AF compliance coverage matrix
This public matrix maps Dictiva's Agent Foundation capabilities to four governance frameworks that auditors and procurement teams commonly ask about.
It is not a certification claim. It names the evidence Dictiva produces, marks the gaps honestly, and points unresolved items at the AF-7 hardening backlog.
Covered
29
Partial
17
Uncovered
6
Framework detail
Open a framework to filter rows by status, AF capability, or requirement keyword. Requirement text and citations remain in English by convention.
Source: docs/compliance/af-coverage-matrix.md
NIST AI RMF
16 rows
AI risk-management sub-categories mapped to agent inventory, oversight, monitoring, and runtime enforcement evidence.
ISO/IEC 42001:2023
14 rows
AI management-system clauses mapped to per-agent policy, risk treatment, documented information, and monitoring artifacts.
SOC 2 Trust Services Criteria
16 rows
Trust Services Criteria mapped to accountability, control activity, monitoring, change-management, and risk-mitigation evidence.
EU AI Act
6 rows
EU AI Act operational obligations mapped to risk management, logs, transparency, human oversight, and robustness evidence.
Open gaps
Partial and uncovered rows that belong in the agent-governance layer are tracked under the AF-7 hardening epic.
Kill switch / agent suspension
NIST Manage 2.4 · SOC 2 A1.2 · EU AI Act Art 14(4)(e)
Tracked AF-7.2Owner departure + periodic recertification
ISO §9.3
Tracked AF-7.3Evidence retention + incident linkage
NIST Govern 4.3 · NIST Manage 4.1 · NIST Manage 4.3 · SOC 2 CC7.3 · SOC 2 CC7.4
Tracked AF-7.4Agent retirement / decommissioning
NIST Govern 1.7 · NIST Manage 4.1
Tracked AF-7.5Agent training / qualification evidence
ISO §7.2 · SOC 2 CC1.4 · EU AI Act Art 15
Tracked AF-7.6Executive sponsor for high-risk agents
NIST Govern 2.3 · SOC 2 CC1.5
Tracked AF-7.7Corrective action workflow
ISO §10.2 · SOC 2 CC4.2 · SOC 2 CC7.4