SDOS Framework Library — Changelog¶
Complete version history for the SDOS Runtime Governance Framework reference library, including the control catalog and all framework alignment mappings.
Current control catalog version: v1.10
Jump to framework: NIST AI RMF · NIST CSF 2.0 · NIST SP 800-53 Rev 5.2.0 · NIST AI 600-1 (GenAI Profile) · EU AI Act · ISO 42001 · DORA · HIPAA · PCI-DSS · CIS Controls v8 · FedRAMP · CMMC · SOC 2 · NAIC MDL-668 · NERC CIP · IEEE P2863 (Draft) · FAA UAS/AAM
NIST AI RMF / Control Catalog¶
The SDOS Runtime Governance Framework Control Catalog and Reference Document, including the NIST AI RMF 1.0 alignment mapping.
| Version | Date | Summary |
|---|---|---|
| 1.12 | 2026-05-14 | Library-wide standalone-completeness pass. (1) mkdocs.yml nav populated with CSF 2.0 and SP 800-53 pages in the Reference Library group — left sidebar now renders consistently across all 14 SDOS reference pages with full framework navigation and active-page highlight. (2) SDOS Control Catalog Summary table (24 controls) embedded on every framework alignment page so each reads as a self-contained reference document. (3) Architectural Positioning and Maintenance sections added to all 12 framework alignment pages mirroring the CSF 2.0 v1.0 structure. (4) privacy.html template responsive layout — max-width breakpoints at 768/1024/1400 viewport widths plus horizontal-scroll on wide tables. (5) Changelog anchor #nist-csf-2-0 corrected to #nist-csf-20 to match MkDocs slug. No control additions or retirements; no mapping content changes. |
| 1.11 | 2026-05-14 | NIST OLIR catalog inclusion published. SDOS-RuntimeGov-to-AI-RMF-v1.0 cataloged as Reference ID 212 (posted as draft informative reference; public review window through 2026-06-12). Catalog inclusion language added to Framework Alignment section, Primary Mapping Target section, frontmatter description, and keywords. Navigation tag block updated across all 14 reference pages to add NIST CSF 2.0 (filing target 2026-05-17) and NIST SP 800-53 Rev 5.2.0 (filing target 2026-05-18) as fw-proposed companion submissions. New stub pages published at /sdos/reference/csf-2-0/ and /sdos/reference/sp-800-53/ with development status; full mapping pages publish after NIST OLIR screening acknowledgment. No control additions or retirements. |
| 1.10 | 2026-05-12 | Structured vetting pass — 2 representative mapping table corrections. (1) GOVERN-6.1: added SDOS-IA-02 to the mapped controls (module identity verification before activation is the runtime enforcement face of supply-chain assurance — stronger connection to third-party/supply-chain risk than RM controls alone). (2) GOVERN-1.4: removed SDOS-GV-04 (cross-module governance continuity is a QMS/design control; mapping it to an organizational culture subcategory was a category mismatch — AU-01/02/03 retained as the audit infrastructure that enables risk communication culture). No control additions or retirements; no impact to the 49-subcategory OLIR submission. |
| 1.9 | 2026-05-12 | Framework library expanded to 12 standards. NERC CIP alignment published (v1.0). NERC CIP nav tag added to all 13 framework pages. No control additions or retirements; no mapping changes to existing frameworks. |
| 1.8 | 2026-05-12 | Framework library expanded to 11 standards. NAIC Insurance Data Security Model Law (MDL-668) alignment published (v1.0). FAA tile relabeled from "Proposed" to "Principles-Mapped" (v1.3) following multi-model deliberation panel (full convergence — "Proposed" misdescribes a completed artifact; label now encodes objectives-derived-from-principles without implying a published FAA standard). NAIC MDL-668 nav tag added to all 11 framework pages. No control additions or retirements; no mapping changes to existing frameworks. |
| 1.7 | 2026-05-04 | New control SDOS-RS-01 (Governed Return on Safety Investment Evaluation) added. New governance domain RS (Risk Measurement) introduced — 9th domain. Control catalog grows from 23 to 24 controls. SDOS-RS-01 anchors 16 previously-unmapped MEASURE subcategories (1.1–1.3, 2.1–2.3, 2.9–2.13, 3.2–3.3, 4.1–4.3) via dual-track ROSI scoring (Track 1: cost_avoidance/time_saved/efficiency_gain; Track 2: exposure_reduction/resilience_gain/mission_continuity). Composite score [0.0–1.0] + priority recommendation. Patent anchor: §9.2, Claims 81–84, Prov #2 (64/049,300). OLIR submission spreadsheet updated to v1.3 with full MEASURE section coverage. |
| 1.6 | 2026-05-04 | MEASURE function coverage expansion. Added three previously-blank subcategories where existing SDOS controls produce the measurement evidence the AI RMF requires: MEASURE-1.1 (RM-01/02/03 + AU-01 — dispatch-time classification and per-invocation audit constitute the operational measurement substrate from which AI risk metrics are computed), MEASURE-1.2 (AU-01/02 + IN-01 — continuous tamper-evident record stream supports periodic re-assessment of metric appropriateness and control effectiveness), MEASURE-3.2 (RM-01 + AU-01/02 — longitudinal record substrate for AI risks that have historically been difficult to assess at runtime). No new controls added; existing controls mapped to additional subcategories. Submission spreadsheet: SDOS_OLIR_AI_RMF_1.0_Concept_Crosswalk_v1.5.xlsx (27 mapped rows). |
| 1.5 | 2026-05-04 | OLIR spreadsheet alignment pass. NIST AI RMF mapping table reduced from 27 to 24 subcategories: dropped GOVERN-1.7 (decommissioning — runtime ≠ lifecycle), GOVERN-2.1 (human role docs ≠ AI agent identity, category error), GOVERN-3.2 (human-AI configuration overclaim) per panel recommendation. MEASURE-2.6/2.11 swap propagated (bias/fairness controls correctly placed under MEASURE-2.11). MANAGE-4.1 stripped of DE-01/DE-02 (deliberation ≠ human oversight). GOVERN-6.1 mapping corrected to RM-01/RM-02/RM-03 (matches third-party/supply-chain risk obligation). GOVERN-1.1 added missing GV-01 control. Round-3 regression fixes also applied: FedRAMP IA-01/IA-02 domain rows aligned with IA-9 (resolves IA-2 contradiction); CMMC 3.3.1 downgraded to Partial — Substrate-Dependent (matches FedRAMP AU-9(2)); EN-03 three-mode glossary propagated to all cross-walk pages; EU AI Act DE-02 convergence-vs-correctness limitation added; remaining "attested/attestation" descriptive uses replaced with "verified" across all framework files. Submission spreadsheet: SDOS_OLIR_AI_RMF_1.0_Concept_Crosswalk_v1.4.xlsx (24 mapped rows). |
| 1.4 | 2026-05-04 | Three-round adversarial review pass (multi-model adversarial review → 12-expert panel → regression pass). Patent IP language reframed for §112 estoppel safety; "cryptographically attested" → "cryptographically verified" vocabulary discipline; AU-02/AU-03 substrate dependency named; AU-9(2)/CMMC 3.3.1 downgraded to Partial — Substrate-Dependent; DE-01 limitation note added (convergence ≠ correctness; not a substitute for human oversight); EN-03 expanded to three failure modes (added partial-degradation acknowledgment); EN-04 tamper-evidence mechanism named; AU-01 clock-skew/NTP note; FedRAMP IA-2 → IA-9 (correct NPE control); IA-3 marked Substrate-Dependent; DE-01/DE-02 removed from MANAGE-4.1; Evidence Types operational documentation note. |
| 1.3 | 2026-05-02 | AI RMF 1.0 and ISO 42001 mapping tables added; EN-03/IN-02 language precision fixes; dead URL resolved; Glossary additions |
| 1.2 | 2026-05-02 | Patent references added to EN-03, AU-01, AU-02, AU-03 for uniform coverage across all 23 controls |
| 1.1 | 2026-05-02 | Formatting and layout revisions; nav hidden for standalone submission layout; title border and TOC fixes |
| 1.0 | 2026-04-01 | Initial release — 23 controls across 8 governance domains |
NIST CSF 2.0¶
SDOS control alignment with NIST Cybersecurity Framework 2.0. NIST OLIR submission.
| Version | Date | Summary |
|---|---|---|
| 1.2 | 2026-05-14 | SEO/AIO/AEO/GEO optimization pass — added Key Facts at-a-glance block, 8-question Frequently Asked Questions section, FAQPage Schema.org JSON-LD structured data, Dataset Schema.org structured data, expanded meta keywords with high-intent terms (CISO AI governance, agent dispatch enforcement, governed AI execution), authoritative-source link block citing NIST CSWP 29, NIST IR 8278, and NIST OLIR Program. Improves AI Overviews citation eligibility, FAQ rich-snippet eligibility, and federal-keyword targeting. No mapping content changes. |
| 1.1 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.4 | 2026-05-15 | Submitted to NIST OLIR Program as SDOS-RuntimeGov-to-CSF-2.0-v1.0, companion to SDOS-RuntimeGov-to-AI-RMF-v1.0 (NIST OLIR Reference ID 212). 76 of 106 CSF 2.0 subcategories mapped across GOVERN, IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER. 24 SDOS reference elements used, all aligned to canonical primary descriptions per SDOS_CATALOG_v1.0.md. 183 SDOS rows; 17 intersects with strength fills (9.3% density). Crosswalk developed through twelve validation rounds (three structured review panels, independent multi-model review ×4, adversarial red team, trifecta consistency audit, expert panel decisions, hostile OLIR analyst review, V3 patent-gap check, cross-submission review) plus final pre-send structured review panel. Receipt confirmed by the OLIR Program 2026-05-15; screening commences week of 2026-05-18. Submitter organization: AAM Cyber, matching the on-file Participation Agreement. |
| 0.1 | 2026-05-14 | Stub page published. Crosswalk in development; NIST OLIR filing target 2026-05-17. Status-only placeholder while submission package was prepared. |
NIST SP 800-53 Rev 5.2.0¶
SDOS control alignment with NIST Special Publication 800-53 Revision 5. NIST OLIR submission.
| Version | Date | Summary |
|---|---|---|
| 1.0 | 2026-05-15 | Submitted to NIST OLIR Program as SDOS-RuntimeGov-to-SP-800-53-Rev-5.2.0-v1.0, companion to SDOS-RuntimeGov-to-AI-RMF-v1.0 (NIST OLIR Reference ID 212) and SDOS-RuntimeGov-to-CSF-2.0-v1.0. 269 of 622 SP 800-53 Rev 5.2.0 controls mapped across 10 control families (AC, AU, IA, CM, SC, SI, RA, CA, PL, PT). 483 mapped rows. 20 of 24 SDOS reference elements used. 27 rows marked intersects with (5.6% density). Crosswalk developed through twelve validation rounds: internal structured review panel (3 passes), independent multi-model review ×3, adversarial red team pass, trifecta consistency audit, expert panel governance decisions, hostile OLIR analyst review, V3 patent-gap check, and cross-submission review, plus final pre-send structured review panel. Nine strength-fill comments use explicit scope-bounding language to declare governance-relevant scope and exclude out-of-scope obligations; DE-01/DE-02 reserved exclusively for governed multi-agent deliberation per SDOS Catalog v1.0. Receipt confirmed by the OLIR Program 2026-05-15; screening commences week of 2026-05-18. Submitter organization: AAM Cyber, matching the on-file Participation Agreement. |
| 0.1 | 2026-05-14 | Stub page published. Crosswalk in development. Status-only placeholder while submission package was prepared. Comprehensive scope across SP 800-53 Rev 5.2.0 control families. Companion submission to SDOS-RuntimeGov-to-AI-RMF-v1.0 (Reference ID 212) and SDOS-RuntimeGov-to-CSF-v2.0. |
NIST AI 600-1 (GenAI Profile)¶
SDOS control alignment with NIST AI 600-1 — Generative AI Profile of the AI Risk Management Framework. Submitted to NIST OLIR 2026-05-17 as 4th SDOS informative reference.
| Version | Date | Summary |
|---|---|---|
| 1.1 | 2026-05-17 | Submitted to NIST OLIR Program as SDOS-RuntimeGov-to-AI-600-1-v1.0, companion to Reference ID 212 (AI RMF 1.0), CSF 2.0, and SP 800-53 Rev 5.2.0. 421 data rows (plus 53 function/subcategory header rows for readability); 212/212 AI 600-1 action IDs present; 345 mapped, 76 No Mapping with per-row rationale; Column F blank throughout. OLIR badge updated from "Candidate" to "Submitted." Coverage summary table updated with exact crosswalk counts by function (GV: 95/19, MP: 30/28, MS: 130/18, MG: 90/11). OLIR Submission Notes section replaced with OLIR Submission Record reflecting send date and package details. Maintenance note updated with submission date. Awaiting NIST screening. |
| 1.0 | 2026-05-17 | Initial release. All 12 NIST AI 600-1 risk categories mapped to SDOS runtime controls. Direct coverage: CBRN, Dangerous Content, Human-AI Configuration, Information Security, Obscene Content, Value Chain and Component Integration. Supportive coverage: Data Privacy, Information Integrity, Intellectual Property. Partial coverage: Confabulation, Environmental Impacts, Harmful Bias and Homogenization. Nav tag added to all 16 existing reference pages. PDF source: NIST AI 600-1 v1.0 (July 26, 2024). |
EU AI Act¶
SDOS control alignment with EU AI Act obligations for high-risk and general-purpose AI systems.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 6 fixes applied. (1) Art. 14(4)(e) citation standardized: "14(e)" → "14(4)(e)" in Strongest Alignment heading, body prose, main mapping table, and domain table. (2) Main table Art. 14 notes and domain table EN-01: "override/reverse" → "override or reverse" (statutory language from Art. 14(4)(d)). (3) GV-04 domain table: description corrected to "17(1)(c)/(d): design control across module boundaries; examination and validation procedures" (accurate sub-clause mapping). (4) SDOS Version 1.3 → 1.9 (header, frontmatter sdos_version, catalog link text). (5) Footer Version 1.0 → 1.3. Independent factual verification: phased application schedule and Art. 17(1)(c)/(d) sub-clause lettering verified against OJ text. |
| 1.2 | 2026-05-04 | Round-3 regression and spreadsheet-driven updates. EN-03 glossary expanded to three failure modes (added partial-degradation acknowledgment); DE-02 section appended convergence-vs-correctness limitation (convergence is a deliberation signal, not a correctness guarantee — human oversight remains required for high-risk decisions); residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. Article 9 sub-clause numbering corrected throughout (9(2)(a–d), 14(4)(d)/(e), 17(1)(c)/(d)); enforcement-date framing reframed to phased application schedule; Art. 12 retention/access scoping; Art. 13 mismapping corrected; DE-01 convergence-vs-correctness limitation added; EN-03 three-mode glossary; "attested" → "verified" vocabulary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to EU AI Act high-risk system obligations |
ISO 42001¶
SDOS control alignment with ISO/IEC 42001:2023 AI Management System requirements.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 7 fixes applied. (1) 8.3: Strong → Partial — Runtime Treatment Measures; Clause 8.3 treatment planning is an organizational process, SDOS provides the runtime execution layer only. (2) 8.5: Strong → Partial — Operational Event Records; full Clause 8.5 documented-information obligation spans procedure and design docs beyond SDOS audit records. (3) A.9.2: Strong → Partial — Runtime Enforcement Layer; acceptable-use policy definition and user training are organizational; runtime enforcement is the covered subset. (4) DE-01 Strongest Alignment prose: removed "human-analogous evaluation" framing; replaced with accurate "structured evaluation / deliberation signal, not human oversight substitute" language. (5) A.10 row added to mapping table: Partial — Operational Records (design/purpose documentation is pre-deployment organizational obligation). (6) RS domain section added to domain table (tile predates v1.7 RS domain addition). (7) Annex A sub-clause verification note added to mapping table header (sub-clause numbers are not verifiable from public sources; organizations must verify against licensed ISO text). SDOS Version 1.3 → 1.9; catalog link v1.3 → v1.10; footer Version 1.0 → 1.3. |
| 1.2 | 2026-05-04 | Round-3 regression updates. EN-03 glossary expanded to three failure modes; A.6.2 row note refined for data-quality scope; residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. Annex A control IDs realigned to ISO/IEC 42001:2023 canonical structure (A.6.2.x / A.7.x / A.8.x / A.9.x); A.6.2 lifecycle and A.9 use-of-AI-systems mappings corrected; data-quality A.7.x scope qualifier added; "attested" → "verified" vocabulary; EN-03 three-mode glossary; DE-01 limitation note inheritance; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to ISO/IEC 42001:2023 clauses and Annex A controls |
DORA¶
SDOS control alignment with the EU Digital Operational Resilience Act for financial services ICT risk management.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 5 fixes applied. (1) Art. 9: Strong → Partial — AI Dispatch Layer; Art. 9 full scope spans network, endpoint, physical, and patch management — SDOS covers dispatch boundary only; Strongest Alignment prose updated to reflect scoped coverage. (2) Art. 10: Strong → Partial — AI Dispatch Layer; same analysis — full ICT anomaly detection spans beyond dispatch-layer audit records; Strongest Alignment prose updated accordingly. (3) Art. 15: Partial — Technical Standards → Weak — Standards Substrate; Art. 15 is an ESA delegation provision, not a direct financial entity obligation — SDOS provides a standards-ready substrate for resulting ITS/RTS. (4) RS domain section added to domain table (RS-01 relevance to Art. 6 and Art. 8 — tile was written before RS-01 was added at v1.7). (5) SDOS Version 1.3 → 1.9 (header, frontmatter, catalog link text v1.3 → v1.10). Footer Version 1.0 → 1.3. Independent factual verification: DORA Art. 64 dates, TIBER-EU basis, ESA designations verified. 0 flags. |
| 1.2 | 2026-05-04 | Round-3 regression updates. EN-03 glossary expanded to three failure modes; residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. Art. 30 duplicate row collapsed; Art. 12 mismapping corrected (system backup ≠ audit redundancy → Out of Scope); TIBER-EU framework reference added; "attested" → "verified" vocabulary; EN-03 three-mode glossary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to DORA ICT risk management and resilience requirements |
HIPAA¶
SDOS control alignment with the HIPAA Security Rule for AI agent governance in healthcare environments.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured panel vetting pass — 4 flags resolved. (1) EN-03 domain table: §164.308(a)(7) reference removed — EN-03 fail-closed halt contradicts §164.308(a)(7)'s availability-continuity posture; domain table now references §164.312(a)(1) automatic logoff analog only. (2) AU-03 domain table: §164.308(a)(7) "contingency plan substrate" reference removed — dual audit trail is audit resilience, not a contingency plan; domain table now references §164.312(b) audit continuity and resilience only. (3) Strongest Alignment §164.312(b) prose softened: "complete technical implementation" → "recording mechanism component" to align with Partial — Recording Mechanism rating in the main table. (4) SDOS Version updated 1.3 → 1.9 throughout (header, frontmatter, Relationship section catalog link text). |
| 1.2 | 2026-05-04 | Round-3 regression updates. EN-03 glossary expanded to three failure modes; residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. §164.312(b) downgraded to Partial — Recording Mechanism (examination obligation called out); §164.308(a)(7) recategorized as Out of Scope — Inverse Posture; HIPAA NPRM (Jan 6, 2025) detail expanded with proposed change list; "attested" → "verified" vocabulary; EN-03 three-mode glossary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to HIPAA Security Rule administrative, physical, and technical safeguards |
PCI-DSS¶
SDOS control alignment with PCI-DSS v4.0 for AI agents operating in cardholder data environments.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 7 fixes applied. (1) Req 7.2.5: Strong → Partial — Pre-Admission Gate; account provisioning, deprovisioning, access-right certification, and periodic review are organizational lifecycle obligations outside the dispatch boundary. (2) Req 8.6: Strong → Partial — Runtime Session Scope; inter-session account behavior management (inactivity disabling, provisioning rules) is outside dispatch scope; session-scoped identity continuity is what SDOS covers. (3) Req 7.2 and 7.3: scope qualifier added to Strong notes clarifying AI dispatch layer coverage; full system component scope requires complementary infrastructure controls. (4) EN-03 glossary expanded to three-mode description (matches all other tiles). (5) RS domain section added to domain table (tile predates RS-01 at v1.7). (6) DE domain section added to domain table with accurate no-direct-mapping note. (7) Relationship section catalog link updated v1.3 → v1.10. SDOS Version 1.3 → 1.9; sdos_version frontmatter 1.0 → 1.9; footer Version 1.0 → 1.3. Independent factual verification: Req 7.2.5 account lifecycle scope, Req 8.6 behavior management scope, v4.0 effective date confirmed. |
| 1.2 | 2026-05-04 | Round-3 regression updates. Residual "attested/attestation" descriptive uses replaced with "verified" terminology in mapping table notes. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. Req 11.3 mismapping corrected (vulnerability scanning → Req 11.5.2 change-detection mechanism); v4.0.1 version note added; Req 12.3 PCI TRA scoping ("Partial — Risk Input Only"); "attested" → "verified" vocabulary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to PCI-DSS v4.0 requirements |
CIS Controls v8¶
SDOS control alignment with the CIS Critical Security Controls v8.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 4 fixes applied. (1) CIS 6.2: Strong → Partial — Configuration Enforcement; the access revoking process (triggers, procedures, periodic reviews, ownership) is an organizational obligation; SDOS enforces revocation once configuration is updated but does not constitute the process itself. (2) CIS 5.3: scope qualifier added to Strong note; full CIS 5.3 (45-day inactivity threshold for human accounts, quarterly service account reviews) is organizational; SDOS coverage scoped to AI agent and module activation. (3) RS domain section added to domain table (tile predates RS-01 at v1.7; no direct CIS analog; Weak — Substrate Only for risk management workflows). (4) Relationship section catalog link updated v1.3 → v1.10. SDOS Version 1.3 → 1.9; sdos_version frontmatter 1.0 → 1.9; footer Version 1.0 → 1.3. Independent factual verification: CIS 6.2 process scope and CIS 5.3 inactivity thresholds confirmed. |
| 1.2 | 2026-05-04 | Round-3 regression updates. EN-03 glossary expanded to three failure modes; residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. CIS Control 11 (Data Recovery) mismapping corrected to Control 4 (Secure Configuration); CIS 6.3/6.4 MFA downgraded to Partial — Identity Substrate; v8.1 compatibility note; "attested" → "verified" vocabulary; EN-03 three-mode glossary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to CIS Controls v8 safeguards |
FedRAMP¶
SDOS control alignment with FedRAMP Revision 5 for federal cloud authorization.
| Version | Date | Summary |
|---|---|---|
| 1.5 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.4 | 2026-05-12 | Panel rating calibration pass — 4 flags resolved. (1) AU-9: EN-04 removed from AU-9 mapping; EN-04 addresses non-repudiation of output records (AU-10), not audit store protection — misplacement corrected in mapping table, Strongest Alignment narrative, and Mapping by SDOS Domain section. AU-9 remains Strong via AU-02 alone. (2) AC-2: Strong → Partial — Identity Verification at Activation; AC-2 full scope includes account provisioning, periodic review, and de-provisioning — lifecycle obligations outside SDOS boundary. (3) IA-5: Strong → Partial — Identity Verification at Activation; IA-5 full scope includes authenticator issuance, rotation, and revocation outside SDOS boundary. (4) AC-6(1): Strong → Partial — Capability-Tier Restriction; risk-classification gate is a functional analog to explicit security function authorization, not a direct mechanism. |
| 1.3 | 2026-05-12 | Independent factual review — baseline label corrections. Four controls corrected to accurate FedRAMP baseline scope: (1) AC-6 corrected from Low/Mod/High to Mod/High — AC-6 is not in the FedRAMP Low baseline; (2) IA-9 corrected from Mod/High to High only — IA-9 is not in FedRAMP Moderate or Low baselines; (3) AU-9(2) corrected from Mod/High to High only — Moderate baseline includes AU-9 and AU-9(4), not AU-9(2)); (4) AU-10 corrected from Mod/High to High only. All four corrections propagated to full mapping table, Strongest Alignment narrative, and Mapping by SDOS Domain section. |
| 1.2 | 2026-05-04 | Round-3 regression fix: IA-01/IA-02 domain mapping rows aligned with IA-9 (resolves IA-2 contradiction — IA-2 was correctly marked Out of Scope as user-MFA but domain rows still referenced IA-2/IA-3 in adjacent text). IA-3 noted as substrate-dependent. Residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. IA-2 recategorized as Out of Scope — Non-Person Entity; IA-9 (Service Identification and Authentication) added as the correct NPE control; IA-3 marked Substrate-Dependent; AU-9(2) downgraded to Partial — Substrate-Dependent; SI-7 scoped to Governance Configuration; FedRAMP 20x program note; FedRAMP Tailored applicability section; "attested" → "verified" vocabulary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to FedRAMP Rev 5 baseline controls |
CMMC¶
SDOS control alignment with CMMC 2.0 Level 2 for Defense Industrial Base contractors.
| Version | Date | Summary |
|---|---|---|
| 1.5 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.4 | 2026-05-12 | Panel rating calibration pass — 4 flags resolved. (1) 3.1.6: Strong → Partial — Capability-Tier Analog; risk-tiered model selection is a functional analog to non-privileged account enforcement, not a direct mechanism — the control is account-centric, not model-centric. Strongest Alignment narrative updated. (2) 3.13.1: Strong → Partial — AI Egress Layer; 3.13.1's protection scope includes network-level controls (encryption, segmentation) below the SDOS dispatch layer. (3) 3.5.7: Partial — verification scope → Not Applicable; SDOS uses cryptographic identity, not passwords — Partial implied partial coverage where there is none. (4) 3.4.9: Strong → Partial — Module Scope; 3.4.9 covers user-installed software on CUI host systems; SDOS covers AI module activation only. |
| 1.3 | 2026-05-12 | Independent factual review — corrections on three practices. (1) 3.1.3 downgraded from Strong to Partial — Substrate-Dependent: pre-egress enforcement governs CUI-adjacent information flow at the dispatch layer, but full 3.1.3 satisfaction requires CUI controls at the data and path layer (storage, API responses, exports) — dispatch-layer controls do not bind CUI outside the SDOS operational boundary. (2) 3.3.1 rationale corrected: previous note incorrectly attributed the Partial rating to dual-repository separated trust domain requirements (an AU-03 / AU-9(2) concept not part of 3.3.1). Rationale now correctly identifies the scope gap as the organizational audit event definition and retention schedule obligations outside SDOS. (3) 3.5.3 reframed from Out of Scope — Non-Person Entity to Not Applicable — Non-Interactive NPE: scoping note added to clarify that where an AI agent has a login path to an organizational system (service account), that account falls within 3.5.3's scope and must be addressed in the broader SSP. |
| 1.2 | 2026-05-04 | Round-3 regression fix: 3.3.1 downgraded from Strong to Partial — Substrate-Dependent (matches FedRAMP AU-9(2) — single control should not have inconsistent strength ratings across analogous frameworks). 3.3 Strongest Alignment narrative updated with substrate-dependent qualifier. Residual "attested/attestation" descriptive uses replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. 3.5.3 MFA recategorized as Out of Scope — Non-Person Entity; 3.3.1 downgraded to Partial — Substrate-Dependent; 3.4.2 "CM-7 analog" non-standard reference removed; NIST SP 800-171 Rev 3 transition note; "attested" → "verified" vocabulary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to CMMC 2.0 Level 2 practices |
SOC 2¶
SDOS control alignment with SOC 2 Trust Services Criteria.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Full 4-gate vetting pass. (1) CC3.1: Strong → Partial — Dispatch-Layer Risk Tiering; CC3.1 governs organizational risk assessment process scope, not per-invocation runtime classification. (2) CC3.2: Strong → Partial — Risk Substrate; same organizational vs. dispatch-layer scope distinction. (3) CC5.2: Partial — technical controls → Weak — Substrate Only; SDOS is itself a control activity, not the process for selecting control activities that CC5.2 governs. (4) CC6.7 note: prose fragment corrected ("records" → "records each"). (5) SDOS Version: 1.3 → 1.9. (6) Relationship section catalog link: v1.3 → v1.9. Independent factual review: no flags — SOC 2 framework citations accurate. Editorial review: footer version corrected (1.0 → 1.3). SDOS manual gate: PASS. |
| 1.2 | 2026-05-04 | Round-3 regression updates. Residual "attested/attestation" descriptive uses replaced with "verified" terminology in mapping table notes. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. PI1.1/PI1.2/PI1.3 downgraded from Strong to Partial — Authorization Scope (category-error fix); CC9.1 downgraded to Weak — Substrate Only (vendor lifecycle is organizational); CC1/CC2 scope clarified (always in auditor scope, complementary organizational controls required); CC7.3 reframed to Technical Containment; Points of Focus and Sampling Considerations section added; "attested" → "verified" vocabulary; "Outside SDOS Operational Boundary" header rename; Assessor Use Notice; patent IP language reframed. |
| 1.0 | 2026-05-03 | Initial release — SDOS control mapping to SOC 2 Trust Services Criteria |
NAIC Insurance Data Security Model Law¶
SDOS control alignment with the NAIC Insurance Data Security Model Law (MDL-668) for insurance carriers, licensees, and third-party service providers subject to state-level enactments.
| Version | Date | Summary |
|---|---|---|
| 1.2 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.1 | 2026-05-12 | Structured vetting pass — 3 rating corrections applied. (1) 4(B)(1) and 4(B)(2): Strong → Partial — Risk Assessment Input; formal MDL-668 risk assessment is an organizational process (threat identification, documented likelihood/damage assessment); SDOS provides runtime risk classification data as input to that process, not the process itself. (2) 4(C)(6): Strong → Partial — Dispatch Layer Detection and Prevention; response obligations (incident coordination, remediation, notification) extend beyond the dispatch boundary. (3) 4(D): Strong → Partial — Runtime Enforcement Layer; third-party oversight program obligations (vendor risk assessment, contract provisions, due diligence on provider security programs) are organizational; SDOS technical enforcement supports but does not satisfy the oversight program. SDOS Version 1.7 → 1.9; sdos_version frontmatter 1.0 → 1.9; footer Version 1.0 → 1.1. Independent factual verification: 4(B) risk assessment scope, 4(C)(6) response obligations, 4(D) oversight program obligations confirmed. |
| 1.0 | 2026-05-12 | Initial release — SDOS control mapping to MDL-668 Section 4 (Information Security Program), Section 5 (Third-Party Service Provider Oversight), and Section 6 (Investigation of Cybersecurity Events). 16 Section 4 requirements mapped; 3 Section 5 requirements mapped; 1 Section 6 requirement mapped. Strongest alignment: Section 4(B) risk assessment (RM-01/02/03), Section 4(C)(1) access control (GV-03, AD-01, IA-01), Section 4(C)(6) attack detection and prevention (EN-01/02/03, AU-01), Section 4(D) third-party oversight (IA-01/02, EN-01/02), Section 4(F) board reporting evidence (RS-01, AU-01/02). NAIC Model Bulletin on AI (2023) alignment context included. Insurance AI context section covers underwriting, claims, fraud detection, and customer service use cases. |
NERC CIP¶
SDOS control alignment with NERC Critical Infrastructure Protection standards for AI agent governance in bulk electric system environments.
| Version | Date | Summary |
|---|---|---|
| 1.4 | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.3 | 2026-05-12 | Structured vetting pass — 4 fixes applied. (1) CIP-007 R4.2: Strong → Partial — Dispatch Layer Event Records; CIP-007 R4.2 requires alert delivery to a monitoring system or security staff — SDOS generates the blocked-operation records and governance failure records from which external alerting is built; alert delivery mechanism is a deployment-layer obligation. (2) CIP-007 R5.1: scope qualifier added to Strong note; human user account access controls are an OT/organizational obligation; SDOS coverage is AI agent dispatch layer. (3) CIP-010 R1.3: scope qualifier added to Strong note; R1.3 applies to BES Cyber System configurations; SDOS satisfies the requirement at the AI governance layer; OT infrastructure updates addressed by separate tooling. (4) SDOS Version 1.8 → 1.9; sdos_version frontmatter 1.0 → 1.9. Editorial review: APPROVE — voice, positioning, pre-disclosure posture, entity name OPSEC all clean. Independent factual verification: CIP-007 R4.2 alert obligation confirmed; CIP-012-1 effective 2022 confirmed; FERC Order 887 January 2023 confirmed. |
| 1.2 | 2026-05-12 | CIP-012 factual corrections from independent technical verification. Three material errors corrected: (1) "authenticity and integrity" → "confidentiality and integrity" throughout — CIP-012-1 R1 addresses unauthorized disclosure and unauthorized modification, not authenticity; (2) R1 reframed as a documented plan requirement (identifying protections, locations, and responsibilities) rather than a channel-only infrastructure control; (3) documentation row rating downgraded from Partial to Weak — Substrate Only (AU-01/02/03 audit records support the plan but are not substitutes for it). Registered entity applicability (BA, GOP, GO, RC, TOP, TO) added explicitly to section intro. Oral communications exclusion noted. Coverage matrix qualifier added for CIP-012 AU-01/02/03 rows (Weak — plan substrate). |
| 1.1 | 2026-05-12 | Complete SDOS control mapping pass — all 24 controls now mapped to NERC CIP requirements. Additions: CIP-012 (Communications between Control Centers) mapping table added (EN-01, EN-02, EN-04, IA-01, GV-05, AU-01 — Partial — AI Dispatch Layer Only); CIP-007 R5.4 (no shared IRA accounts) and R5.5 (failed login limits) rows added; CIP-010 R4 (TCA protection for High/Medium BCS) row added; CIP-013 R3 (plan review ≥15 months) row added. Previously unmapped controls integrated: GV-02 (Governance-Tiered Model Selection) mapped to CIP-007 R5.1 and CIP-010 R1.1 as baseline configuration element; DE-01/DE-02 (Governed Deliberation + Decision Record) mapped to CIP-003 R1/R2 and CIP-013 R1.1/R3 as structured review substrate. New section: Complete SDOS Control Coverage matrix — all 24 controls × NERC CIP requirements, with coverage summary (11 Strong / 9 Partial / 4 Weak / 0 unmapped). CIP-012 added to Applicability bullet and NERC CIP Structure Reference table. Table ordering corrected to numerical (CIP-012 before CIP-013). 4-gate vetting completed: structured review, editorial review, SDOS manual gate — all pass. |
| 1.0 | 2026-05-12 | Initial release — SDOS control mapping to NERC CIP-003 (Security Management Controls), CIP-005 (Electronic Security Perimeters), CIP-007 (System Security Management), CIP-010 (Configuration Change Management and Vulnerability Management), and CIP-013 (Supply Chain Risk Management). Strongest alignment: CIP-005 R1.2 default-deny ESP boundary (GV-03, AD-01, EN-01, EN-02), CIP-007 R4 security event logging (AU-01, AU-02, AU-03), CIP-010 R1/R2 baseline configuration and change monitoring (GV-01, IN-01, IN-02, IN-03), CIP-013 R1.2/R2 supply chain integrity (IN-03, IA-01, IA-02, GV-05). Energy sector AI deployment context covers grid operations, asset management, and FERC Order 887 implications. |
IEEE P2863 (Draft)¶
SDOS control alignment with IEEE P2863 — Draft Recommended Practice for Organizational Governance of Artificial Intelligence (Active PAR; not yet published as a final standard).
| Version | Date | Summary |
|---|---|---|
| 0.1 | 2026-05-16 | Scaffold published. Preliminary control mapping across 4 domains: Accountability and Policy Governance, Operational Oversight and Enforcement, Transparency and Auditability, Incident Response and Improvement. 24 SDOS controls mapped against inferred P2863 clause structure. Clause IDs and titles marked TBC pending standard publication. |
| 0.2 | 2026-05-17 | Reframed as draft-tracking alignment. IEEE P2863 confirmed as Active PAR (not yet published). Status updated to DRAFT-TRACKING. Purpose section expanded with rationale for tracking pre-publication. OLIR submission deferred until standard publishes. All "IEEE 2863-2023" references updated to "IEEE P2863 (draft)" across framework library. |
FAA UAS/AAM¶
Principles-mapped governance alignment for the AI dispatch layer above the DO-178C flight envelope. Governance objectives derived from first principles against FAA source material (Part 107, Part 135, Order 8040.6, UTM ConOps, Innovate28). Covers both UAS/BVLOS operations and Part 135 AAM/powered-lift commercial air taxi operations. No federal standard currently governs this layer — this document maps SDOS controls to derived objectives.
| Version | Date | Summary |
|---|---|---|
| 1.7 | 2026-05-17 | 3-seat adversarial red team — 4 hardening fixes applied. (1) §135.89 demoted from primary authority cite to human PIC qualification anchor; §135.77 (Responsibility for Operational Control) established as the primary regulatory hook for all operational control framing. (2) "AI exercises operational control" reframed throughout to "AI tool operating within the certificate holder's operational control system" — current Part 135 law requires human agents of record; framing corrected. (3) "Not addressed by any current FAA AC or order" narrowed to "no AC directly addresses the AI agent dispatch decision layer"; ASTM F38 and SAE G-34 acknowledged as addressing adjacent layers. (4) §135.179 MEL analog replaced with 14 CFR Part 5 SMS (Safety Management System, final rule effective 2025 for applicable Part 135 operators) as the fail-safe regulatory hook — Part 5 is enforceable and directly applicable; MEL is aircraft-specific and not an appropriate analog for software governance. Bonus fix: "demonstrating SDOS satisfies" → "showing how SDOS is designed to address" in Purpose section. |
| 1.6 | 2026-05-17 | Part 135 section added — scoped to AAM/powered-lift commercial operations. New regulatory context subsection covering §135.77 (operational control responsibility), §135.89 (PIC qualifications), 14 CFR Part 5 SMS, and §135.415/417 (safety management reporting). Four new derived governance objectives: FAA-135-01 (OpSpecs conformance enforcement, §135.77), FAA-135-02 (PIC authority boundary, §135.77/§135.89), FAA-135-03 (SMS fail-safe, Part 5), FAA-135-04 (tamper-evident audit, §135.415/417). Four new alignment table rows and domain table entries. New use case: Part 135 Air Taxi Operations — Powered-Lift Dispatch Governance. Regulatory Basis and Applicability updated. SDOS version bumped 1.9 → 1.10. |
| 1.5 | 2026-05-17 | Status banners added. olir-badge status banner added above framework tags communicating principles-mapped status and no-published-standard context — consistent with NIST OLIR badge treatment on AI RMF, CSF, and SP 800-53 pages. |
| 1.4 (prev 1.5) | 2026-05-14 | Standalone-completeness pass — added inline SDOS Control Catalog Summary table (24 controls), Architectural Positioning, and Maintenance sections so the alignment page reads as a fully self-contained reference document without requiring visits to the canonical SDOS Reference Document. No mapping content changes. |
| 1.4 | 2026-05-12 | Full 4-gate vetting pass (first vetting for this tile). Structured review panel: 4 flags resolved — (1) EN-03 domain table row corrected from "halts dispatch" to full safe-state definition matching the mapping table; (2) AU-03 added to FAA-GOV-02 mapping table control list (was in domain table only); (3) FAA-GOV-01 note qualified with dispatch-layer scope ("exits the governed boundary") to prevent inference that SDOS governs hardware transmission layers; (4) ASTM F38 and RTCA SC-228 added to Glossary. Independent factual verification: 2 corrections — FAA Order "8040.6B" corrected to "8040.6 (current revision)" throughout (B revision not confirmed published); RTCA SC-228 "actively developing" softened to "developed and continue to refine" (primary SC-228 work largely complete). Editorial review: 2 fixes — "AI safety first-principles" → "model-alignment-independence engineering principles" (terminology deny-list); SDOS Version corrected from 1.7 to 1.9. SDOS manual gate: PASS. |
| 1.3 | 2026-05-12 | Tile relabeled from "Proposed" to "Principles-Mapped" following multi-model deliberation panel (full convergence). Rationale: "Proposed" misdescribes a completed, adversarially reviewed artifact — the label signals the work isn't done when it is; "Principles-Mapped" encodes that objectives were derived from FAA source principles and mapped rigorously to SDOS controls, without implying a published federal standard exists or that FAA has endorsed the alignment. Status block updated to reflect principles-derived approach. NAIC MDL-668 added to framework tag navigation. Document date updated 2026-05-12. SDOS version reference bumped to 1.7. |
| 1.2 | 2026-05-04 | Round-3 regression updates. Residual "attested/attestation" descriptive uses in narrative replaced with "verified" terminology. |
| 1.1 | 2026-05-04 | Three-round adversarial review applied. FAA-GOV-06 reframed from generic "halt" to per-mission pre-authorized safe-state policy (may include halt, contingency commands, or human handback); promotional tone softened; aviation glossary added; "attested" → "verified" vocabulary; patent IP language reframed with embodiment-scope clarification. |
| 1.0 | 2026-05-03 | Initial release — proposed SDOS control mapping to FAA safety objectives for UAS/AAM AI dispatch operations |
How to Read This Changelog¶
Each framework section maintains its own version line. The control catalog (NIST AI RMF) is the canonical source — when SDOS controls themselves change, the catalog version increments and downstream framework mappings are reviewed for impact.
For questions about framework mappings or version history, see Contact.