Infrastructure · The layer underneath

You can't enforce on infrastructure you don't control.

The framework tells you what to enforce. This layer is how: 80 technical controls across identity, logging, network, data, secrets, supply chain, and incident response, each tagged with the risk tiers it applies to.

Browse all 80 controls → See the mappings

The seven questions

Every control answers one of these.

Behavioral security is only as strong as the infrastructure enforcing it. Each domain answers a question the framework leaves to you.

Identity & Access

Who can reach the model? Authentication, least privilege, control-plane separation, approval workflows.

8 controls →

Logging & Observability

How do you know it's working? Model I/O, guardrail and judge decisions, drift detection, SIEM correlation.

10 controls →

Network & Segmentation

What's the blast radius if it fails? Zone architecture, bypass prevention, egress control, gateway enforcement.

8 controls →

Data Protection

Where does sensitive data go? Classification, minimisation, PII redaction, access-controlled RAG.

8 controls →

Secrets & Credentials

How are credentials managed? Context isolation, short-lived tokens, central vault, rotation on exposure.

8 controls →

Supply Chain

Can you trust the model? Provenance, RAG integrity, tool vetting, AI-BOM, vulnerability monitoring.

8 controls →

Incident Response

What happens when things break? AI-specific categories, containment, rollback, post-incident review.

8 controls →

Agentic controls

Tool access, session & scope, delegation chains, and sandbox patterns for agents that act.

22 more controls →

Standards & platforms

Mapped to the standards, ready for the platforms.

Every control maps back to the layered behavioral model and to the standards your auditors already know.

Standards mappings

ISO 42001 Annex A, NIST AI RMF, SP 800-218A, CSF 2.0, and OWASP LLM & Agentic Top 10.

See the crosswalks →

Platform patterns

Reference implementations for AWS Bedrock, Microsoft Foundry, and Databricks.

Implement on your platform →

Full control reference

All 80 controls in detail, the design principles, and the diagram library.

Open the reference →

The principle

Security is enforced by deterministic infrastructure like gateways, network policy, and vaults, never by prompt instructions that can be overridden. Infrastructure beats instructions.

Read the argument →