ABS Core v4.3.3
Investor Track

Compliance Mapping Matrix

How ABS Core may support compliance-oriented controls in regulated environments.

Compliance Mapping Matrix

This page should be read as a control-support mapping, not as a statement that ABS Core alone makes an organization compliant.

Compliance outcomes depend on:

  • deployment architecture,
  • operational processes,
  • access controls,
  • retention policies,
  • evidence handling,
  • and customer-side governance.

ABS Core may contribute technical controls and audit signals that help support these frameworks.

Interpretation guide

Use the following language when evaluating ABS Core against formal frameworks:

  • Supports: the product can help implement or evidence part of a control.
  • Aligns with: the architecture is directionally relevant to a framework requirement.
  • Requires customer implementation: the control depends on deployment, process, or integration outside ABS Core itself.

This is a safer and more accurate interpretation than claiming direct compliance satisfaction by default.

Framework support areas

ABS Core may be relevant to the following kinds of control areas:

Framework areaPotential contribution from ABS Core
Logging and traceabilityAudit-oriented decision records and chained event history
Change controlApproval or hold paths for selected sensitive operations
Access governancePolicy-based restriction of governed actions
Data handling controlsRuntime checks for selected sensitive payloads or destinations
MonitoringTelemetry and enforcement events for governed paths
Explainability of decisionsPolicy context and decision metadata linked to runtime events

Brazil: BACEN & LGPD Interpretation

For operations in national territory, ABS Core supports regulatory risk mitigation for financial institutions and critical infrastructure operators.

Regulation / ArticleRegulatory RequirementABS Core ControlStatusEvidence
Res. BACEN 4.893/2021 (Art. 14)Access controls, traceability, and sensitive data protection when hiring cloud services.Octagon Ledger: Individual cryptographic signature per agent transaction. [OK] ImplementedArchitecture Topology
LGPD (Law 13.709) (Art. 38)Personal Data Protection Impact Report and explainability of automated decisions.Audit Trail: LLM intent decoding before execution (Human-readable logic). [WARNING] In validationAvailable under NDA
BNDES/FINEP Notice (Sector 6)Data sovereignty and national cyber defense requirements.Air-gapped Deployment: Support for on-premises execution without dependence on external APIs (Cloud-free mode).⬜ Externally auditedAir-Gapped Ops

[!NOTE] References to Brazilian public notices (e.g., BNDES/FINEP) reflect architectural requirements (Data Sovereignty, on-premise execution), for which the evidence of compliance is the isolated deployment artifacts.

Defense & InfoSec Certifications

For procurement by National Security entities and large corporations, we have initiated readiness for mature certifications:

FrameworkObjectiveABS Core StatusEvidence
ISO/IEC 27001Information Security Management. [WARNING] Readiness in ProgressAudit Framework under NDA
SOC 2 Type IITrust Services Criteria (Security and Availability). [WARNING] Readiness in ProgressAvailable under NDA
NIST SP 800-171CUI (Controlled Unclassified Information) Protection. [WARNING] Readiness in ProgressNIST Mapping

For strict Defense and Intelligence requirements (SCIF, ITAR/EAR), please refer to our Defense Deployment Guide.

SOC 2 / ISO 27001 interpretation

ABS Core may contribute evidence or controls in areas such as:

  • logging,
  • change management,
  • monitoring,
  • and governed execution control.

Actual conformity with ISO 27001 or SOC 2 always depends on the surrounding organization, procedures, operators, and infrastructure.

NIST AI RMF interpretation

ABS Core is most relevant to AI risk-management efforts where an organization wants to:

  • document governed action paths,
  • enforce policy decisions before execution,
  • measure runtime events,
  • and improve accountability for agent-driven operations.

That makes it useful as part of a broader AI risk program.

Banking, PCI, and healthcare interpretation

For finance, payments, and healthcare environments, ABS Core may be relevant where customers need:

  • tighter control over sensitive execution paths,
  • auditable approval or block decisions,
  • customer-controlled deployment options,
  • and evidence trails for internal review.

However, sector-specific compliance claims must remain deployment-specific and customer-specific unless independently validated.

Evidence expectations

A serious buyer, auditor, or risk team will still expect:

  • deployment documentation,
  • control mappings reviewed in context,
  • policy definitions,
  • logging and retention behavior,
  • access governance design,
  • and customer-side operating procedures.

For that reason, this page should be treated as a starting point for diligence, not as a final compliance certificate.

Bottom line

The strongest compliance message for ABS Core is not "we make you compliant." The strongest message is: ABS Core can provide cryptographically verified runtime controls and evidence that help regulated organizations govern sensitive agent execution paths more credibly.

[!IMPORTANT] Legal Notice: Preliminary legal opinion on regulatory adequacy (EU AI Act, LGPD, BACEN) is available under NDA for Vendor Risk Management committees. Technical matrices reflect controls implemented in code.

ABS Certified Vault

Liability Transfer via Pre-Audited Governance Policies for Enterprise Compliance.

Banking & Financial Services

How ABS Core protects Pix transactions, AI-driven credit decisions, and prevents data exfiltration in financial institutions.

On this page

Compliance Mapping MatrixInterpretation guideFramework support areasBrazil: BACEN & LGPD InterpretationDefense & InfoSec CertificationsSOC 2 / ISO 27001 interpretationNIST AI RMF interpretationBanking, PCI, and healthcare interpretationEvidence expectationsBottom line