES artifacts to NIST AI Risk Management Framework 1.0 functions and the NIST AI 600-1 Generative AI Profile.

NIST AI RMF 1.0NIST AI 600-1
Informative

OWASP LLM and Agentic Security Crosswalk

Map OAIES prevention, detection, and response artifacts to the OWASP Top 10 for LLM Applications 2025 and OWASP Top 10 for Agentic Applications 2026.

OWASP Top 10 for LLM ApplicationsOWASP Top 10 for Agentic Applications
Informative

MCP, A2A, and GenAI Observability Crosswalk

Define how OAIES contracts record security and telemetry evidence for Model Context Protocol authorization, Agent2Agent interoperability, and OpenTelemetry Generative AI semantic conventions.

MCP authorizationA2AOpenTelemetry GenAI semantic conventions
Informative

Secure Software and AI Supply-Chain Crosswalk

Map OAIES artifacts to NIST SSDF SP 800-218, applicable NIST SP 800-53 Rev. 5 controls, SLSA, and OpenSSF practices.

NIST SSDF SP 800-218NIST SP 800-53 Rev. 5SLSAOpenSSF
tooling

Schema and conformance CLI onboarding

These contracts and commands are implementation tooling. Running them can validate supplied artifacts; it does not create external evidence or a certification.

Available AIES JSON schemas
ContractVersionRequired fieldsSource
OAIES Agent Definition v11.0.019schemas/agent-definition.v1.schema.json
OAIES AI System Manifest v11.0.025schemas/ai-system-manifest.v1.schema.json
OAIES Context Manifest v11.0.012schemas/context-manifest.v1.schema.json
OAIES Control Catalog v11.0.08schemas/control-catalog.v1.schema.json
OAIES Evaluation Result v11.0.019schemas/evaluation-result.v1.schema.json
OAIES Evidence Bundle v11.0.014schemas/evidence-bundle.v1.schema.json
OAIES Exception and Risk Acceptance v11.0.037schemas/exception.v1.schema.json
OAIES AI Incident v11.0.019schemas/incident.v1.schema.json
OAIES MCP Server Record v11.0.016schemas/mcp-server-record.v1.schema.json
OAIES Model Record v11.0.016schemas/model-record.v1.schema.json
OAIES Prompt Release v11.0.017schemas/prompt-release.v1.schema.json
OAIES Risk Register v11.0.013schemas/risk-register.v1.schema.json
OAIES Statement of Applicability v11.0.024schemas/statement-of-applicability.v1.schema.json
OAIES Tool Contract v11.0.017schemas/tool-contract.v1.schema.json
Assessment command
node tools/conformance/cli.mjs assess \
  --manifest records/ai-system.json \
  --soa records/statement-of-applicability.json \
  --catalog records/control-catalog.json \
  --evidence records/evidence-bundle.json \
  --exception records/exception-DAT-010.json \
  --as-of 2026-07-16T00:00:00.000Z \
  --format json
Verification command
node --test \
  tools/conformance/test/conformance.test.mjs \
  reference/test/harness.test.mjs \
  eval/test/evaluation.test.mjs

CLI output is a deterministic assessment of supplied artifacts, not external certification or regulatory approval.

normative

Versions and deprecations

Normative document versions and lifecycle vocabulary are derived from the published standard sources. No controls are presented as deprecated without a canonical source record.

Active

Current requirement

Assess normally

Deprecated

Still valid; replacement or retirement announced

SoA identifies migration plan

Retired

No longer accepted in new claims

Preserve ID and historical evidence

Withdrawn

Unsafe, invalid, or legally incompatible

Suspend affected claim and reassess

informative

RFC and governance status

Governance status is derived from repository policy files and the canonical RFC directory. Absence of an RFC record is reported as absence, not approval or rejection.

Policy v1.0.0

Project Governance

This document defines how OAIES decisions are proposed, reviewed, approved, and reversed.

GOVERNANCE.md
Policy v1.0.0

Maintainer Policy

This policy defines maintainer eligibility, responsibilities, access, inactivity, and removal.

MAINTAINERS.md
Policy v1.0.0

Request for Comments Process

This process governs high-impact OAIES proposals before implementation.

RFC_PROCESS.md
Policy v1.0.0

Compatibility Policy

This policy defines compatibility guarantees for OAIES documents, URLs, generated artifacts, website behavior, and releases.

COMPATIBILITY.md

RFC registry

No RFC records are present in the canonical rfcs/ directory.

Canonical RFC records discovered: 0