{ "version": "2.5.0", "last_updated": "2026-04-12", "total_nodes": 777, "registry": [ { "id": "aa1000ap-accountability", "title": "AA1000AP (AccountAbility)", "category": "Workplace", "bluf": "Compliance with the AA1000AP framework is predicated upon a systematic and auditable application of its foundational principles, reinforced by assurance requirements aligned with both the AA1000 Assurance Standard and Directive (EU) 2022/2464. The Principle of Inclusivity, per Section 2.1, is implem", "endpoint": "/api/v1/nodes/aa1000ap-accountability.json" }, { "id": "aba-model-rules-conduct", "title": "ABA Model Rules (Conduct)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with fundamental ABA Model Rules of Professional Conduct is operationalized through a stringent set of configurable controls. The duty of competence, as articulated in ABA Model Rule 1.1, Comment 8, mandates continuous technical competence validation to understand technology's benefits an", "endpoint": "/api/v1/nodes/aba-model-rules-conduct.json" }, { "id": "accounting-ias-38", "title": "AI Model Valuation (IAS 38)", "category": "Banking & Global Finance", "bluf": "IAS 38 Intangible Assets, issued by the IASB, governs the recognition, measurement, and disclosure of intangible assets including internally developed AI models, training datasets, and software. An intangible asset must meet strict recognition criteria: identifiability, control, and probable future ", "endpoint": "/api/v1/nodes/accounting-ias-38.json" }, { "id": "accounting-ifr-13", "title": "Digital Asset Fair Value (IFRS 13)", "category": "Banking & Global Finance", "bluf": "IFRS 13 Fair Value Measurement establishes a single framework for measuring fair value across all IFRS standards that require or permit fair value measurement, including digital assets, AI-tokenized instruments, and crypto holdings. The standard defines fair value as the exit price — the price recei", "endpoint": "/api/v1/nodes/accounting-ifr-13.json" }, { "id": "acec-ethics-eng", "title": "Engineers Ethics (ACEC)", "category": "Legal & IP Sovereignty", "bluf": "Engineers must uphold their paramount duty to public safety, health, and welfare, a principle derived from the NSPE Code of Ethics for Engineers - Fundamental Canon 1. This compliance framework mandates that all engineering activities adhere to the highest professional standards, requiring active pr", "endpoint": "/api/v1/nodes/acec-ethics-eng.json" }, { "id": "ada-employment-title-1", "title": "ADA (Employment Title I)", "category": "Workplace", "bluf": "Title I of the Americans with Disabilities Act establishes comprehensive non-discrimination obligations for employers with 15 or more employees. The statute's general rule, articulated in 42 U.S.C. § 12112(a), prohibits discrimination against a qualified individual on the basis of disability concern", "endpoint": "/api/v1/nodes/ada-employment-title-1.json" }, { "id": "ada-hospitality-access", "title": "ADA (Hospitality Accessibility)", "category": "Food & Hospitality", "bluf": "Compliance with Title III of the Americans with Disabilities Act mandates that places of public accommodation, including transient lodging, provide individuals with disabilities full and equal enjoyment of their goods, services, and facilities. Pursuant to the specific requirements outlined in 28 CF", "endpoint": "/api/v1/nodes/ada-hospitality-access.json" }, { "id": "agent-budget-cap", "title": "Agent Budgetary Controls & Ceiling Checks", "category": "Operations & CX", "bluf": "Agentized financial controls (Action Boundaries) restrict an autonomous agent's spending power per session, task, or API call to prevent catastrophic loss or unbounded consumption.", "endpoint": "/api/v1/nodes/agent-budget-cap.json" }, { "id": "agent-kill-switch", "title": "Agent Emergency Stop (Kill-Switch) Design Patterns", "category": "Operations & CX", "bluf": "An AI Agent Kill-Switch is a deterministic safety mechanism designed to immediately terminate or throttle an autonomous agent's execution if it exceeds predefined behavioral, financial, or operational boundaries. A compliant kill-switch architecture requires: sub-50ms signal propagation to prevent r", "endpoint": "/api/v1/nodes/agent-kill-switch.json" }, { "id": "ai-agent-collision-logic", "title": "Multi-Agent Collision Resolution", "category": "AI Governance & Law", "bluf": "Multi-agent collision logic provides deterministic protocols for resolving conflicts when two or more autonomous AI agents simultaneously attempt to access the same resource, modify the same shared state, execute contradictory actions, or pursue incompatible goal trajectories within a swarm or orche", "endpoint": "/api/v1/nodes/ai-agent-collision-logic.json" }, { "id": "ai-ip-copyright", "title": "AI-IP: Guidance on Authorship", "category": "Legal & IP Sovereignty", "bluf": "The US Copyright Office's AI Policy Statement (February 2023) and subsequent guidance (March 2023) establish that copyright protection requires human authorship — purely AI-generated content without human creative control is not copyrightable in the United States. Works involving AI assistance may r", "endpoint": "/api/v1/nodes/ai-ip-copyright.json" }, { "id": "aicpa-code-ethics", "title": "AICPA Code of Ethics", "category": "Legal & IP Sovereignty", "bluf": "Adherence to the AICPA Code of Professional Conduct mandates stringent standards for members, centering on the core Objectivity and Independence Principle outlined in ET Sec. 0.300.040. This framework absolutely requires independence in fact and appearance, a cornerstone of the Independence Rule fou", "endpoint": "/api/v1/nodes/aicpa-code-ethics.json" }, { "id": "alcohol-service-std", "title": "Responsible Alcohol Service", "category": "Food & Hospitality", "bluf": "Operationalizing responsible alcohol service necessitates strict adherence to prevailing statutory requirements and public safety mandates. Core compliance functions mandate verification that each patron meets the `patronAgeMinimum` of 21 years, confirmed by a `validIdPresented` check and a `patronA", "endpoint": "/api/v1/nodes/alcohol-service-std.json" }, { "id": "ama-ethical-marketing", "title": "AMA (Ethical Marketing)", "category": "Sales, Marketing & PR", "bluf": "Adherence to this node's parameters ensures marketing communications embody the American Marketing Association's core ethical norms, primarily to do no harm, foster trust within the marketing system, and embrace foundational values. This framework operationalizes AMA principles through stringent tec", "endpoint": "/api/v1/nodes/ama-ethical-marketing.json" }, { "id": "amazon-sponsored-ads-policy", "title": "Amazon Ads (Policy)", "category": "Sales, Marketing & PR", "bluf": "Amazon Advertising Policy governs the creation, targeting, and display of Sponsored Products, Sponsored Brands, and Sponsored Display advertisements on the Amazon marketplace. All sponsored ads must carry a mandatory 'Sponsored' label visible to shoppers; this is non-negotiable and enforced automati", "endpoint": "/api/v1/nodes/amazon-sponsored-ads-policy.json" }, { "id": "apra-cps-230-resilience", "title": "APRA CPS 230 (Resilience)", "category": "Banking & Global Finance", "bluf": "APRA CPS 230 (Operational Risk Management) is the new cross-industry standard for the Australian financial sector. it replaces several legacy standards (CPS 231, CPS 232) with a unified framework for operational risk, service provider management, and business continuity, placing increased accountabi", "endpoint": "/api/v1/nodes/apra-cps-230-resilience.json" }, { "id": "apra-cps-234", "title": "APRA Prudential Standard CPS 234 Information Security", "category": "Banking & Global Finance", "bluf": "A mandatory Australian regulatory standard ensuring that APRA-regulated entities maintain robust information security capabilities, with ultimate accountability residing at the Board level.", "endpoint": "/api/v1/nodes/apra-cps-234.json" }, { "id": "arbitration-uncitral-rules", "title": "UNCITRAL Arbitration Rules", "category": "Legal & IP Sovereignty", "bluf": "Invocation of the UNCITRAL Arbitration Rules establishes a specific procedural framework for dispute resolution, though several critical parameters remain undefined. The governing instrument currently lacks a designated appointing authority, a defined seat of arbitration, and a specified language fo", "endpoint": "/api/v1/nodes/arbitration-uncitral-rules.json" }, { "id": "as9100-rev-d-qms", "title": "AS9100 Rev D (Aviation QMS)", "category": "Aviation, Defense & Quantum", "bluf": "AS9100 Rev D is the international Quality Management System (QMS) standard for the Aviation, Space, and Defense (AS&D) industry. It incorporates the entire ISO 9001:2015 standard while adding specific requirements for product safety, counterfeit parts prevention, configuration management, and operat", "endpoint": "/api/v1/nodes/as9100-rev-d-qms.json" }, { "id": "as9100-rev-d", "title": "Aerospace Quality Management System (AS9100 Rev D)", "category": "Aviation Defense & Quantum", "bluf": "The gold standard for quality management in the Aviation, Space, and Defense sectors, extending ISO 9001 with rigorous aerospace-specific safety and risk requirements.", "endpoint": "/api/v1/nodes/as9100-rev-d.json" }, { "id": "as9110-maintenance-qms", "title": "AS9110 (Maintenance QMS)", "category": "Aviation, Defense & Quantum", "bluf": "AS9110 is the international Quality Management System standard specifically designed for aviation maintenance, repair, and overhaul (MRO) organizations. It builds upon AS9100 requirements by incorporating specific civil aviation regulations (EASA/FAA) and focusing on maintenance-specific factors lik", "endpoint": "/api/v1/nodes/as9110-maintenance-qms.json" }, { "id": "as9120-distributor-qms", "title": "AS9120 (Distributor QMS)", "category": "Aviation, Defense & Quantum", "bluf": "AS9120 is the international Quality Management System standard for distributors and stockholders in the Aviation, Space, and Defense industry. It focuses on the chain of custody, traceability, and the control of records to ensure 'Certificate of Conformity' (CoC) and airworthiness documentation are ", "endpoint": "/api/v1/nodes/as9120-distributor-qms.json" }, { "id": "asa-advertising-codes-uk", "title": "ASA (Advertising Codes)", "category": "Sales, Marketing & PR", "bluf": "Evaluation against the UK Advertising Codes confirms this marketing communication satisfies all primary regulatory obligations. The content is explicitly identifiable as an advertisement, upholding the CAP Code Section 2 principle that marketing must be recognizable. In accordance with both CAP Code", "endpoint": "/api/v1/nodes/asa-advertising-codes-uk.json" }, { "id": "assessing-security-privacy-controls", "title": "Assessing Security and Privacy Controls in Information Systems and Organizations", "category": "Cybersecurity", "bluf": "This publication provides a methodology and a set of procedures for conducting assessments of security and privacy controls employed within systems and organizations as part of an effective risk management framework. The assessment procedures are consistent with the security and privacy controls in ", "endpoint": "/api/v1/nodes/assessing-security-privacy-controls.json" }, { "id": "automated-fact-verification", "title": "Deterministic RAG Verification", "category": "AI Governance & Law", "bluf": "Deterministic RAG (Retrieval-Augmented Generation) verification is a systematic process for cross-referencing AI-generated claims against authoritative knowledge bases to detect and block hallucinated, fabricated, or unsupported outputs before they reach end users. The process extracts discrete fact", "endpoint": "/api/v1/nodes/automated-fact-verification.json" }, { "id": "automation-bpmn-agent-handover", "title": "Agent-to-Agent Handover Protocol (BPMN 2.0)", "category": "Operations & CX", "bluf": "Enforcing a zero-trust model for state transitions within distributed business processes, the Agent-to-Agent Handover Protocol aligns with NIST SP 800-207's micro-segmentation principles. Secure communication is mandated through a `require_mutual_tls_auth` policy, preventing unauthorized interceptio", "endpoint": "/api/v1/nodes/automation-bpmn-agent-handover.json" }, { "id": "automation-bpmn-error-boundary", "title": "Error Boundary Logic (BPMN 2.0)", "category": "Operations & CX", "bluf": "Ensuring predictable failure prevention and operational resilience, this BPMN 2.0 configuration aligns with stringent international standards. To satisfy mandates within the EU Digital Operational Resilience Act (DORA) for deterministic automated failover, an active `interrupting_boundary_event` cou", "endpoint": "/api/v1/nodes/automation-bpmn-error-boundary.json" }, { "id": "automation-bpmn-service-task", "title": "Service Task Execution Pattern (BPMN 2.0)", "category": "Operations & CX", "bluf": "Standardized, deterministic service tasks for executing automated logic within a business process, ensuring interoperability between agents and external systems.", "endpoint": "/api/v1/nodes/automation-bpmn-service-task.json" }, { "id": "automation-support-for-control-assessments", "title": "Automation Support for Control Assessments: Project Update and Vision", "category": "AI Governance & Law", "bluf": "In 2017, the National Institute of Standards and Technology (NIST) published a methodology for supporting the automation of Special Publication (SP) 800-53 control assessments in the form of Interagency Report (IR) 8011. IR 8011 is a multi-volume series that proposes an approach for creating specifi", "endpoint": "/api/v1/nodes/automation-support-for-control-assessments.json" }, { "id": "autonomous-trucking-v2v", "title": "Autonomous Trucking V2V Security", "category": "Logistics & Supply Chain", "bluf": "Compliance with this node ensures secure vehicle-to-vehicle (V2V) communications for autonomous trucking platoons by enforcing a comprehensive suite of cybersecurity controls derived from established automotive and security standards. The framework mandates that all messages utilize authentication t", "endpoint": "/api/v1/nodes/autonomous-trucking-v2v.json" }, { "id": "bank-provisioning-emerging-market-economies", "title": "Moving in tandem: bank provisioning in emerging market economies", "category": "Banking & Global Finance", "bluf": "This study analyzes the determinants of loan loss provisions and delinquency ratios based on the balance sheets of 554 banks from emerging market economies (EMEs). The results show that provisions in EME banks respond mostly to aggregate variables, and very little to idiosyncratic factors. Specifica", "endpoint": "/api/v1/nodes/bank-provisioning-emerging-market-economies.json" }, { "id": "bank-provisioning-emerging-markets", "title": "Moving in tandem: bank provisioning in emerging market economies", "category": "Banking & Global Finance", "bluf": "This study analyzes the determinants of loan loss provisions and delinquency ratios using balance sheet data from 554 banks in 18 emerging market economies (EMEs). The results show that provisions in EME banks respond mostly to aggregate variables and very little to idiosyncratic factors. Specifical", "endpoint": "/api/v1/nodes/bank-provisioning-emerging-markets.json" }, { "id": "bank-secrecy-act-suspicious", "title": "BSA SAR (Suspicious Activity)", "category": "Banking & Global Finance", "bluf": "The Bank Secrecy Act (BSA) requires financial institutions to file a Suspicious Activity Report (SAR) for any transaction that is suspicious, appears to involve illegal activity, or has no logical business purpose. it is the primary reporting tool for the U.S. government to identify and combat money", "endpoint": "/api/v1/nodes/bank-secrecy-act-suspicious.json" }, { "id": "bar-standards-board-uk", "title": "Bar Standards Board (UK)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with Bar Standards Board regulations necessitates strict adherence to a framework governing professional conduct, data security, and financial integrity. Core Duty 6 establishes an uncompromising obligation to maintain client confidentiality, a principle reinforced by the UK General Data ", "endpoint": "/api/v1/nodes/bar-standards-board-uk.json" }, { "id": "basel-committee-financial-crisis-response", "title": "The Basel Committee’s response to the financial crisis: report to the G20", "category": "Banking & Global Finance", "bluf": "The Basel Committee on Banking Supervision developed a reform programme, referred to as “Basel III”, to address the lessons of the financial crisis and strengthen the resilience of banks and the global banking system. The reforms seek to improve the banking sector’s ability to absorb shocks arising ", "endpoint": "/api/v1/nodes/basel-committee-financial-crisis-response.json" }, { "id": "basel-committee-response-financial-crisis", "title": "The Basel Committee’s response to the financial crisis: report to the G20", "category": "Banking & Global Finance", "bluf": "In response to the financial crisis, the Basel Committee on Banking Supervision developed a reform programme, collectively referred to as “Basel III”, to address weaknesses in the banking sector such as excessive leverage, inadequate and low-quality capital, and insufficient liquidity buffers. The r", "endpoint": "/api/v1/nodes/basel-committee-response-financial-crisis.json" }, { "id": "basel-ii-capital-framework", "title": "International Convergence of Capital Measurement and Capital Standards A Revised Framework Comprehensive Version", "category": "Banking & Global Finance", "bluf": "This framework presents the Basel Committee on Banking Supervision’s revisions to supervisory regulations governing the capital adequacy of internationally active banks. Its fundamental objective is to develop a framework that would further strengthen the soundness and stability of the international", "endpoint": "/api/v1/nodes/basel-ii-capital-framework.json" }, { "id": "basel-iii-capital", "title": "Basel III Capital Requirements", "category": "Banking & Global Finance", "bluf": "Basel III's framework, established by the Basel Committee on Banking Supervision's global regulatory framework and implemented through regulations such as the European Union's CRR and the US Federal Reserve's Regulation Q, mandates significantly strengthened capital and liquidity standards to enhanc", "endpoint": "/api/v1/nodes/basel-iii-capital.json" }, { "id": "basel-iii-global-regulatory-framework", "title": "Basel III: A global regulatory framework for more resilient banks and banking systems", "category": "Banking & Global Finance", "bluf": "This document presents the Basel Committee’s reforms to strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector. The objective of the reforms is to improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whate", "endpoint": "/api/v1/nodes/basel-iii-global-regulatory-framework.json" }, { "id": "basel-iii-liquidity-lcr", "title": "Basel III Liquidity (LCR)", "category": "Banking & Global Finance", "bluf": "The Liquidity Coverage Ratio (LCR) is a core component of the Basel III post-crisis reform. it ensures that banks maintain an adequate level of unencumbered high-quality liquid assets (HQLA) that can be converted into cash easily and immediately in private markets to meet their liquidity needs for a", "endpoint": "/api/v1/nodes/basel-iii-liquidity-lcr.json" }, { "id": "basel-iv-liquidity", "title": "Basel IV: Capital Floor & Liquidity", "category": "Banking & Global Finance", "bluf": "The Basel IV framework (the final Basel III reforms) introduces a standardized output floor to prevent banks from using internal models to underestimate risk. It significantly tightens capital requirements for G-SIBs and harmonizes the calculation of Risk-Weighted Assets (RWA) across the global bank", "endpoint": "/api/v1/nodes/basel-iv-liquidity.json" }, { "id": "basel-iv-output-floor", "title": "Basel IV Output Floor", "category": "Banking & Global Finance", "bluf": "The Basel IV Output Floor is the centerpiece of the 2017 Basel III 'completion' reforms. It limits the reduction in risk-weighted assets (RWA) that can result from a bank's use of internal models by mandating that RWAs calculated using internal models cannot fall below 72.5% of the RWAs calculated u", "endpoint": "/api/v1/nodes/basel-iv-output-floor.json" }, { "id": "bcbs-climate-related-financial-risks", "title": "Principles for the effective management and supervision of climate-related financial risks", "category": "Banking & Global Finance", "bluf": "Climate change may result in physical and transition risks that could affect the safety and soundness of individual banking institutions and have broader financial stability implications for the banking system. This document from the Basel Committee on Banking Supervision (BCBS) seeks to promote a p", "endpoint": "/api/v1/nodes/bcbs-climate-related-financial-risks.json" }, { "id": "bcbs-fintech-sound-practices", "title": "Sound Practices: Implications of fintech developments for banks and bank supervisors", "category": "Banking & Global Finance", "bluf": "Interest is growing in financial technology, or 'fintech'. In response, the Basel Committee on Banking Supervision (BCBS) has analyzed the implications for supervisors and banks’ business models. As fintech developments remain fluid, the impact on banks is uncertain, but a common theme is that banks", "endpoint": "/api/v1/nodes/bcbs-fintech-sound-practices.json" }, { "id": "bcbs-large-exposures-framework", "title": "Supervisory framework for measuring and controlling large exposures", "category": "Banking & Global Finance", "bluf": "This framework was developed to limit the maximum loss a bank could face in the event of a sudden counterparty failure to a level that does not endanger the bank’s solvency. It complements the Committee’s risk-based capital standard because the latter is not designed specifically to protect banks fr", "endpoint": "/api/v1/nodes/bcbs-large-exposures-framework.json" }, { "id": "bcbs-principles-operational-resilience", "title": "Principles for Operational Resilience", "category": "Banking & Global Finance", "bluf": "The Basel Committee on Banking Supervision promotes a principles-based approach to improving operational resilience, defined as the ability of a bank to deliver critical operations through disruption. This approach builds on the Committee’s Principles for the Sound Management of Operational Risk (PS", "endpoint": "/api/v1/nodes/bcbs-principles-operational-resilience.json" }, { "id": "bcbs-principles-sound-management-operational-risk", "title": "Principles for the Sound Management of Operational Risk", "category": "Banking & Global Finance", "bluf": "This document details eleven principles of sound operational risk management covering governance, the risk management environment, and the role of disclosure. It replaces the 2003 Sound Practices for the Management and Supervision of Operational Risk, incorporating the evolution of sound practice an", "endpoint": "/api/v1/nodes/bcbs-principles-sound-management-operational-risk.json" }, { "id": "bcbs-sound-liquidity-risk-management", "title": "Principles for Sound Liquidity Risk Management and Supervision", "category": "Banking & Global Finance", "bluf": "Liquidity is the ability of a bank to fund increases in assets and meet obligations as they come due, without incurring unacceptable losses. The fundamental role of banks in the maturity transformation of short-term deposits into long-term loans makes banks inherently vulnerable to liquidity risk. T", "endpoint": "/api/v1/nodes/bcbs-sound-liquidity-risk-management.json" }, { "id": "bcbs-sound-stress-testing-practices", "title": "Principles for sound stress testing practices and supervision", "category": "Banking & Global Finance", "bluf": "Stress testing is an important risk management tool used by banks as part of their internal risk management and, through the Basel II capital adequacy framework, is promoted by supervisors. It alerts bank management to adverse unexpected outcomes related to a variety of risks and provides an indicat", "endpoint": "/api/v1/nodes/bcbs-sound-stress-testing-practices.json" }, { "id": "berne-convention-copyright", "title": "Berne Convention (Copyright)", "category": "Creative, Content & Media IP", "bluf": "The Berne Convention for the Protection of Literary and Artistic Works (1886, Paris 1971) identifies the foundational international standards for the copyright. it specifies the mandatory the principle of the 'Automatic Protection' (without the registration) and the 'Moral Rights' (Article 6bis), en", "endpoint": "/api/v1/nodes/berne-convention-copyright.json" }, { "id": "berne-convention-literary-artistic", "title": "Berne Convention (Copyright)", "category": "Legal & IP Sovereignty", "bluf": "The Berne Convention for the Protection of Literary and Artistic Works (1886) is the foundational international treaty for copyright. It provides 'Automatic Protection'—meaning copyright exists as soon as a work is fixed in a tangible medium, without the need for registration—and ensures that foreig", "endpoint": "/api/v1/nodes/berne-convention-literary-artistic.json" }, { "id": "bgp-security-ddos-mitigation", "title": "Resilient Interdomain Traffic Exchange: BGP Security and DDoS Mitigation", "category": "Cybersecurity", "bluf": "This special publication on Resilient Interdomain Traffic Exchange (RITE) includes initial guidance on securing the interdomain routing control traffic, preventing IP address spoofing, and certain aspects of DoS/DDoS detection and mitigation. The primary focus of these recommendations are the points", "endpoint": "/api/v1/nodes/bgp-security-ddos-mitigation.json" }, { "id": "bis-cbdcs-monetary-system", "title": "III. CBDCs: an opportunity for the monetary system", "category": "Banking & Global Finance", "bluf": "This chapter examines how central bank digital currencies (CBDCs) can contribute to an open, safe and competitive monetary system that supports innovation and serves the public interest. CBDCs are a form of digital money, denominated in the national unit of account, which is a direct liability of th", "endpoint": "/api/v1/nodes/bis-cbdcs-monetary-system.json" }, { "id": "bis-etfs-illiquid-assets-fire-sales", "title": "ETFs, illiquid assets, and fire sales", "category": "Crypto & Sovereign Finance", "bluf": "This paper documents several novel facts about exchange-traded funds (ETFs) holding corporate bonds. Its main empirical finding is that the portfolio of bonds exchanged for new or existing ETF shares, known as creation or redemption baskets, often represents a small fraction of ETF holdings—a fact r", "endpoint": "/api/v1/nodes/bis-etfs-illiquid-assets-fire-sales.json" }, { "id": "bis-etfs-illiquid-assets-firesales", "title": "ETFs, illiquid assets, and fire sales", "category": "Crypto & Sovereign Finance", "bluf": "This paper documents several facts about exchange-traded funds (ETFs) holding corporate bonds. The main empirical finding is that bond ETF baskets contain a small fraction of holdings, a fact referred to as 'fractional baskets,' which contributes to persistent discrepancies between ETF price and net", "endpoint": "/api/v1/nodes/bis-etfs-illiquid-assets-firesales.json" }, { "id": "bis-principles-fmi-2012", "title": "BIS Principles (FMI)", "category": "Banking & Global Finance", "bluf": "The Principles for Financial Market Infrastructures (PFMI) are the international standards for the infrastructure that facilitates the clearing, settlement, and recording of monetary and other financial transactions. Developed by CPSS (now CPMI) and IOSCO, the 24 principles are designed to ensure th", "endpoint": "/api/v1/nodes/bis-principles-fmi-2012.json" }, { "id": "bitcoin-lightning-l402", "title": "Bitcoin Lightning L402", "category": "Crypto & Sovereign Finance", "bluf": "L402 (formerly LSAT — Lightning Service Authentication Token) is a protocol standard developed by Lightning Labs that enables HTTP 402 Payment Required responses to be resolved via Bitcoin Lightning Network micropayments, allowing servers to monetize API access at the sub-cent level in a fully progr", "endpoint": "/api/v1/nodes/bitcoin-lightning-l402.json" }, { "id": "brazil-lgpd-compliance", "title": "Brazil LGPD Compliance", "category": "Legal & IP Sovereignty", "bluf": "Lei Geral de Proteção de Dados (LGPD) is Brazil's comprehensive data protection law (Law No. 13,709/2018), modeled after GDPR but with distinct governance requirements for the ANPD (National Data Protection Authority) and mandatory DPO appointments for all controllers.", "endpoint": "/api/v1/nodes/brazil-lgpd-compliance.json" }, { "id": "brc-food-safety-global", "title": "BRCGS Food Safety", "category": "Food & Hospitality", "bluf": "Compliance with the BRCGS Global Standard Food Safety Issue 9 mandates a comprehensive, proactive management system, fundamentally rooted in senior management commitment as defined in Section 1. This commitment is evidenced through formal management reviews conducted at a maximum 12-month interval a", "endpoint": "/api/v1/nodes/brc-food-safety-global.json" }, { "id": "breeam-building-perf", "title": "BREEAM Building Performance", "category": "Sustainability & ESG", "bluf": "Asset performance verification against the BREEAM framework necessitates a holistic assessment of environmental, social, and economic sustainability factors. Compliance requires demonstrating an overall target BREEAM score percentage of 70, aligning with an 'Excellent' rating under benchmarks such a", "endpoint": "/api/v1/nodes/breeam-building-perf.json" }, { "id": "c-scrm-practices-systems-organizations", "title": "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations", "category": "Cybersecurity", "bluf": "This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. It integrates cybersecurity supply chain risk management (C-SCRM) into risk management activities by applying a multilev", "endpoint": "/api/v1/nodes/c-scrm-practices-systems-organizations.json" }, { "id": "c-tpat-minimum-security", "title": "C-TPAT Minimum Security Criteria", "category": "Logistics & Supply Chain", "bluf": "The Customs-Trade Partnership Against Terrorism (C-TPAT) is a voluntary public-private sector partnership program where members work with U.S. Customs and Border Protection (CBP) to protect the supply chain, identify security gaps, and implement specific security measures and best practices.", "endpoint": "/api/v1/nodes/c-tpat-minimum-security.json" }, { "id": "c2pa-content-provenance", "title": "C2PA (Provenance)", "category": "Creative, Content & Media IP", "bluf": "Compliance with this node mandates the immutable attachment of a C2PA manifest to all digital assets, establishing verifiable provenance and aligning with transparency obligations for AI-generated content as stipulated under the EU Artificial Intelligence Act and content authentication directives fr", "endpoint": "/api/v1/nodes/c2pa-content-provenance.json" }, { "id": "c2pa-watermark-valid", "title": "C2PA Content Provenance", "category": "AI Governance & Law", "bluf": "The Coalition for Content Provenance and Authenticity (C2PA) specification defines a cryptographically signed metadata manifest standard that embeds verifiable provenance information directly into digital assets (images, video, audio, documents), enabling any consumer to verify who created the asset", "endpoint": "/api/v1/nodes/c2pa-watermark-valid.json" }, { "id": "california-ccpa-v2", "title": "CCPA/CPRA Enforcement", "category": "Legal & IP Sovereignty", "bluf": "The California Consumer Privacy Act (CCPA), as significantly enhanced by the California Privacy Rights Act (CPRA), provides comprehensive privacy rights to California residents. It introduces the CPPA (California Privacy Protection Agency) and grants the right to correct inaccurate data and limit us", "endpoint": "/api/v1/nodes/california-ccpa-v2.json" }, { "id": "can-spam-act-email", "title": "CAN-SPAM Act (Email)", "category": "Sales, Marketing & PR", "bluf": "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, commonly known as the CAN-SPAM Act, establishes national standards for sending commercial electronic mail. Compliance requires strict adherence to message content, sender identification, and consumer opt-out provisions. ", "endpoint": "/api/v1/nodes/can-spam-act-email.json" }, { "id": "casl-anti-spam-canada", "title": "CASL (Anti-Spam Canada)", "category": "Sales, Marketing & PR", "bluf": "Canada's Anti-Spam Legislation, governed by CASL S.C. 2010, c. 23, mandates strict compliance for sending Commercial Electronic Messages (CEMs). A core tenet is the prohibition outlined in Section 6(1) against dispatching CEMs without recipient consent, which must be either express or implied, a par", "endpoint": "/api/v1/nodes/casl-anti-spam-canada.json" }, { "id": "ccpa-cpra-optout-sale", "title": "CCPA/CPRA (Opt-out Sale)", "category": "Sales, Marketing & PR", "bluf": "California Civil Code § 1798.120 establishes a consumer's fundamental right to direct a business to stop selling or sharing their personal information. Fulfilling this obligation, as detailed in California Civil Code § 1798.135, mandates providing clear notice and an accessible \"Do Not Sell or Share", "endpoint": "/api/v1/nodes/ccpa-cpra-optout-sale.json" }, { "id": "ccpa-cpra", "title": "CCPA/CPRA — California Consumer Privacy Rights", "category": "Workplace", "bluf": "The California Consumer Privacy Act (CCPA, effective January 1, 2020) as substantially amended by the California Privacy Rights Act (CPRA, enforceable from March 29, 2024 following litigation delays; original date July 1, 2023) is the most comprehensive U.S. state privacy law and a de facto national", "endpoint": "/api/v1/nodes/ccpa-cpra.json" }, { "id": "cdp-carbon-disclosure", "title": "CDP Carbon Disclosure Protocol", "category": "Sustainability & ESG", "bluf": "Adherence to the CDP Carbon Disclosure Protocol necessitates annual disclosure via the mandatory ORS portal submission following a minimum reporting period of twelve months. Organizations must quantify greenhouse gas inventories consistent with the WRI/WBCSD Greenhouse Gas Protocol Corporate Account", "endpoint": "/api/v1/nodes/cdp-carbon-disclosure.json" }, { "id": "cfa-ethics-standards", "title": "CFA Ethics & Proficiency", "category": "Legal & IP Sovereignty", "bluf": "Operational adherence to this node establishes rigorous conformity with foundational principles of the CFA Institute Code of Ethics and Standards of Professional Conduct. The system mandates robust controls to uphold market integrity, including the enforcement of strict information barriers to preve", "endpoint": "/api/v1/nodes/cfa-ethics-standards.json" }, { "id": "cftc-part-49-swap-reporting", "title": "CFTC Part 49 (Swaps)", "category": "Banking & Global Finance", "bluf": "Compliance with CFTC Part 49 is predicated on maintaining an active registration as a Swap Data Repository (SDR) pursuant to procedures outlined in 17 CFR § 49.3. A designated Chief Compliance Officer, as mandated by 17 CFR § 49.22, administers the comprehensive compliance program and ensures an ann", "endpoint": "/api/v1/nodes/cftc-part-49-swap-reporting.json" }, { "id": "chaps-rtgs-high-val-london", "title": "CHAPS RTGS (Payments)", "category": "Banking & Global Finance", "bluf": "CHAPS (Clearing House Automated Payment System) is the UK's high-value, real-time gross settlement (RTGS) payment system. it is used for critical financial transactions, such as the interbank house purchases and the corporate the trades, ensuring the immediate and the irrevocable settlement of the f", "endpoint": "/api/v1/nodes/chaps-rtgs-high-val-london.json" }, { "id": "cipd-hr-standards", "title": "CIPD (HR Standards)", "category": "Workplace", "bluf": "Adherence to this node mandates rigorous alignment with Chartered Institute of Personnel and Development standards, structurally integrated with foundational UK legislation. An organization's human resources framework requires `require_cipd_profession_map_alignment`, ensuring all practices reflect t", "endpoint": "/api/v1/nodes/cipd-hr-standards.json" }, { "id": "cis-ai-least-privilege", "title": "Least Privilege for AI Agents (CIS Companion Guide)", "category": "Cybersecurity", "bluf": "Autonomous AI agents must be managed as Non-Human Identities (NHIs) with task-scoped, ephemeral privileges. The principle of Least Privilege ensures that an agent's access is restricted to the specific data and tools required for its current atomic task.", "endpoint": "/api/v1/nodes/cis-ai-least-privilege.json" }, { "id": "cis-controls-v8", "title": "CIS Critical Security Controls Version 8", "category": "Cybersecurity", "bluf": "Compliance with the Center for Internet Security (CIS) Critical Security Controls Version 8 provides a prioritized, risk-based framework for cyber defense, with this node mandating the foundational requirements of Implementation Group 1. Adherence necessitates maintaining a complete enterprise asset", "endpoint": "/api/v1/nodes/cis-controls-v8.json" }, { "id": "cisa-cross-sector-cybersecurity-goals", "title": "Cross-Sector Cybersecurity Performance Goals", "category": "Cybersecurity", "bluf": "The Cross-Sector Cybersecurity Performance Goals (CPGs) provide an approachable common set of IT and OT cybersecurity protections that are clearly defined, straightforward to implement, and aimed at addressing some of the most common and impactful cyber risks. These goals are applicable across all c", "endpoint": "/api/v1/nodes/cisa-cross-sector-cybersecurity-goals.json" }, { "id": "cisa-ms-isac-ransomware-guide", "title": "RANSOMWARE GUIDE", "category": "Cybersecurity", "bluf": "This guide provides ransomware best practices and recommendations based on operational insight from the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). It is intended for information technology (IT) professionals and othe", "endpoint": "/api/v1/nodes/cisa-ms-isac-ransomware-guide.json" }, { "id": "clia-cruise-ship-safety", "title": "CLIA Cruise Ship Safety", "category": "Food & Hospitality", "bluf": "Compliance for cruise ship operations mandates comprehensive adherence to multifaceted international and domestic regulations governing safety, security, health, and environmental protection. Pursuant to the International Ship and Port Facility Security (ISPS) Code under SOLAS Chapter XI-2, vessels ", "endpoint": "/api/v1/nodes/clia-cruise-ship-safety.json" }, { "id": "cloud-security-matrix-csa", "title": "CSA Cloud Matrix (v4)", "category": "Cloud & SaaS", "bluf": "The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) v4.0 is a cybersecurity control framework for the cloud computing sector. it provides a detailed set of the 17 domains, covering all aspects of the cloud technology, from the logical access to the supply chain, and the mapping to the glob", "endpoint": "/api/v1/nodes/cloud-security-matrix-csa.json" }, { "id": "cmmc-2-audit", "title": "CMMC 2.0 Level 2 Cybersecurity (Advanced)", "category": "Aviation Defense & Quantum", "bluf": "A mandatory US Department of Defense (DoD) certification for contractors handling Controlled Unclassified Information (CUI), based on the 110 practices of NIST SP 800-171.", "endpoint": "/api/v1/nodes/cmmc-2-audit.json" }, { "id": "cn-cac-genai-measures", "title": "China CAC Generative AI & Algorithmic Registry", "category": "Banking & Global Finance", "bluf": "Mandatory security assessment and algorithmic filing requirements for public-facing generative AI services and agents operating within or interacting with mainland China.", "endpoint": "/api/v1/nodes/cn-cac-genai-measures.json" }, { "id": "cobit-5-governance-it", "title": "COBIT 5 (Governance IT)", "category": "Cloud & SaaS", "bluf": "Compliance with this node validates the enterprise's implementation of a robust IT governance framework based on COBIT 5 principles. Successful attestation requires demonstrating a clear separation of governance from management functions, with board-level oversight of the Evaluate, Direct, and Monit", "endpoint": "/api/v1/nodes/cobit-5-governance-it.json" }, { "id": "codex-alimentarius-gen", "title": "Codex Alimentarius Code", "category": "Food & Hospitality", "bluf": "Operational alignment with the Codex Alimentarius framework is achieved through stringent controls governing food safety, traceability, and international trade ethics. The configuration mandates adherence to the General Principles of Food Hygiene by requiring a minimum of eight hygiene training hour", "endpoint": "/api/v1/nodes/codex-alimentarius-gen.json" }, { "id": "cold-chain-integrity-logic", "title": "Cold Chain Integrity Triage", "category": "Logistics & Supply Chain", "bluf": "Automated compliance verification for temperature-sensitive assets is governed by a stringent rule set designed to meet international regulatory standards. The system enforces good distribution practice tenets outlined within EU GDP Guidelines and aligns with World Health Organization recommendation", "endpoint": "/api/v1/nodes/cold-chain-integrity-logic.json" }, { "id": "compliance-gdpr-dpa", "title": "GDPR Data Processing Agreement (DPA) Checklist", "category": "Operations & CX", "bluf": "A compliant Data Processing Agreement establishes a legally binding contract defining the processor's obligations, consistent with European Data Protection Board Guidelines 07/2020. The processor must act exclusively upon documented controller instructions, a mandate under which `unauthorized_cross_", "endpoint": "/api/v1/nodes/compliance-gdpr-dpa.json" }, { "id": "constitutional-ai-align", "title": "Constitutional AI Algorithm", "category": "AI Governance & Law", "bluf": "Constitutional AI (CAI) is an alignment training methodology developed by Anthropic (Bai et al., 2022) that trains AI systems to be helpful, harmless, and honest using a set of explicit behavioral principles (the 'Constitution') rather than relying exclusively on human feedback labeling of individua", "endpoint": "/api/v1/nodes/constitutional-ai-align.json" }, { "id": "contingency-planning-federal-information-systems", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "This guide provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data a", "endpoint": "/api/v1/nodes/contingency-planning-federal-information-systems.json" }, { "id": "contingency-planning-guide-federal-systems", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-34, Rev. 1, provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to interim measures to recover information system services after a disruption, which may include relocation to an alter", "endpoint": "/api/v1/nodes/contingency-planning-guide-federal-systems.json" }, { "id": "copc-cx-standard", "title": "COPC CX Standard", "category": "Operations & CX", "bluf": "The COPC Customer Experience (CX) Standard is a performance management framework developed by COPC Inc. that defines operational excellence requirements for customer experience operations, contact centers, and outsourced service providers, covering service levels, quality, cost efficiency, and custo", "endpoint": "/api/v1/nodes/copc-cx-standard.json" }, { "id": "coppa-marketing-kids", "title": "COPPA (Marketing to Kids)", "category": "Sales, Marketing & PR", "bluf": "This operator's online service is explicitly designated as a child-directed service, thereby triggering stringent obligations under the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501-6506. While a neutral age gate is implemented for users under the established `user_age_threshold_years`", "endpoint": "/api/v1/nodes/coppa-marketing-kids.json" }, { "id": "copyright-fair-use-us", "title": "Fair Use (U.S. Copyright)", "category": "Creative, Content & Media IP", "bluf": "A proposed use of copyrighted material under these parameters presents a compelling case for the fair use affirmative defense, as delineated within 17 U.S.C. § 107, thereby not requiring mandatory legal review. The first statutory factor, the purpose and character of the use, weighs strongly in favo", "endpoint": "/api/v1/nodes/copyright-fair-use-us.json" }, { "id": "cpmi-iosco-cyber-resilience-fmi", "title": "Guidance on cyber resilience for financial market infrastructures", "category": "Banking & Global Finance", "bluf": "The purpose of this document is to provide guidance for Financial Market Infrastructures (FMIs) to enhance their cyber resilience. It provides supplemental guidance to the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI), primarily in the context of governance, risk management, sett", "endpoint": "/api/v1/nodes/cpmi-iosco-cyber-resilience-fmi.json" }, { "id": "creative-commons-by-sa", "title": "Creative Commons (BY-SA)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the Creative Commons Attribution-ShareAlike 4.0 license is predicated on several core obligations, even though commercial use and the creation of derivative works are permitted. A primary condition is comprehensive attribution. Licensees are mandated to provide creator credit, retain", "endpoint": "/api/v1/nodes/creative-commons-by-sa.json" }, { "id": "cross-chain-bridge-security", "title": "Cross-Chain Bridge Security", "category": "Crypto & Sovereign Finance", "bluf": "Cross-chain bridges enable transfer of digital assets between distinct blockchain networks by locking assets on the source chain and minting equivalents on the destination. Bridge protocols are the most exploited attack surface in DeFi — over $2 billion stolen in 2022 alone (Ronin $625M, Wormhole $3", "endpoint": "/api/v1/nodes/cross-chain-bridge-security.json" }, { "id": "crs-oecd-tax-automatic", "title": "OECD CRS (Tax Exchange)", "category": "Banking & Global Finance", "bluf": "The Common Reporting Standard (CRS) is the global benchmark for the automatic exchange of financial account information (AEOI) to combat tax evasion. Developed by the OECD, it requires financial institutions in participating jurisdictions to identify and report the account holders who are tax reside", "endpoint": "/api/v1/nodes/crs-oecd-tax-automatic.json" }, { "id": "crypto-aml-travel-rule", "title": "Crypto AML Travel Rule", "category": "Crypto & Sovereign Finance", "bluf": "The FATF Travel Rule (Recommendation 16), as applied to Virtual Asset Service Providers (VASPs) through FATF Guidance on Virtual Assets (2019, updated 2021), requires that originating VASPs transmit specific identifying information about the sender and beneficiary alongside every virtual asset trans", "endpoint": "/api/v1/nodes/crypto-aml-travel-rule.json" }, { "id": "csrd-eu-sustainability", "title": "CSRD / ESRS (EU Sustainability)", "category": "Sustainability & ESG", "bluf": "The Corporate Sustainability Reporting Directive (CSRD) is the landmark EU regulation mandating detailed sustainability disclosure for large and listed companies. It introduces the European Sustainability Reporting Standards (ESRS), requiring 'Double Materiality'—reporting on both financial and envi", "endpoint": "/api/v1/nodes/csrd-eu-sustainability.json" }, { "id": "customs-tapa-transport-sec", "title": "TAPA Transport Security Requirements", "category": "Logistics & Supply Chain", "bluf": "Compliance with Transported Asset Protection Association (TAPA) Trucking Security Requirements (TSR) at Level 1 is mandatory for all in-scope transport operations, demanding a multi-layered security posture as defined by established protocols. This stringent certification requires that all conveyanc", "endpoint": "/api/v1/nodes/customs-tapa-transport-sec.json" }, { "id": "cyber-essentials-plus-uk", "title": "Cyber Essentials Plus (UK)", "category": "Cloud & SaaS", "bluf": "Cyber Essentials Plus (UK) certification establishes a high-assurance cybersecurity posture, validated through a mandatory independent technical audit as specified in the NCSC Cyber Essentials Plus: Illustrative Test Specification v3.1. This framework, frequently a prerequisite for UK government con", "endpoint": "/api/v1/nodes/cyber-essentials-plus-uk.json" }, { "id": "cyber-mitre-t1082", "title": "System Information Discovery (MITRE ATT&CK T1082)", "category": "Cybersecurity", "bluf": "Adversaries attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.", "endpoint": "/api/v1/nodes/cyber-mitre-t1082.json" }, { "id": "cyber-nist-800-53-ac2", "title": "Account Management (NIST SP 800-53 AC-2)", "category": "Cybersecurity", "bluf": "The Account Management control establishes a comprehensive framework, consistent with NIST Special Publication 800-53 AC-2, for managing the full lifecycle of information system accounts. This governance is essential for satisfying the identity management and access rights principles of ISO/IEC 2700", "endpoint": "/api/v1/nodes/cyber-nist-800-53-ac2.json" }, { "id": "cyber-nist-csf-2", "title": "Asset Management Strategy (NIST CSF 2.0 ID.AM)", "category": "Cybersecurity", "bluf": "Effective governance over the enterprise environment necessitates a comprehensive asset management strategy grounded in the NIST Cybersecurity Framework 2.0 Identify function. This approach mandates the maintenance of detailed hardware and software inventories, achieving a minimum coverage threshold", "endpoint": "/api/v1/nodes/cyber-nist-csf-2.json" }, { "id": "cybersecurity-profile-hsn", "title": "Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)", "category": "Cybersecurity", "bluf": "This Cybersecurity Profile identifies an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring, and imaging. The Profile will", "endpoint": "/api/v1/nodes/cybersecurity-profile-hsn.json" }, { "id": "data-integrity-detecting-responding-ransomware", "title": "NIST SPECIAL PUBLICATION 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events", "category": "Cybersecurity", "bluf": "This guide focuses on data integrity: the property that data has not been altered in an unauthorized manner, covering data in storage, during processing, and while in transit. Destructive malware, ransomware, malicious insider activity, and even honest mistakes all necessitate that organizations det", "endpoint": "/api/v1/nodes/data-integrity-detecting-responding-ransomware.json" }, { "id": "defi-tvl-ratio-logic", "title": "DeFi Insolvency Logic", "category": "Crypto & Sovereign Finance", "bluf": "DeFi insolvency logic governs the real-time health monitoring and liquidation execution in over-collateralized lending protocols (Aave, Compound, MakerDAO), using a Health Factor calculation to determine when a borrower's collateral value has declined sufficiently relative to their debt that the pos", "endpoint": "/api/v1/nodes/defi-tvl-ratio-logic.json" }, { "id": "delaware-corporate-law-basics", "title": "Delaware Corporate Law", "category": "Legal & IP Sovereignty", "bluf": "Delaware General Corporation Law (DGCL) is the leading U.S. corporate law, chosen by over 60% of Fortune 500 companies. It is defined by its enabling nature and the expertise of the Delaware Court of Chancery, which has developed a stable and predictable body of case law centered on the fiduciary du", "endpoint": "/api/v1/nodes/delaware-corporate-law-basics.json" }, { "id": "developing-security-plans-federal-systems", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve the protection of information system resources. This guide provides an overview of the security requirements for a system and describes the controls, either in place or planned, for meeting those requirements. The completion of system security ", "endpoint": "/api/v1/nodes/developing-security-plans-federal-systems.json" }, { "id": "dfars-7012-defense-cyber", "title": "DFARS 252.204-7012 (Cyber)", "category": "Aviation, Defense & Quantum", "bluf": "DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) is the primary U.S. defense acquisition regulation for protecting CDI. It mandates the implementation of NIST SP 800-171 and requires rapid cyber incident reporting (within 72 hours) for all defense contractor", "endpoint": "/api/v1/nodes/dfars-7012-defense-cyber.json" }, { "id": "dicom-imaging-standard", "title": "DICOM Imaging Standard", "category": "Medical & Healthcare", "bluf": "DICOM (Digital Imaging and Communications in Medicine) is the international standard for medical imaging and related information. It specifies the network protocols for image exchange (PACS/RIS integration), the media format for storage (PS3.10), and the web services (WADO-RS) for image retrieval ac", "endpoint": "/api/v1/nodes/dicom-imaging-standard.json" }, { "id": "dicom-medical-imaging", "title": "DICOM (Medical Imaging)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the ISO 12052:2017 standard for medical imaging necessitates a robust security posture, mandating specific technical controls for handling DICOM objects. This configuration enforces secure transport channels through the mandatory use of TLS, with a minimum accepted protocol version o", "endpoint": "/api/v1/nodes/dicom-medical-imaging.json" }, { "id": "digital-twin-fidelity", "title": "Digital Twin Fidelity Audit", "category": "Industrial IoT & Energy", "bluf": "Digital twin fidelity refers to the degree of accuracy with which a virtual model replicates the real-time state, behavior, and physical properties of its physical counterpart, encompassing sensor data synchronization latency, physics simulation accuracy, historical data concordance, and predictive ", "endpoint": "/api/v1/nodes/digital-twin-fidelity.json" }, { "id": "dmca-safe-harbor", "title": "DMCA (Safe Harbor)", "category": "Creative, Content & Media IP", "bluf": "Qualification for liability limitations under the Digital Millennium Copyright Act safe harbor for information residing on systems at the direction of users necessitates strict adherence to several statutory conditions. Eligibility is predicated on satisfying requirements within 17 U.S.C. § 512(i), ", "endpoint": "/api/v1/nodes/dmca-safe-harbor.json" }, { "id": "dodd-frank-volcker-rule", "title": "Volcker Rule (Prop Trading)", "category": "Banking & Global Finance", "bluf": "The Volcker Rule (Section 619 of the Dodd-Frank Act) prohibits U.S. banking entities from engaging in proprietary trading or acquiring/sponsoring 'Covered Funds' (Hedge Funds or Private Equity). it is designed to separate commercial banking from high-risk investment activities, ensuring that deposit", "endpoint": "/api/v1/nodes/dodd-frank-volcker-rule.json" }, { "id": "doi-digital-object-id", "title": "DOI (Object ID)", "category": "Creative, Content & Media IP", "bluf": "Digital Object Identifier (DOI) validation enforces strict adherence to international standards for persistent and actionable identification of digital assets. Compliance with ISO 26324:2012 is mandatory, requiring a valid prefix/suffix structure where the prefix begins with the directory indicator ", "endpoint": "/api/v1/nodes/doi-digital-object-id.json" }, { "id": "dora-ict-risk", "title": "DORA — EU Digital Operational Resilience Act", "category": "Banking & Global Finance", "bluf": "Regulation (EU) 2022/2554 (DORA — Digital Operational Resilience Act), published December 27, 2022 and directly applicable (no national transposition required) across all EU member states from January 17, 2025, establishes binding ICT risk management, incident reporting, resilience testing, and thir", "endpoint": "/api/v1/nodes/dora-ict-risk.json" }, { "id": "drone-delivery-corridor", "title": "Drone Delivery Corridor Security", "category": "Logistics & Supply Chain", "bluf": "Compliance within designated drone delivery corridors mandates a multi-layered approach to operational integrity and airspace safety, unifying stringent technical and procedural controls. Operations must strictly adhere to a maximum altitude of 400 feet AGL. In accordance with FAA 14 CFR Part 89 and", "endpoint": "/api/v1/nodes/drone-delivery-corridor.json" }, { "id": "dtsa-trade-secret-protection", "title": "DTSA (Trade Secret Protection)", "category": "Legal & IP Sovereignty", "bluf": "The Defend Trade Secrets Act (DTSA) of 2016 is a U.S. federal law extending the Economic Espionage Act of 1996 to provide a private right of action for trade secret misappropriation. It provides a standardized federal framework for protecting confidential business information, including 'Ex Parte Se", "endpoint": "/api/v1/nodes/dtsa-trade-secret-protection.json" }, { "id": "ear-dual-use-export", "title": "EAR Dual-Use Export Control", "category": "Aviation, Defense & Quantum", "bluf": "The Export Administration Regulations (EAR) govern the export of 'Dual-Use' items—commercial commodities, software, and technology that also have potential military or proliferation applications. It is centered around the Commerce Control List (CCL) and the Export Control Classification Number (ECCN", "endpoint": "/api/v1/nodes/ear-dual-use-export.json" }, { "id": "easa-part-145-maintenance", "title": "EASA Part 145 (Maintenance)", "category": "Aviation, Defense & Quantum", "bluf": "EASA Part 145 is the European standard for the approval of maintenance organizations in civil aviation. It specifies the requirements for the organization, personnel, facility, and procedures to ensure the airworthiness of aircraft and components through safe and standardized maintenance practices.", "endpoint": "/api/v1/nodes/easa-part-145-maintenance.json" }, { "id": "eba-outsourcing-guide", "title": "EBA Outsourcing Guidelines", "category": "Banking & Global Finance", "bluf": "The EBA Guidelines on Outsourcing Arrangements (EBA/GL/2019/02) apply a unified framework for the financial sector across the EU. it specifies the governance and the pre-outsourcing due diligence required for all credit institutions and the investment firms, with a specific focus on the 'Critical or", "endpoint": "/api/v1/nodes/eba-outsourcing-guide.json" }, { "id": "ebsa-cybersecurity-best-practices", "title": "CYBERSECURITY PROGRAM BEST PRACTICES", "category": "Workplace", "bluf": "ERISA-covered pension plans and health and welfare plans often hold millions of dollars or more in assets and store participant personally identifiable data, which can make them tempting targets for cyber-criminals. Responsible plan fiduciaries have an obligation to ensure proper mitigation of cyber", "endpoint": "/api/v1/nodes/ebsa-cybersecurity-best-practices.json" }, { "id": "ebu-r128-audio-loudness", "title": "EBU R128 (Loudness)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the EBU R 128 recommendation mandates rigorous audio loudness normalization to ensure content uniformity across broadcast platforms. The primary objective is achieving a Target Programme Loudness of -23.0 LUFS, with a standard tolerance of ±0.5 LU; for live material, this window is e", "endpoint": "/api/v1/nodes/ebu-r128-audio-loudness.json" }, { "id": "ecb-guide-internal-models", "title": "ECB Guide (Internal Models)", "category": "Banking & Global Finance", "bluf": "The ECB Guide to Internal Models (EGIM) provides the foundational standard for the supervised banks in the Eurozone to the use of the 'Internal Ratings Based' (IRB) approach for calculating the regulatory capital. it specifies the risk parameter estimation (PD, LGD, EAD) and the validation requireme", "endpoint": "/api/v1/nodes/ecb-guide-internal-models.json" }, { "id": "edge-ai-security-nist", "title": "Edge AI Security (NIST)", "category": "Industrial IoT & Energy", "bluf": "Edge AI security encompasses the technical and operational controls required to securely deploy machine learning models on resource-constrained IoT and edge computing devices, where traditional cloud-based security architectures cannot be fully replicated due to limited compute, network, and power r", "endpoint": "/api/v1/nodes/edge-ai-security-nist.json" }, { "id": "eeoc-employment-rule", "title": "EEOC (Employment Rule)", "category": "Workplace", "bluf": "Employers with 15 or more employees are subject to Title VII of the Civil Rights Act of 1964, which prohibits employment discrimination based on protected characteristics. This node enforces that prohibition, as platform configurations make protected class filtering impossible for candidate searches", "endpoint": "/api/v1/nodes/eeoc-employment-rule.json" }, { "id": "environmental-noise-dir", "title": "Environmental Noise Directive", "category": "Sustainability & ESG", "bluf": "Compliance with Directive 2002/49/EC, the Environmental Noise Directive (END), mandates a common framework for managing environmental noise to mitigate its adverse health effects. This obligation requires competent authorities to produce strategic noise maps for population agglomerations exceeding a", "endpoint": "/api/v1/nodes/environmental-noise-dir.json" }, { "id": "eprivacy-cookie-directive", "title": "ePrivacy (Cookie Directive)", "category": "Sales, Marketing & PR", "bluf": "Compliance with the ePrivacy Directive mandates a strict consent-first framework for accessing or storing information on user terminal equipment, directly reflecting Article 5(3) of Directive 2002/58/EC. This node operationalizes such a requirement by enforcing that `require_prior_consent_non_essent", "endpoint": "/api/v1/nodes/eprivacy-cookie-directive.json" }, { "id": "erisa-compliance-rep", "title": "ERISA (Retirement Security)", "category": "Workplace", "bluf": "Compliance with the Employee Retirement Income Security Act (ERISA) mandates a rigorous adherence to specific fiduciary, participation, vesting, reporting, and bonding standards to protect plan participants and beneficiaries. Plan fiduciaries must formally acknowledge their duty to act with the care", "endpoint": "/api/v1/nodes/erisa-compliance-rep.json" }, { "id": "ethereum-eip-4337", "title": "Account Abstraction (EIP-4337)", "category": "Crypto & Sovereign Finance", "bluf": "EIP-4337 (Account Abstraction Using Alt Mempool) is an Ethereum Improvement Proposal finalized in March 2023 that enables programmable smart contract wallets to replace externally owned accounts (EOAs) as the primary transaction signing mechanism, without requiring changes to the Ethereum protocol c", "endpoint": "/api/v1/nodes/ethereum-eip-4337.json" }, { "id": "etsi-en-304-223-sai", "title": "ETSI EN 304 223 - Securing AI (SAI)", "category": "Cybersecurity", "bluf": "European telecommunications standards for mitigating attacks against AI models, including data poisoning, model evasion, and supply chain vulnerabilities.", "endpoint": "/api/v1/nodes/etsi-en-304-223-sai.json" }, { "id": "eu-ai-act-bias", "title": "EU AI Act: Data Bias Mitigation (Article 10)", "category": "AI Governance & Law", "bluf": "Article 10 of the EU AI Act (2026 fully enforced) mandates strict controls to detect, prevent, and mitigate biases in training, validation, and testing datasets for high-risk AI systems.", "endpoint": "/api/v1/nodes/eu-ai-act-bias.json" }, { "id": "eu-ai-act-high-risk", "title": "EU AI Act: High-Risk Conformity (Title III)", "category": "AI Governance & Law", "bluf": "Title III of the EU AI Act (2026 fully enforced) mandates rigorous conformity assessments for \"High-Risk AI Systems,\" including mandatory requirements for data governance, technical documentation, and record-keeping.", "endpoint": "/api/v1/nodes/eu-ai-act-high-risk.json" }, { "id": "eu-antitrust-competition-law", "title": "EU Antitrust & Competition Law", "category": "Legal & IP Sovereignty", "bluf": "EU Antitrust and Competition Law (based on Articles 101 and 102 of the TFEU) is the primary framework for ensuring fair competition within the EU's internal market. It prohibits cartels, anti-competitive agreements, and the abuse of a dominant position by major firms, with massive enforcement powers", "endpoint": "/api/v1/nodes/eu-antitrust-competition-law.json" }, { "id": "eu-battery-passport", "title": "EU Digital Battery Passport", "category": "Sustainability & ESG", "bluf": "Compliance with Regulation (EU) 2023/1542 mandates the creation of a unique Digital Battery Passport for specific battery categories placed on the market. This requirement applies if a product is an industrial, electric vehicle, or light means of transport (LMT) battery where `is_industrial_ev_or_lm", "endpoint": "/api/v1/nodes/eu-battery-passport.json" }, { "id": "eu-cbam-calc", "title": "EU Carbon Border Adjustment (CBAM)", "category": "Sustainability & ESG", "bluf": "The EU Carbon Border Adjustment Mechanism (CBAM), established by Regulation (EU) 2023/956 and fully operational from January 2026, requires EU importers to purchase CBAM certificates corresponding to the carbon price that would have been paid under EU ETS rules if the goods had been produced in the ", "endpoint": "/api/v1/nodes/eu-cbam-calc.json" }, { "id": "eu-copyright-directive-art-17", "title": "EU Copyright (Art 17)", "category": "Creative, Content & Media IP", "bluf": "Article 17 of Directive (EU) 2019/790 establishes a specific liability regime for platforms classified as Online Content-Sharing Service Providers (OCSSPs), which perform an act of communication to the public when giving access to copyright-protected works uploaded by their users. To avoid direct li", "endpoint": "/api/v1/nodes/eu-copyright-directive-art-17.json" }, { "id": "eu-espr-ecodesign", "title": "Ecodesign for Sustainable Prod", "category": "Sustainability & ESG", "bluf": "Regulation (EU) 2024/1781 establishes a comprehensive framework for setting ecodesign requirements for sustainable products, significantly expanding upon its predecessor, Directive 2009/125/EC. As a cornerstone of the Circular Economy Action Plan, this regulation mandates stringent performance and i", "endpoint": "/api/v1/nodes/eu-espr-ecodesign.json" }, { "id": "eu-food-law-178-2002", "title": "EU General Food Law (178/2002)", "category": "Food & Hospitality", "bluf": "Regulation (EC) No 178/2002 establishes the foundational principles and requirements of general food law, prioritizing a high level of protection for human health. Compliance hinges on strict adherence to the food safety requirements outlined in Article 14, which explicitly prohibits placing unsafe ", "endpoint": "/api/v1/nodes/eu-food-law-178-2002.json" }, { "id": "eu-ivdr-2017-746", "title": "EU IVDR 2017/746 (Diagnostics)", "category": "Medical & Healthcare", "bluf": "EU Regulation 2017/746 (In-Vitro Diagnostic Medical Device Regulation - IVDR) is the primary framework for diagnostic devices in the European Union. It replaces the previous 98/79/EC directive and dramatically increases the oversight of IVDs, requiring nearly 80% of devices to undergo notified body ", "endpoint": "/api/v1/nodes/eu-ivdr-2017-746.json" }, { "id": "eu-mdr-2017-745", "title": "EU MDR 2017/745 (Devices)", "category": "Medical & Healthcare", "bluf": "EU Regulation 2017/745 (Medical Device Regulation - MDR) is the primary framework for medical device compliance in the European Union. It replaces the previous MDD/AIMDD directives, introducing more rigorous requirements for pre-market clinical evaluation, post-market surveillance (PMS), and traceab", "endpoint": "/api/v1/nodes/eu-mdr-2017-745.json" }, { "id": "eu-sfdr-reporting", "title": "SFDR: Sustainable Finance Disclosure", "category": "Sustainability & ESG", "bluf": "As a financial market participant and financial adviser under Regulation (EU) 2019/2088, this entity is subject to comprehensive sustainability-related disclosure obligations. Exceeding the 500-employee count makes compliance with SFDR Article 4 mandatory, requiring a published statement on due dili", "endpoint": "/api/v1/nodes/eu-sfdr-reporting.json" }, { "id": "eu-taxonomy-sustainable", "title": "EU Taxonomy for Sustainable Finance", "category": "Sustainability & ESG", "bluf": "Regulation (EU) 2020/852 establishes a classification system to determine whether an economic activity is environmentally sustainable, imposing stringent disclosure obligations on entities subject to NFRD/CSRD (`is_subject_to_nfrd_csrd`:true). An activity qualifies as sustainable only if it meets fo", "endpoint": "/api/v1/nodes/eu-taxonomy-sustainable.json" }, { "id": "exif-standard-metadata", "title": "EXIF Standard (Metadata)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the Exchangeable image file format standard is rigorously enforced to ensure data integrity and interoperability for all digital still-camera image assets. This validation mandates strict adherence to the CIPA DC-008-2023 specification, requiring a valid Exif Version 3.0 signature fo", "endpoint": "/api/v1/nodes/exif-standard-metadata.json" }, { "id": "faa-part-21-certification", "title": "FAA Part 21 (Certification)", "category": "Aviation, Defense & Quantum", "bluf": "FAA Part 21 (Certification Procedures for Products and Articles) is the primary U.S. regulation for the certification of aircraft, engines, propellers, and parts. it encompasses the entire life cycle from initial type certificate (TC) through production certificate (PC) and final airworthiness certi", "endpoint": "/api/v1/nodes/faa-part-21-certification.json" }, { "id": "fair-trade-tourism", "title": "Fair Trade Tourism Audit", "category": "Food & Hospitality", "bluf": "Fair Trade Tourism Audit evaluates an entity's operational alignment with established international standards for ethical and sustainable tourism. The protocol mandates strict adherence to core labor practices, demanding verifiable minimum_wage_compliance and an absolute prohibition on child labor, ", "endpoint": "/api/v1/nodes/fair-trade-tourism.json" }, { "id": "fatca-iga-compliance", "title": "FATCA IGA (Tax Compliance)", "category": "Banking & Global Finance", "bluf": "The Foreign Account Tax Compliance Act (FATCA) is a U.S. federal law requiring foreign financial institutions (FFIs) to report the assets of U.S. account holders. The legislation is primarily implemented through Intergovernmental Agreements (IGAs) (Model 1 & Model 2), which provide a legal framework", "endpoint": "/api/v1/nodes/fatca-iga-compliance.json" }, { "id": "fatf-aml-agent", "title": "AI Agent Anti-Money Laundering (AML) Compliance", "category": "Banking & Global Finance", "bluf": "Autonomous agents performing financial functions are subject to the same FATF risk-based approach as traditional entities. Compliance requires 'Neural AML' – embedding real-time traceability, KYC verification, and transaction monitoring directly into the agentic workflow.", "endpoint": "/api/v1/nodes/fatf-aml-agent.json" }, { "id": "fatf-guidance-virtual-assets-vasp", "title": "UPDATED GUIDANCE FOR A RISK-BASED APPROACH VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS", "category": "Banking & Global Finance", "bluf": "In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets (VAs) and introduced definitions for 'virtual asset' and 'virtual asset service provider' (VASP). The amended FATF Rec", "endpoint": "/api/v1/nodes/fatf-guidance-virtual-assets-vasp.json" }, { "id": "fatf-pf-risk-assessment-mitigation", "title": "GUIDANCE ON PROLIFERATION FINANCING RISK ASSESSMENT AND MITIGATION", "category": "Banking & Global Finance", "bluf": "This non-binding Guidance from the Financial Action Task Force (FATF) aims to develop a common understanding of the amendments to FATF Recommendation 1, which require countries and private sector entities to identify, assess, understand, and mitigate their proliferation financing (PF) risks. In the ", "endpoint": "/api/v1/nodes/fatf-pf-risk-assessment-mitigation.json" }, { "id": "fatf-travel-rule-v2", "title": "FATF Recommendation 16 (Travel Rule)", "category": "Banking & Global Finance", "bluf": "FATF Recommendation 16, also known as the 'Travel Rule', is the global AML/CFT standard for virtual assets. It requires Virtual Asset Service Providers (VASPs) to collect and transmit originator and beneficiary information for all virtual asset transfers exceeding $1,000 to prevent money laundering ", "endpoint": "/api/v1/nodes/fatf-travel-rule-v2.json" }, { "id": "fatf-virtual-asset-redfl", "title": "FATF Virtual Asset Red Flags", "category": "Banking & Global Finance", "bluf": "The FATF Virtual Asset Red Flag Indicators (2020) provides a report to assist financial institutions and Virtual Asset Service Providers (VASPs) in identifying potential money laundering and terrorist financing activity. it categorizes indicators into transaction patterns, anonymity, and sender/reci", "endpoint": "/api/v1/nodes/fatf-virtual-asset-redfl.json" }, { "id": "fca-consumer-duty-2023", "title": "FCA Consumer Duty (2023)", "category": "Banking & Global Finance", "bluf": "The FCA Consumer Duty (PS22/9) is a major U.S.-style 'fiduciary' reform for the UK retail financial sector. It introduces a new 'Consumer Principle' (Principle 12), requiring firms to act to deliver good outcomes for retail customers, setting higher and clearer standards of consumer protection acros", "endpoint": "/api/v1/nodes/fca-consumer-duty-2023.json" }, { "id": "fcpa-anti-bribery-compliance", "title": "FCPA Anti-Bribery (US)", "category": "Legal & IP Sovereignty", "bluf": "The Foreign Corrupt Practices Act (FCPA) of 1977 is a U.S. federal law prohibiting the payment of bribes to foreign officials to assist in obtaining or retaining business. It applies to all U.S. persons, issuers, and foreign firms operating within the U.S., enforced jointly by the SEC and the Depart", "endpoint": "/api/v1/nodes/fcpa-anti-bribery-compliance.json" }, { "id": "fda-21-cfr-part-11-records", "title": "FDA 21 CFR Part 11 (Records)", "category": "Medical & Healthcare", "bluf": "FDA 21 CFR Part 11 establishes the U.S. requirements for electronic records and electronic signatures. It defines the criteria under which the FDA considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally", "endpoint": "/api/v1/nodes/fda-21-cfr-part-11-records.json" }, { "id": "fda-21-cfr-part-820-qsr", "title": "FDA 21 CFR Part 820 (QSR)", "category": "Medical & Healthcare", "bluf": "FDA 21 CFR Part 820 is the Quality System Regulation (QSR) governing the manufacture and design of medical devices in the United States. It requires medical device manufacturers to establish a quality system to ensure that their products consistently meet applicable requirements and specifications.", "endpoint": "/api/v1/nodes/fda-21-cfr-part-820-qsr.json" }, { "id": "fda-ai-ml-samd-action-plan", "title": "Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan", "category": "Medical & Healthcare", "bluf": "This Action Plan outlines the U.S. Food and Drug Administration's (FDA) multi-pronged approach to advance its oversight of Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD). Developed in response to stakeholder feedback on a 2019 discussion paper, the plan ap", "endpoint": "/api/v1/nodes/fda-ai-ml-samd-action-plan.json" }, { "id": "fda-aiml-samd-action-plan", "title": "Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD) Action Plan", "category": "Medical & Healthcare", "bluf": "This Action Plan from the U.S. Food & Drug Administration (FDA) outlines a five-part strategy to regulate Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD). Developed in response to stakeholder feedback on a 2019 discussion paper, the plan aims to ensure that", "endpoint": "/api/v1/nodes/fda-aiml-samd-action-plan.json" }, { "id": "fda-clinical-decision-support", "title": "FDA Clinical Decision Software", "category": "Medical & Healthcare", "bluf": "The FDA Guidance on Clinical Decision Support (CDS) Software (2022) provides the criteria under which software functions are NOT considered medical devices under Section 520(o)(1)(E) of the FD&C Act. It focus on ensuring that the healthcare professional (HCP) can independently review the basis for t", "endpoint": "/api/v1/nodes/fda-clinical-decision-support.json" }, { "id": "fda-cybersecurity-medical-devices-premarket", "title": "Cybersecurity in Medical Devices: Quality Management System Considerations and Content of Premarket Submissions", "category": "Medical & Healthcare", "bluf": "With the increasing integration of wireless, Internet- and network-connected capabilities, the need for robust cybersecurity controls to ensure medical device safety and effectiveness has become more important. Cybersecurity threats to the healthcare sector have become more frequent and severe, with", "endpoint": "/api/v1/nodes/fda-cybersecurity-medical-devices-premarket.json" }, { "id": "fda-electronic-source-data", "title": "Guidance for Industry Electronic Source Data in Clinical Investigations", "category": "Medical & Healthcare", "bluf": "This guidance provides recommendations to sponsors, Contract Research Organizations (CROs), clinical investigators, and others involved in the capture, review, and retention of electronic source data in FDA-regulated clinical investigations. To streamline and modernize clinical investigations, the g", "endpoint": "/api/v1/nodes/fda-electronic-source-data.json" }, { "id": "fda-food-labeling-guide", "title": "Guidance for Industry A Food Labeling Guide", "category": "Food & Hospitality", "bluf": "This guidance is a summary of the required statements that must appear on food labels under the Federal Food, Drug, and Cosmetic Act (FD&C Act) and the Fair Packaging and Labeling Act. The Food and Drug Administration (FDA) is responsible for assuring that foods sold in the United States, whether pr", "endpoint": "/api/v1/nodes/fda-food-labeling-guide.json" }, { "id": "fda-fsma-compliance", "title": "FDA Food Safety Modernization", "category": "Food & Hospitality", "bluf": "Compliance with the FDA Food Safety Modernization Act is established through the implementation of several key regulatory programs. A compliant Hazard Analysis and Risk-Based Preventive Controls food safety plan is operational under the authority of 21 CFR Part 117, developed and managed by a certif", "endpoint": "/api/v1/nodes/fda-fsma-compliance.json" }, { "id": "fda-real-world-evidence-program", "title": "FRAMEWORK FOR FDA’S REAL WORLD EVIDENCE PROGRAM", "category": "Medical & Healthcare", "bluf": "Pursuant to the 21st Century Cures Act, which added section 505F to the Federal Food, Drug, and Cosmetic Act (FD&C Act), the Food and Drug Administration (FDA) has created a framework for evaluating the potential use of real-world evidence (RWE). This framework is designed to help support the approv", "endpoint": "/api/v1/nodes/fda-real-world-evidence-program.json" }, { "id": "fda-samd-risk", "title": "FDA Software as a Medical Device (SaMD) Risk Matrix", "category": "Medical & Healthcare", "bluf": "A risk-based framework for classifying software intended for medical purposes independently of hardware, based on IMDRF categorizations and FDA safety standards.", "endpoint": "/api/v1/nodes/fda-samd-risk.json" }, { "id": "fdic-part-370-recordkeep", "title": "FDIC Part 370 (Records)", "category": "Banking & Global Finance", "bluf": "FDIC Part 370 (Recordkeeping for Timely Deposit Insurance Determination) is a critical compliance standard for large U.S. banks (over 2 million deposit accounts). it requires institutions to maintain the account records in a specific format that allows the FDIC determine the insurance the amount for", "endpoint": "/api/v1/nodes/fdic-part-370-recordkeep.json" }, { "id": "fedramp-authorization", "title": "FedRAMP — US Federal Cloud Authorization", "category": "Cybersecurity", "bluf": "The Federal Risk and Authorization Management Program (FedRAMP), established by OMB Memorandum M-11-33 (June 2011) and codified into law by the FedRAMP Authorization Act (December 2022, part of NDAA FY2023), is the US federal government's standardized approach to security assessment, authorization, ", "endpoint": "/api/v1/nodes/fedramp-authorization.json" }, { "id": "fedramp-moderate-baseline", "title": "FedRAMP Moderate (NIST)", "category": "Cloud & SaaS", "bluf": "Adherence to the FedRAMP Moderate authorization baseline ensures cloud service offerings meet the stringent security and privacy controls defined in NIST Special Publication 800-53, Revision 5, for protecting controlled unclassified information. This compliance framework mandates the implementation ", "endpoint": "/api/v1/nodes/fedramp-moderate-baseline.json" }, { "id": "finance-tax-logic", "title": "Cross-Border VAT/GST Calculation Logic", "category": "Banking & Global Finance", "bluf": "Cross-border VAT/GST calculation logic for services and intangibles operates strictly under the destination principle for business-to-consumer (B2C) supplies, aligning with Chapter 3 of the OECD International VAT/GST Guidelines and mirrored in national legislation such as Australia's Tax and Superan", "endpoint": "/api/v1/nodes/finance-tax-logic.json" }, { "id": "fincen-cvc-business-models", "title": "Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies", "category": "Crypto & Sovereign Finance", "bluf": "The Financial Crimes Enforcement Network (FinCEN) is issuing this interpretive guidance to remind persons subject to the Bank Secrecy Act (BSA) how FinCEN regulations relating to money services businesses (MSBs) apply to certain business models involving money transmission denominated in value that ", "endpoint": "/api/v1/nodes/fincen-cvc-business-models.json" }, { "id": "finra-3110-supervision", "title": "FINRA Rule 3110 (Supervision)", "category": "Banking & Global Finance", "bluf": "FINRA Rule 3110 is the foundational U.S. standard for the supervision of the registered representatives and the offices of broker-dealers. it requires firms to establish and maintain a system of the supervisory procedures (WSPs) to ensure the compliance with the applicable securities laws and the FI", "endpoint": "/api/v1/nodes/finra-3110-supervision.json" }, { "id": "finra-cybersecurity-practices-2018", "title": "Report on Selected Cybersecurity Practices – 2018", "category": "Operations & CX", "bluf": "This report continues FINRA’s efforts to share information that can help broker-dealer firms further develop their cybersecurity programs. Firms routinely identify cybersecurity as one of their primary operational risks, and this report presents FINRA’s observations regarding effective practices tha", "endpoint": "/api/v1/nodes/finra-cybersecurity-practices-2018.json" }, { "id": "fips-140-3-cryptographic-modules", "title": "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES", "category": "Aviation Defense & Quantum", "bluf": "This standard specifies the security requirements for a cryptographic module utilized within a security system protecting sensitive but unclassified information. It is applicable to all federal agencies that use cryptographic-based security systems and shall be used in designing and implementing cry", "endpoint": "/api/v1/nodes/fips-140-3-cryptographic-modules.json" }, { "id": "fips-197-advanced-encryption-standard", "title": "Advanced Encryption Standard (AES)", "category": "Cybersecurity", "bluf": "The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) digital information. The standard specifies three members of the Rijn", "endpoint": "/api/v1/nodes/fips-197-advanced-encryption-standard.json" }, { "id": "fips-199-security-categorization", "title": "Standards for Security Categorization of Federal Information and Information Systems", "category": "Cybersecurity", "bluf": "FIPS Publication 199 establishes standards for categorizing federal information and information systems to provide a common framework for expressing security. The categorization is based on the objectives of providing appropriate levels of information security according to a range of risk levels. Th", "endpoint": "/api/v1/nodes/fips-199-security-categorization.json" }, { "id": "fips-200-minimum-security-requirements", "title": "Minimum Security Requirements for Federal Information and Information Systems", "category": "Cybersecurity", "bluf": "This standard, mandated by the Federal Information Security Management Act (FISMA) of 2002, specifies minimum security requirements for information and information systems supporting the executive agencies of the federal government. It is applicable to all federal information and information systems", "endpoint": "/api/v1/nodes/fips-200-minimum-security-requirements.json" }, { "id": "fips-201-3-piv-federal-employees", "title": "Personal Identity Verification (PIV) of Federal Employees and Contractors", "category": "Cybersecurity", "bluf": "This document establishes a standard for a Personal Identity Verification (PIV) system that meets the control and security objectives of Homeland Security Presidential Directive-12 (HSPD-12). It is based on secure and reliable forms of identity credentials issued by the Federal Government to its emp", "endpoint": "/api/v1/nodes/fips-201-3-piv-federal-employees.json" }, { "id": "fips-202-sha-3-standard", "title": "SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions", "category": "Aviation Defense & Quantum", "bluf": "This Standard specifies the Secure Hash Algorithm-3 (SHA-3) family of functions on binary data, based on the KECCAK algorithm selected by NIST. The SHA-3 family consists of four cryptographic hash functions (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) and two extendable-output functions or XOFs (SHA", "endpoint": "/api/v1/nodes/fips-202-sha-3-standard.json" }, { "id": "fips-203-ml-kem-quantum", "title": "FIPS 203 (ML-KEM Quantum)", "category": "Aviation, Defense & Quantum", "bluf": "FIPS 203 (Module-Lattice-Based Key-Encapsulation Mechanism) is the final NIST standard for quantum-resistant key encapsulation. Based on the CRYSTALS-Kyber algorithm, it is designed to protect sensitive information from future decryption by large-scale quantum computers, providing the foundational l", "endpoint": "/api/v1/nodes/fips-203-ml-kem-quantum.json" }, { "id": "fips-203-ml-kem-standard", "title": "Module-Lattice-Based Key-Encapsulation Mechanism Standard", "category": "Aviation Defense & Quantum", "bluf": "This standard specifies a key-encapsulation mechanism (KEM) called ML-KEM, which is a set of algorithms that can be used by two parties to establish a shared secret key over a public channel. The security of ML-KEM is related to the computational difficulty of the Module Learning with Errors problem", "endpoint": "/api/v1/nodes/fips-203-ml-kem-standard.json" }, { "id": "fips-203-quantum-kem", "title": "Post-Quantum Cryptography (FIPS 203)", "category": "Cybersecurity", "bluf": "National standards for the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), ensuring security in the era of Cryptographically Relevant Quantum Computers (CRQC).", "endpoint": "/api/v1/nodes/fips-203-quantum-kem.json" }, { "id": "fips-204-digital-signature-standard", "title": "Module-Lattice-Based Digital Signature Standard", "category": "Aviation Defense & Quantum", "bluf": "This standard specifies ML-DSA, a set of algorithms that can be used to generate and verify digital signatures. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. ML-DSA is a lattice-based digital signature algorithm believed t", "endpoint": "/api/v1/nodes/fips-204-digital-signature-standard.json" }, { "id": "fips-204-ml-dsa-quantum", "title": "FIPS 204 (ML-DSA Quantum)", "category": "Aviation, Defense & Quantum", "bluf": "FIPS 204 (Module-Lattice-Based Digital Signature Algorithm) is the final NIST standard for quantum-resistant digital signatures. Based on the CRYSTALS-Dilithium algorithm, it is designed to ensure authenticity and non-repudiation in a post-quantum world, replacing or augmenting RSA and ECDSA signatu", "endpoint": "/api/v1/nodes/fips-204-ml-dsa-quantum.json" }, { "id": "fips-204-ml-dsa-standard", "title": "Module-Lattice-Based Digital Signature Standard", "category": "Aviation Defense & Quantum", "bluf": "This standard specifies ML-DSA, a set of algorithms that can be used to generate and verify digital signatures which are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. ML-DSA is a lattice-based digital signature algorithm believed to be secure, e", "endpoint": "/api/v1/nodes/fips-204-ml-dsa-standard.json" }, { "id": "fips-204-quantum-dsa", "title": "Post-Quantum DSA (FIPS 204)", "category": "Cybersecurity", "bluf": "Compliance with Federal Information Processing Standard 204 mandates a strict implementation of the Module-Lattice-Based Digital Signature Algorithm (ML-DSA). Systems must exclusively employ one of the three standardized parameter sets—ML-DSA-44, ML-DSA-65, or ML-DSA-87—and satisfy a minimum securit", "endpoint": "/api/v1/nodes/fips-204-quantum-dsa.json" }, { "id": "fips-205-quantum-sphincs", "title": "Quantum SPHINCS+ (FIPS 205)", "category": "Cybersecurity", "bluf": "Compliance with Federal Information Processing Standard 205 is affirmed through the correct implementation of the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA). The system utilizes a cryptographic module formally validated for FIPS 205 compliance, employing a NIST-approved parameter set", "endpoint": "/api/v1/nodes/fips-205-quantum-sphincs.json" }, { "id": "fips-205-slh-dsa-quantum", "title": "FIPS 205 (SLH-DSA Quantum)", "category": "Aviation, Defense & Quantum", "bluf": "FIPS 205 (Stateless Hash-Based Digital Signature Algorithm) is a NIST-standardized quantum-resistant signature mechanism based on the SPHINCS+ construction. Unlike lattice-based schemes, it relies solely on the security of cryptographic hash functions, providing a robust backup against potential cry", "endpoint": "/api/v1/nodes/fips-205-slh-dsa-quantum.json" }, { "id": "fleet-telematic-audit", "title": "Fleet Telematics Audit Protocol", "category": "Logistics & Supply Chain", "bluf": "Fleet Telematics Audit Protocol establishes a comprehensive framework for verifying compliance with critical cybersecurity, data privacy, and operational mandates. The system enforces stringent cybersecurity controls aligned with ISO/SAE 21434, requiring that CAN bus network isolation is enabled to ", "endpoint": "/api/v1/nodes/fleet-telematic-audit.json" }, { "id": "flsa-compliance-labor", "title": "FLSA (Fair Labor)", "category": "Workplace", "bluf": "The Fair Labor Standards Act (FLSA) establishes critical nationwide standards for wages and hours, recordkeeping obligations, and youth employment. Under 29 U.S.C. § 206, covered non-exempt employees are entitled to a federal minimum wage of at least $7.25 per hour. Furthermore, 29 U.S.C. § 207 mand", "endpoint": "/api/v1/nodes/flsa-compliance-labor.json" }, { "id": "flsa-coverage", "title": "Coverage under the Fair Labor Standards Act (FLSA)", "category": "Workplace", "bluf": "The Fair Labor Standards Act (FLSA) establishes standards for minimum wage, overtime pay, recordkeeping, and child labor. This guidance, provided in Fact Sheet #14, explains the coverage of the FLSA, detailing which employers and employees are covered by the law. Coverage can be established on an en", "endpoint": "/api/v1/nodes/flsa-coverage.json" }, { "id": "fmla-compliance-leave", "title": "FMLA (Family Leave)", "category": "Workplace", "bluf": "The Family and Medical Leave Act mandates that covered employers provide eligible employees with job-protected, unpaid leave for specified family and medical reasons. A covered employer under 29 U.S.C. § 2611 is one employing 50 or more individuals. To qualify as an \"eligible employee\" pursuant to 2", "endpoint": "/api/v1/nodes/fmla-compliance-leave.json" }, { "id": "food-allergen-label-law", "title": "Food Allergen Labeling Law", "category": "Food & Hospitality", "bluf": "Regulatory frameworks governing food allergen labeling establish non-negotiable compliance obligations for manufacturers. The primary U.S. authority, the Food Allergen Labeling and Consumer Protection Act of 2004 (FALCPA), as amended by the FASTER Act of 2021, mandates explicit declaration of nine m", "endpoint": "/api/v1/nodes/food-allergen-label-law.json" }, { "id": "frb-sr-21-19-counterparty-credit-risk", "title": "The Federal Reserve reminds firms of safe and sound practices for counterparty credit risk management in light of the Archegos Capital Management default", "category": "Banking & Global Finance", "bluf": "In light of the Archegos Capital Management default, which caused over $10 billion in losses across several large banks, the Federal Reserve is issuing guidance to remind firms of supervisory expectations for counterparty credit risk management. This letter is intended for use by banking organizatio", "endpoint": "/api/v1/nodes/frb-sr-21-19-counterparty-credit-risk.json" }, { "id": "freight-forwarder-fiata", "title": "Freight Forwarding Ethics (FIATA)", "category": "Logistics & Supply Chain", "bluf": "Freight forwarding operations must exhibit strict adherence to a comprehensive ethical framework grounded in international standards. All engagements mandate `requires_fiata_standard_documents`, with the legal basis for the FIATA FBL established by the UNCTAD/ICC Rules for Multimodal Transport Docum", "endpoint": "/api/v1/nodes/freight-forwarder-fiata.json" }, { "id": "fsb-key-attributes-res", "title": "FSB Key Attributes (Resolution)", "category": "Banking & Global Finance", "bluf": "The FSB Key Attributes of Effective Resolution Regimes for Financial Institutions are the international standards for the orderly resolution of failing systemically important financial institutions (SIFIs). it provides the mandatory powers and tools for national authorities to resolve banks without ", "endpoint": "/api/v1/nodes/fsb-key-attributes-res.json" }, { "id": "fsb-tcfd-banking-disc", "title": "FSB TCFD (Banking)", "category": "Banking & Global Finance", "bluf": "The TCFD (Task Force on Climate-related Financial Disclosures) Banking Sector Disclosures provide a specific framework for banks to report on the financial implications of the climate change. it requires detailed transparency on how banks identify, assess, and manage the 'Physical' and 'Transition' ", "endpoint": "/api/v1/nodes/fsb-tcfd-banking-disc.json" }, { "id": "fsc-chain-of-custody", "title": "FSC Chain of Custody (STD-40-004)", "category": "Sustainability & ESG", "bluf": "Compliance with the Forest Stewardship Council's standard for Chain of Custody Certification, FSC-STD-40-004 V3-1, necessitates a verifiable control system for tracking certified materials throughout production and trade. Organizations must implement a `management_system_documented` in full, encompa", "endpoint": "/api/v1/nodes/fsc-chain-of-custody.json" }, { "id": "fssc-22000-food-pack", "title": "FSSC 22000 (Food Packaging)", "category": "Food & Hospitality", "bluf": "FSSC 22000 certification for food packaging manufacturers establishes a comprehensive framework for food safety management, recognized by the Global Food Safety Initiative. Compliance necessitates an organization's full implementation and certification of a Food Safety Management System (FSMS) accor", "endpoint": "/api/v1/nodes/fssc-22000-food-pack.json" }, { "id": "ftc-digital-advertising-disclosures", "title": "How to Make Effective Disclosures in Digital Advertising", "category": "Sales Marketing & PR", "bluf": "The general principles of advertising law apply online, and this guidance addresses how businesses can develop ads for online media in compliance with the law. The same consumer protection laws applicable to other media apply online, including the mobile marketplace. The FTC Act’s prohibition on “un", "endpoint": "/api/v1/nodes/ftc-digital-advertising-disclosures.json" }, { "id": "ftc-endorsement-guides", "title": "FTC (Endorsement Guides)", "category": "Sales, Marketing & PR", "bluf": "An evaluation of this endorsement content reveals a significant compliance failure under Federal Trade Commission authority, as established by Section 5(a) of the FTC Act, which prohibits unfair or deceptive practices. Pursuant to 16 CFR § 255.5, the existing material connection between the endorser", "endpoint": "/api/v1/nodes/ftc-endorsement-guides.json" }, { "id": "ftc-facing-facts-facial-recognition", "title": "Facing Facts: Best Practices For Common Uses of Facial Recognition Technologies", "category": "Legal & IP Sovereignty", "bluf": "In October 2012, the Federal Trade Commission's Bureau of Consumer Protection issued a staff report titled 'Facing Facts: Best Practices For Common Uses of Facial Recognition Technologies.' This report establishes recommended best practices for companies that use facial recognition technologies to p", "endpoint": "/api/v1/nodes/ftc-facing-facts-facial-recognition.json" }, { "id": "fundamental-review-of-the-trading-book", "title": "Fundamental review of the trading book", "category": "Banking & Global Finance", "bluf": "This consultative document presents the initial policy proposals emerging from the Basel Committee’s fundamental review of trading book capital requirements, intended to strengthen capital standards for market risk and contribute to a more resilient banking sector. The review was initiated because t", "endpoint": "/api/v1/nodes/fundamental-review-of-the-trading-book.json" }, { "id": "gaap-us-framework", "title": "US GAAP Framework", "category": "Legal & IP Sovereignty", "bluf": "United States Generally Accepted Accounting Principles establish the definitive standards for financial accounting and reporting as promulgated by the Financial Accounting Standards Board. This framework mandates a systematic evaluation of an entity's adherence to core tenets through a series of qua", "endpoint": "/api/v1/nodes/gaap-us-framework.json" }, { "id": "gdpr-art-21-marketing-optout", "title": "GDPR Art 21 (Opt-out)", "category": "Sales, Marketing & PR", "bluf": "GDPR Article 21 grants data subjects an absolute right to object to the processing of their personal data for direct marketing purposes. When a `data_subject_objected` flag is triggered within a context where `is_direct_marketing_context` is true, which explicitly includes instances of `is_profiling", "endpoint": "/api/v1/nodes/gdpr-art-21-marketing-optout.json" }, { "id": "gdpr-data-protection-officer", "title": "GDPR DPO Requirements", "category": "Legal & IP Sovereignty", "bluf": "The EU GDPR (General Data Protection Regulation) requires certain organizations to designate a Data Protection Officer (DPO) (Article 37). The DPO acts as an independent compliance champion, advising the organization on its data protection obligations and serving as a contact point for data subjects", "endpoint": "/api/v1/nodes/gdpr-data-protection-officer.json" }, { "id": "gdpr-health-data-compliance", "title": "GDPR Health Data (EU)", "category": "Medical & Healthcare", "bluf": "The EU GDPR 2016/679 (General Data Protection Regulation) classifies health data as a 'special category' of personal data. Article 9 generally prohibits the processing of such data unless a specific legal exemption is met, necessitating a high level of security and stricter compliance requirements c", "endpoint": "/api/v1/nodes/gdpr-health-data-compliance.json" }, { "id": "gdpr-health-data", "title": "GDPR: Health Data (Art. 9)", "category": "Medical & Healthcare", "bluf": "GDPR Article 9 establishes a general prohibition on processing special categories of personal data, with 'data concerning health' (including mental health, genetic data, and biometric data used for identification) receiving the highest level of protection. Processing is only permitted under ten exha", "endpoint": "/api/v1/nodes/gdpr-health-data.json" }, { "id": "gdpr-hospitality-nuance", "title": "GDPR (Hospitality Specifics)", "category": "Food & Hospitality", "bluf": "Significant compliance deficiencies exist regarding the lawful basis for processing personal data within a hospitality context. Current configuration confirms `guest_consent_marketing_obtained` is false, violating GDPR Article 6(1)(a) requirements for consent in marketing communications, a gap mirro", "endpoint": "/api/v1/nodes/gdpr-hospitality-nuance.json" }, { "id": "gfsi-benchmarking", "title": "GFSI Benchmarking Requirements", "category": "Food & Hospitality", "bluf": "Global Food Safety Initiative (GFSI) Benchmarking Requirements Version 2020.1 mandates a comprehensive framework for food safety, ensuring organisations implement and maintain a robust Food Safety Management System (FSMS). Compliance necessitates that all FSMS documentation is approved, with a fully", "endpoint": "/api/v1/nodes/gfsi-benchmarking.json" }, { "id": "gfsr-crypto-financial-stability-challenges", "title": "Global Financial Stability Report, October 2021: COVID-19, Crypto, and Climate", "category": "Crypto & Sovereign Finance", "bluf": "This report assesses global financial stability, noting that while risks have been contained due to ongoing policy support and economic rebound, vulnerabilities remain elevated in several sectors. Optimism has faded due to concerns about the strength of the global recovery, supply chain disruptions,", "endpoint": "/api/v1/nodes/gfsr-crypto-financial-stability-challenges.json" }, { "id": "ghg-protocol-scope3", "title": "GHG Scope 3 Accounting Strategy", "category": "Sustainability & ESG", "bluf": "Standardized methodology for measuring and reporting greenhouse gas emissions across the entire corporate value chain (Categories 1–15), accounting for 70–90% of total enterprise footprint.", "endpoint": "/api/v1/nodes/ghg-protocol-scope3.json" }, { "id": "gips-investment-perf-std", "title": "GIPS (Investment Perf)", "category": "Workplace", "bluf": "Asserting compliance with the Global Investment Performance Standards (GIPS) signifies a firm-wide commitment to fair representation and full disclosure of investment performance, a claim this node validates as true. Adherence requires firms to maintain rigorously documented composite definitions, a", "endpoint": "/api/v1/nodes/gips-investment-perf-std.json" }, { "id": "global-alliance-pr-ethics", "title": "Global Alliance (PR Ethics)", "category": "Sales, Marketing & PR", "bluf": "Operational adherence to this node's framework necessitates stringent compliance with the Global Alliance Code of Ethics, beginning with the foundational directive of Working in the public interest and creating societal value. Systemic verification, confirming public_interest_alignment_verified is t", "endpoint": "/api/v1/nodes/global-alliance-pr-ethics.json" }, { "id": "gold-standard-carbon", "title": "Gold Standard Carbon Credits", "category": "Sustainability & ESG", "bluf": "Compliance with this node ensures carbon credits adhere to the rigorous Gold Standard for the Global Goals framework. Project validation requires that `project_additionality_verified` is true, demonstrating emission reductions beyond a business-as-usual scenario as guided by the UNFCCC Clean Develop", "endpoint": "/api/v1/nodes/gold-standard-carbon.json" }, { "id": "good-machine-learning-practice-medical-devices", "title": "Good Machine Learning Practice for Medical Device Development: Guiding Principles", "category": "Medical & Healthcare", "bluf": "The U.S. Food and Drug Administration (FDA), Health Canada, and the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) have jointly identified 10 guiding principles that can inform the development of Good Machine Learning Practice (GMLP). These principles aim to promote safe", "endpoint": "/api/v1/nodes/good-machine-learning-practice-medical-devices.json" }, { "id": "google-ads-data-proc-terms", "title": "Google Ads (Data Terms)", "category": "Sales, Marketing & PR", "bluf": "Adherence to Google Ads data terms necessitates a stringent controller-processor framework, formalized through an electronically signed Data Processing Agreement that reflects the processor obligations under GDPR Article 28. Consent acquisition must be managed via the required implementation of Cons", "endpoint": "/api/v1/nodes/google-ads-data-proc-terms.json" }, { "id": "green-key-tourism-eco", "title": "Green Key Eco-Rating", "category": "Food & Hospitality", "bluf": "Compliance with the Green Key Eco-Rating standard requires adherence to stringent environmental management and operational benchmarks, harmonized with recognized frameworks like the Global Sustainable Tourism Council Industry Criteria. The node validates implementation of an environmental management", "endpoint": "/api/v1/nodes/green-key-tourism-eco.json" }, { "id": "gri-1-foundation", "title": "GRI 1: Foundation (2021)", "category": "Sustainability & ESG", "bluf": "GRI 1: Foundation 2021 is the core standard in the Global Reporting Initiative (GRI) framework that establishes the foundational concepts, principles, and requirements organizations must follow when reporting on their environmental, social, and governance (ESG) impacts. GRI 1 introduces the concept ", "endpoint": "/api/v1/nodes/gri-1-foundation.json" }, { "id": "gri-universal-standards", "title": "GRI Universal Standards", "category": "Sustainability & ESG", "bluf": "The Global Reporting Initiative (GRI) Universal Standards 2021 are the global baseline for modular sustainability reporting. They cover impact materiality—how an organization impacts the economy, environment, and people—ensuring consistent, high-quality disclosure for stakeholders and communities.", "endpoint": "/api/v1/nodes/gri-universal-standards.json" }, { "id": "grid-code-entsoe", "title": "ENTSO-E Grid Code Compliance", "category": "Sustainability & ESG", "bluf": "Entities connecting to the European interconnected grid must demonstrate rigorous adherence to harmonized technical and security standards. This compliance framework, principally defined by Commission Regulation (EU) 2016/631 on requirements for grid connection of generators, mandates stringent oper", "endpoint": "/api/v1/nodes/grid-code-entsoe.json" }, { "id": "gs1-epcis-transparency", "title": "GS1 EPCIS: Supply Chain Visibility", "category": "Logistics & Supply Chain", "bluf": "Compliance with global supply chain visibility mandates requires strict adherence to standardized data exchange protocols and security controls. This node enforces alignment with the GS1 EPC Information Services (EPCIS) Standard, Release 2.0, also codified as ISO/IEC 19987:2017, which forms the tech", "endpoint": "/api/v1/nodes/gs1-epcis-transparency.json" }, { "id": "gstc-tourism-criteria", "title": "GSTC Sustainability Criteria", "category": "Food & Hospitality", "bluf": "Compliance with the Global Sustainable Tourism Council (GSTC) framework necessitates a comprehensive approach to operational sustainability, integrating key principles from international agreements. This node validates the implementation of an active sustainable management system (has_sustainable_ma", "endpoint": "/api/v1/nodes/gstc-tourism-criteria.json" }, { "id": "guidance-on-model-risk-management", "title": "Guidance on Model Risk Management", "category": "Banking & Global Finance", "bluf": "This supervisory guidance, issued by the Federal Reserve and the Office of the Comptroller of the Currency (OCC), is intended for use by banking organizations and supervisors to assess the management of model risk. It applies to all banking organizations supervised by the Federal Reserve, taking int", "endpoint": "/api/v1/nodes/guidance-on-model-risk-management.json" }, { "id": "guide-computer-security-log-management", "title": "Guide to Computer Security Log Management", "category": "Cybersecurity", "bluf": "A log is a record of the events occurring within an organization’s systems and networks. Logs are composed of log entries; each entry contains information related to a specific event that has occurred within a system or network. This document provides guidance on computer security log management—the", "endpoint": "/api/v1/nodes/guide-computer-security-log-management.json" }, { "id": "guide-developing-security-plans-federal-information-systems", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection, which must be documented in a system security plan as required by OMB Circular A-130 and the Federal Information Security Man", "endpoint": "/api/v1/nodes/guide-developing-security-plans-federal-information-systems.json" }, { "id": "guide-developing-security-plans-federal-systems", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources, as all federal systems have some level of sensitivity and require protection. The protection of a system must be documented in a system security plan, a requirement of the Office of Management and Bud", "endpoint": "/api/v1/nodes/guide-developing-security-plans-federal-systems.json" }, { "id": "guide-developing-security-plans-federal", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. This guidance is a requirement of the Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act (FISMA). All federal systems have some level of sensitivi", "endpoint": "/api/v1/nodes/guide-developing-security-plans-federal.json" }, { "id": "guide-developing-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. The protection of a system must be documented in a system security plan, a requirement of the Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act (", "endpoint": "/api/v1/nodes/guide-developing-security-plans.json" }, { "id": "guide-for-developing-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. The protection of a system must be documented in a system security plan, a requirement of the Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act (", "endpoint": "/api/v1/nodes/guide-for-developing-security-plans.json" }, { "id": "guide-mapping-information-types-security", "title": "Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories", "category": "Cybersecurity", "bluf": "This guideline has been developed to assist Federal government agencies to categorize information and information systems. The guideline’s objective is to facilitate application of appropriate levels of information security according to a range of levels of impact or consequences that might result f", "endpoint": "/api/v1/nodes/guide-mapping-information-types-security.json" }, { "id": "guide-telework-remote-access-byod", "title": "Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security", "category": "Cybersecurity", "bluf": "For many organizations, their employees, contractors, business partners, vendors, and other users utilize enterprise telework technologies to perform work from external locations, using remote access technologies to interface with an organization’s non-public computing resources. The nature of telew", "endpoint": "/api/v1/nodes/guide-telework-remote-access-byod.json" }, { "id": "guide-to-storage-encryption-technologies", "title": "Guide to Storage Encryption Technologies for End User Devices", "category": "Cybersecurity", "bluf": "This publication assists organizations in understanding, planning, implementing, and maintaining storage encryption technologies for end user devices, including personal computers, consumer devices like smart phones, and removable storage media. It addresses threats to information confidentiality su", "endpoint": "/api/v1/nodes/guide-to-storage-encryption-technologies.json" }, { "id": "guidelines-securing-wireless-local-area-networks", "title": "Guidelines for Securing Wireless Local Area Networks (WLANs)", "category": "Cybersecurity", "bluf": "A wireless local area network (WLAN) is a group of wireless networking devices within a limited geographic area that exchange data through radio communications, based on the IEEE 802.11 standard. The security of each WLAN is heavily dependent on how well each WLAN component—including client devices,", "endpoint": "/api/v1/nodes/guidelines-securing-wireless-local-area-networks.json" }, { "id": "gxp-clinical-practice", "title": "Good Clinical Practice (GCP)", "category": "Medical & Healthcare", "bluf": "Good Clinical Practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording, and reporting trials that involve human subjects. Based on the ICH E6(R2) guideline, compliance provides public assurance that the rights, safety, and well-being of trial su", "endpoint": "/api/v1/nodes/gxp-clinical-practice.json" }, { "id": "gxp-mfg-practice", "title": "Good Mfg Practice (GMP)", "category": "Medical & Healthcare", "bluf": "Good Manufacturing Practice (GMP) (21 CFR Parts 210 and 211) is the primary U.S. and global standard for ensuring that pharmaceutical and medical device products are consistently produced and controlled according to high-quality standards. it is designed to minimize the risks involved in production ", "endpoint": "/api/v1/nodes/gxp-mfg-practice.json" }, { "id": "haccp-food-safety", "title": "HACCP (Food Safety)", "category": "Food & Hospitality", "bluf": "Compliance with Hazard Analysis and Critical Control Point (HACCP) systems mandates a systematic, science-based approach to food safety management, aligning with global standards like Codex Alimentarius CXC 1-1969 and specific regulatory frameworks such as the EU's Regulation (EC) No 852/2004. This ", "endpoint": "/api/v1/nodes/haccp-food-safety.json" }, { "id": "hague-system-designs", "title": "Hague System (Designs)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the Hague System for international design registration necessitates strict adherence to the Geneva Act of the Hague Agreement (1999), mandating the filing of a WIPO international application. Entitlement to file, as stipulated by Article 3, requires an applicant maintain a genuine co", "endpoint": "/api/v1/nodes/hague-system-designs.json" }, { "id": "hague-visby-rules", "title": "Hague-Visby Rules", "category": "Logistics & Supply Chain", "bluf": "The Hague-Visby Rules are a set of international rules for the carriage of goods by sea. They define the rights and duties of the carrier and holder of a bill of lading, particularly regarding the liability for loss or damage to goods. They updating the original 1924 Hague Rules and are widely adopt", "endpoint": "/api/v1/nodes/hague-visby-rules.json" }, { "id": "hcll-hospitality-licensing", "title": "Hospitality Liquor Licensing", "category": "Food & Hospitality", "bluf": "Compliance within this domain mandates adherence to stringent federal, state, and international alcohol service regulations. A foundational requirement is maintaining a valid_liquor_license_active status per Title 27 CFR Part 1 of the Federal Alcohol Administration Act, supported by an active liabil", "endpoint": "/api/v1/nodes/hcll-hospitality-licensing.json" }, { "id": "hipaa-breach-notification", "title": "HIPAA Breach Notification Rule", "category": "Medical & Healthcare", "bluf": "A breach of unsecured protected health information, as defined under 45 CFR § 164.402, has been confirmed following a risk assessment that did not demonstrate a low probability of compromise. Given this event affects 500 individuals, immediate and specific notification obligations are triggered for ", "endpoint": "/api/v1/nodes/hipaa-breach-notification.json" }, { "id": "hipaa-privacy-rule", "title": "HIPAA Privacy Rule", "category": "Medical & Healthcare", "bluf": "The HIPAA Privacy Rule establishes national standards governing the use and disclosure of protected health information (PHI) by covered entities and their business associates. General rules articulated within 45 CFR § 164.502 mandate the implementation of appropriate safeguards and require formal bu", "endpoint": "/api/v1/nodes/hipaa-privacy-rule.json" }, { "id": "hipaa-security-rule", "title": "HIPAA Security Rule", "category": "Medical & Healthcare", "bluf": "The HIPAA Security Rule (45 CFR Part 160 and Part 164) establishes U.S. national standards for the protection of Electronic Protected Health Information (ePHI). It focuses on ensure the confidentiality, integrity, and availability of ePHI through three pillars: Administrative, Physical, and Technica", "endpoint": "/api/v1/nodes/hipaa-security-rule.json" }, { "id": "hkma-tm-g-1-tech-risk", "title": "HKMA TM-G-1 (Tech Risk)", "category": "Banking & Global Finance", "bluf": "HKMA TM-G-1 (General Principles for Technology Risk Management) is a Supervisory Policy Manual (SPM) issued by the Hong Kong Monetary Authority. it provides minimum standards for the management of the technology risks that institutions face, specifically covering the oversight of the e-banking, the ", "endpoint": "/api/v1/nodes/hkma-tm-g-1-tech-risk.json" }, { "id": "hl7-fhir-interop", "title": "HL7 FHIR Interoperability (Release 4)", "category": "Medical & Healthcare", "bluf": "Standardized RESTful API architecture for electronic health information exchange, using modular Resources to enable computable healthcare data across disparate systems.", "endpoint": "/api/v1/nodes/hl7-fhir-interop.json" }, { "id": "hl7-fhir-v4-interop", "title": "HL7 FHIR v4 (Interoperability)", "category": "Medical & Healthcare", "bluf": "HL7 FHIR (Fast Healthcare Interoperability Resources) Release 4 is the global standard for electronic healthcare data exchange. It defines a set of 'Resources' that represent granular clinical and administrative data, accessible via a RESTful API to enable seamless interoperability between EHRs, mob", "endpoint": "/api/v1/nodes/hl7-fhir-v4-interop.json" }, { "id": "hotel-stars-union-crit", "title": "Hotelstars Union Criteria", "category": "Food & Hospitality", "bluf": "Compliance with Hotelstars Union (HSU) Classification Criteria for the 2020-2025 period mandates adherence to a harmonized set of operational, digital, and quality management standards across member countries. Establishments must achieve a minimum point threshold, starting from 90 points for one-sta", "endpoint": "/api/v1/nodes/hotel-stars-union-crit.json" }, { "id": "hotsec-hotel-security", "title": "HOTSEC Hotel Security Logic", "category": "Food & Hospitality", "bluf": "HOTSEC Hotel Security Logic enforces a comprehensive security posture for hospitality environments by integrating critical controls from leading standards and regulations. In alignment with NIST SP 800-153 guidelines, network segmentation is mandated, requiring that guest WiFi be logically isolated ", "endpoint": "/api/v1/nodes/hotsec-hotel-security.json" }, { "id": "hsn-cybersecurity-framework-profile", "title": "Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)", "category": "Cybersecurity", "bluf": "The objective of this Cybersecurity Profile is to identify an approach to assess the cybersecurity posture of Hybrid Satellite Networks (HSN) that provide services such as satellite-based systems for communications, position, navigation, and timing (PNT), remote sensing, weather monitoring, and imag", "endpoint": "/api/v1/nodes/hsn-cybersecurity-framework-profile.json" }, { "id": "hydrogen-safety-iso", "title": "Hydrogen Safety (ISO 22734)", "category": "Sustainability & ESG", "bluf": "Adherence to ISO 22734:2019 establishes a comprehensive safety and operational framework for hydrogen generators utilizing water electrolysis. This regimen necessitates stringent control over process variables, including a hydrogen concentration alarm limit not exceeding 4000 ppm and a maximum permi", "endpoint": "/api/v1/nodes/hydrogen-safety-iso.json" }, { "id": "iaasb-isqm-1-quality", "title": "Audit Quality (ISQM 1)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with International Standard on Quality Management 1 requires the establishment and operation of a comprehensive System of Quality Management (SOQM). Central to this framework is governance and leadership, mandating that ultimate responsibility and accountability for the SOQM are explicitl", "endpoint": "/api/v1/nodes/iaasb-isqm-1-quality.json" }, { "id": "iab-ads-txt-authorization", "title": "IAB Ads.txt (Auth)", "category": "Sales, Marketing & PR", "bluf": "Compliance with the IAB Tech Lab's Ads.txt Specification Version 1.1 is a mandatory control under the Trustworthy Accountability Group's Certified Against Fraud Guidelines. The BIDDA platform enforces strict validation, requiring the file's location exclusively at the domain root path per Uniform Re", "endpoint": "/api/v1/nodes/iab-ads-txt-authorization.json" }, { "id": "iab-mraid-mobile-ads", "title": "IAB MRAID (Mobile Ads)", "category": "Sales, Marketing & PR", "bluf": "Compliance with this node mandates strict adherence to the IAB Mobile Rich Media Ad Interface Definition (MRAID) v3.0 specification and pertinent data privacy regulations. All ad creatives must support a `min_mraid_version_supported` of 3.0 and complete the `mraid_ready_timeout_ms` within 5000 milli", "endpoint": "/api/v1/nodes/iab-mraid-mobile-ads.json" }, { "id": "iab-openrtb-standard", "title": "IAB OpenRTB", "category": "Sales, Marketing & PR", "bluf": "Enforcement of the IAB OpenRTB protocol ensures rigorous adherence to technical specifications and global privacy regulations. This configuration mandates compliance with key structural elements from the OpenRTB API Specification Version 2.5, requiring that every bid request contain a unique identif", "endpoint": "/api/v1/nodes/iab-openrtb-standard.json" }, { "id": "iab-sellers-json-standard", "title": "IAB Sellers.json", "category": "Sales, Marketing & PR", "bluf": "Adherence to the IAB Tech Lab Sellers.json Final Specification v1.0 is a critical mechanism for promoting transparency and combating fraud within the programmatic advertising ecosystem, a concern underscored by the Association of National Advertisers' Programmatic Media Supply Chain Transparency Stu", "endpoint": "/api/v1/nodes/iab-sellers-json-standard.json" }, { "id": "iab-simid-interactive-ads", "title": "IAB SIMID (Interactive)", "category": "Sales, Marketing & PR", "bluf": "Configuration within this compliance node mandates rigorous security controls for interactive advertisements employing the IAB's Secure Interactive Media Interface Definition (SIMID), with a `minimum_simid_version` of 1. Pursuant to IAB Tech Lab guidance on the SIMID protocol, all communication betw", "endpoint": "/api/v1/nodes/iab-simid-interactive-ads.json" }, { "id": "iab-tcf-v2-2-consent", "title": "IAB TCF v2.2 (Consent)", "category": "Sales, Marketing & PR", "bluf": "Compliance with IAB Europe's Transparency and Consent Framework v2.2 is enforced according to its governing TCF Policy Version 4, establishing a valid legal basis for data processing pursuant to General Data Protection Regulation Article 6(1)(a) and ePrivacy Directive Article 5(3). This configuratio", "endpoint": "/api/v1/nodes/iab-tcf-v2-2-consent.json" }, { "id": "iab-vast-video-ads", "title": "IAB VAST (Video Ads)", "category": "Sales, Marketing & PR", "bluf": "This configuration establishes rigorous compliance standards for digital video advertising by mandating strict adherence to the IAB Tech Lab's VAST 4.3 specification. It requires every creative to contain a `UniversalAdId` for unique tracking and expressly disallows the obsolete VPAID architecture, ", "endpoint": "/api/v1/nodes/iab-vast-video-ads.json" }, { "id": "iata-dangerous-goods", "title": "IATA Dangerous Goods Regulations (DGR)", "category": "Logistics & Supply Chain", "bluf": "Assessment against the International Air Transport Association Dangerous Goods Regulations (DGR) confirms the consignment's adherence to standards derived from ICAO Annex 18. Compliance is predicated on personnel holding valid certification under the competency-based training and assessment approach", "endpoint": "/api/v1/nodes/iata-dangerous-goods.json" }, { "id": "iata-passenger-svcs", "title": "IATA Passenger Service (Reso)", "category": "Food & Hospitality", "bluf": "Compliance with International Air Transport Association (IATA) passenger service resolutions is mandated to ensure operational uniformity and data integrity across the global air transport system. This framework requires mandatory electronic ticketing for all carriers, a principle reinforced by Reso", "endpoint": "/api/v1/nodes/iata-passenger-svcs.json" }, { "id": "icao-annex-17-security", "title": "ICAO Annex 17: Aviation Security", "category": "Logistics & Supply Chain", "bluf": "Compliance with ICAO Annex 17 mandates each Contracting State establish a National Civil Aviation Security Programme (NCASP) managed by an appropriate authority, consistent with Standard 3.1.1. The programme's effectiveness hinges upon the rigorous implementation of preventive security measures acro", "endpoint": "/api/v1/nodes/icao-annex-17-security.json" }, { "id": "icao-safety-annex-19", "title": "ICAO Annex 19 (Safety Management)", "category": "Aviation, Defense & Quantum", "bluf": "ICAO Annex 19 establishes the international standard for Safety Management Systems (SMS) and State Safety Programmes (SSP) in civil aviation. It focuses on the proactive management of safety risks through the collection, analysis, and exchange of safety data and safety information, ensuring absolute", "endpoint": "/api/v1/nodes/icao-safety-annex-19.json" }, { "id": "icao-safety-mgt-system", "title": "ICAO safety management system (SMS)", "category": "Logistics & Supply Chain", "bluf": "An organization's compliance with the International Civil Aviation Organization (ICAO) safety management system framework mandates a systematic approach to managing safety, including necessary organizational structures, accountabilities, policies, and procedures. As detailed in ICAO Annex 19 and sup", "endpoint": "/api/v1/nodes/icao-safety-mgt-system.json" }, { "id": "icc-incoterms-master", "title": "Incoterms 2020 Master", "category": "Legal & IP Sovereignty", "bluf": "Adherence to the eleven official trade terms within the International Chamber of Commerce Incoterms® 2020 rules is systematically enforced, defining critical obligations, costs, and the transfer of risk consistent with principles in the United Nations Convention on Contracts for the International Sa", "endpoint": "/api/v1/nodes/icc-incoterms-master.json" }, { "id": "icma-green-bond", "title": "Green Bond Principles (ICMA)", "category": "Sustainability & ESG", "bluf": "Compliance with the International Capital Market Association's Green Bond Principles mandates a rigorous framework for ensuring transparency and integrity in the green bond market. Issuers must demonstrate that `require_eligible_green_project_mapping` is satisfied, with `environmental_objectives_doc", "endpoint": "/api/v1/nodes/icma-green-bond.json" }, { "id": "identity-and-access-management-electric-utilities", "title": "Identity and Access Management for Electric Utilities", "category": "Cybersecurity", "bluf": "The National Cybersecurity Center of Excellence (NCCoE) developed this example solution for electric utilities to more securely and efficiently manage access to the networked devices and facilities on which power generation, transmission, and distribution depend. The guidance is informed by best pra", "endpoint": "/api/v1/nodes/identity-and-access-management-electric-utilities.json" }, { "id": "iec-62304-medical-software", "title": "IEC 62304 (Medical Software)", "category": "Medical & Healthcare", "bluf": "IEC 62304 is the international standard for medical device software lifecycle processes. It defines the framework of processes, activities, and tasks for the safe design and maintenance of medical software, regardless of whether the software is a standalone product (SaMD) or embedded within a hardwa", "endpoint": "/api/v1/nodes/iec-62304-medical-software.json" }, { "id": "iec-62443-iacs", "title": "Industrial Automation Security (IEC 62443)", "category": "Industrial IoT & Energy", "bluf": "Operationalizing a comprehensive Industrial Automation and Control Systems (IACS) security program, in accordance with IEC 62443-2-1, demands adherence to a stringent set of technical and procedural controls that align closely with guidance in NIST Special Publication 800-82 Revision 3. A foundation", "endpoint": "/api/v1/nodes/iec-62443-iacs.json" }, { "id": "iec-82304-1-health-software", "title": "IEC 82304-1 (Health Software)", "category": "Medical & Healthcare", "bluf": "IEC 82304-1:2016 is the international standard for general health software product safety. It is designed for software products that do not have dedicated hardware and are used in health environments (e.g., lifestyle, wellness, or administrative software), ensuring safety, reliability, and security ", "endpoint": "/api/v1/nodes/iec-82304-1-health-software.json" }, { "id": "ieee-2817-agent-ethics", "title": "Ethical Design of Agents (IEEE)", "category": "Industrial IoT & Energy", "bluf": "IEEE 2817-2024 is the IEEE Standard for Pilot Qualification and Assessment of Autonomous Systems in Safety-Critical Applications, providing a framework for qualifying autonomous AI agents operating in safety-critical domains including transportation, industrial automation, healthcare, and public saf", "endpoint": "/api/v1/nodes/ieee-2817-agent-ethics.json" }, { "id": "ieee-3931-discovery", "title": "Agent Discovery & Capability Registry (IEEE P3931 ADDR)", "category": "Operations & CX", "bluf": "The IEEE P3931 standard for Agent Description, Discovery, and Registry (ADDR) defines a universal, platform-agnostic framework for how autonomous agents describe their capabilities and how they are discovered within cross-platform ecosystems.", "endpoint": "/api/v1/nodes/ieee-3931-discovery.json" }, { "id": "ieee-ethics-ai-system", "title": "IEEE Ethics (AI Systems)", "category": "AI Governance & Law", "bluf": "Compliance verification for this node mandates adherence to a comprehensive framework of IEEE standards governing ethical AI system development and deployment. The process begins by prioritizing human well-being, a principle central to Ethically Aligned Design, requiring both an approved human_right", "endpoint": "/api/v1/nodes/ieee-ethics-ai-system.json" }, { "id": "ietf-hybrid-pqc-drafts", "title": "IETF Hybrid PQC Drafts", "category": "Aviation, Defense & Quantum", "bluf": "IETF Hybrid PQC Drafts define the mechanisms for combining 'Classical' cryptography (e.g., X25519, Ed25519) with 'Post-Quantum' algorithms (e.g., ML-KEM, ML-DSA). This 'Defense-in-Depth' approach ensures security even if a quantum-resistant algorithm is found to be vulnerable or if the classical alg", "endpoint": "/api/v1/nodes/ietf-hybrid-pqc-drafts.json" }, { "id": "ifac-ethics-accountants", "title": "IFAC Ethics for Accountants", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the IESBA International Code of Ethics for Professional Accountants is operationalized through the acknowledgment of five fundamental principles: integrity, objectivity, professional competence and due care, confidentiality, and professional behavior. This conceptual framework requir", "endpoint": "/api/v1/nodes/ifac-ethics-accountants.json" }, { "id": "ifrs-17-contracts", "title": "IFRS 17: Insurance Contracts", "category": "Banking & Global Finance", "bluf": "IFRS 17 is the first truly international accounting standard for insurance contracts, replacing IFRS 4. It provides a consistent framework for recognizing profit and measuring insurance liabilities, using a current value approach to improve financial transparency and comparability across the global ", "endpoint": "/api/v1/nodes/ifrs-17-contracts.json" }, { "id": "ifrs-9-impairment", "title": "IFRS 9: Expected Credit Loss (ECL)", "category": "Banking & Global Finance", "bluf": "IFRS 9 introduces the Expected Credit Loss (ECL) model for financial instruments, replacing the older 'Incurred Loss' model. It requires organizations to recognize impairments based on forward-looking macroeconomic forecasts and probability-weighted outcomes, reflecting a more realistic and proactiv", "endpoint": "/api/v1/nodes/ifrs-9-impairment.json" }, { "id": "ifrs-global-accounting", "title": "IFRS Global Standards", "category": "Legal & IP Sovereignty", "bluf": "Comprehensive adherence to International Financial Reporting Standards is mandated to ensure global financial integrity and transparency. This control framework requires strict application of foundational accounting principles, including the revenue recognition model stipulated by IFRS 15: Revenue f", "endpoint": "/api/v1/nodes/ifrs-global-accounting.json" }, { "id": "ifrs-s1-general", "title": "Sustainability (IFRS S1)", "category": "Banking & Global Finance", "bluf": "IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information, issued by the ISSB (International Sustainability Standards Board) in June 2023 and effective for reporting periods beginning January 1, 2024, establishes the foundational framework for sustainability-related", "endpoint": "/api/v1/nodes/ifrs-s1-general.json" }, { "id": "ifrs-s2-climate", "title": "Climate Disclosures (IFRS S2)", "category": "Banking & Global Finance", "bluf": "Entities must provide comprehensive disclosures concerning significant climate-related risks and opportunities to meet investor information needs under IFRS S2. This mandate requires a detailed exposition of governance processes, controls, and procedures used for monitoring climate issues. The stand", "endpoint": "/api/v1/nodes/ifrs-s2-climate.json" }, { "id": "ifs-food-standard", "title": "IFS Food (International Featured)", "category": "Food & Hospitality", "bluf": "International Featured Standards (IFS) Food certification provides a framework for ensuring food product safety and quality, aligned with the Global Food Safety Initiative's GFSI Benchmarking Requirements Version 2020.1. Compliance mandates a robust governance structure, as articulated in IFS Food S", "endpoint": "/api/v1/nodes/ifs-food-standard.json" }, { "id": "iia-internal-audit-ippf", "title": "IIA Internal Audit (IPPF)", "category": "Legal & IP Sovereignty", "bluf": "Operational integrity and governance are upheld through rigorous adherence to the Institute of Internal Auditors' International Professional Practices Framework (IPPF), which establishes mandatory guidance for the professional practice of internal auditing. This compliance framework mandates that th", "endpoint": "/api/v1/nodes/iia-internal-audit-ippf.json" }, { "id": "ilo-core-conventions", "title": "ILO (Core Conventions)", "category": "Workplace", "bluf": "BIDDA’s compliance architecture for International Labour Organization core conventions operationalizes the tenets established within the ILO Declaration on Fundamental Principles and Rights at Work. To enforce the Minimum Age Convention, 1973 (No. 138), the system mandates a `min_worker_age_general`", "endpoint": "/api/v1/nodes/ilo-core-conventions.json" }, { "id": "ilo-fundamental-rights-work", "title": "ILO Fundamental Rights at Work", "category": "Legal & IP Sovereignty", "bluf": "The ILO Declaration on Fundamental Principles and Rights at Work (1998, amended 2022) identifies five categories of fundamental principles and rights that all ILO Member States must respect and promote. These rights are the foundation of decent work and fair globalization, applicable even if a membe", "endpoint": "/api/v1/nodes/ilo-fundamental-rights-work.json" }, { "id": "imdrf-samd-risk-framework", "title": "IMDRF SaMD Risk Framework", "category": "Medical & Healthcare", "bluf": "The IMDRF Software as a Medical Device (SaMD) Risk Categorization Framework provides a globally harmonized method for classifying the risk of independent medical software. It categorizes SaMD into four levels (I, II, III, IV) based on the criticality of the clinical situation and the impact of the i", "endpoint": "/api/v1/nodes/imdrf-samd-risk-framework.json" }, { "id": "imo-2020-sulphur-limit", "title": "IMO 2020 Sulphur Limit", "category": "Logistics & Supply Chain", "bluf": "IMO 2020 refers to the significant reduction in the global limit for sulphur content in ships' fuel oil, from 3.50% m/m to 0.50% m/m. This MARPOL Annex VI regulation aims to improve air quality and protect human health by reducing emissions of sulphur oxides (SOx) from shipping.", "endpoint": "/api/v1/nodes/imo-2020-sulphur-limit.json" }, { "id": "imo-marpol-pollution", "title": "MARPOL: Marine Pollution Prevention", "category": "Logistics & Supply Chain", "bluf": "Compliance with the International Convention for the Prevention of Pollution from Ships is confirmed across all applicable annexes based on governing maritime regulations. Pertaining to Annex I, the vessel maintains both a valid International Oil Pollution Prevention Certificate and a current Oil Re", "endpoint": "/api/v1/nodes/imo-marpol-pollution.json" }, { "id": "imo-solas-safety-at-sea", "title": "SOLAS: Safety of Life at Sea", "category": "Logistics & Supply Chain", "bluf": "Vessel conformity with the International Convention for Safety of Life at Sea (SOLAS) mandates rigorous verification of critical operational, structural, and procedural controls. This node's assessment confirms the presence of a valid safety certificate, a foundational requirement for lawful operati", "endpoint": "/api/v1/nodes/imo-solas-safety-at-sea.json" }, { "id": "imo-stcw-seafarer-training", "title": "STCW: Seafarer Competency Standards", "category": "Logistics & Supply Chain", "bluf": "Compliance with the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW) mandates a comprehensive verification of personnel qualifications and operational readiness. This involves confirming every crew member holds a valid certificate of competency a", "endpoint": "/api/v1/nodes/imo-stcw-seafarer-training.json" }, { "id": "in-meity-synthetic-content", "title": "India MeitY IT Rules (Synthetic Content Amendment)", "category": "Banking & Global Finance", "bluf": "Mandatory disclosure, verification, and visual/audio labelling requirements for AI-generated synthetic content by Significant Social Media Intermediaries (SSMIs) operating in India.", "endpoint": "/api/v1/nodes/in-meity-synthetic-content.json" }, { "id": "incoterms-2020-cip-logic", "title": "Incoterms: CIP (Carriage & Insurance Paid)", "category": "Logistics & Supply Chain", "bluf": "CIP 2020 is a multimodal Incoterm where the seller delivers to a carrier and pays for carriage and insurance to the named destination. Unlike CPT, CIP 2020 mandates 'Clause A' (All-risk) insurance coverage, reflecting modern trade demands for higher protection in high-value shipments.", "endpoint": "/api/v1/nodes/incoterms-2020-cip-logic.json" }, { "id": "incoterms-2020-cip-v2", "title": "Incoterms 2020: CIP (Carriage Insurance Paid)", "category": "Logistics & Supply Chain", "bluf": "Carriage Insurance Paid (CIP) under the Incoterms® 2020 framework dictates that a seller fulfills its delivery obligation and completes the transfer of risk once goods are handed to the initial carrier engaged by the seller. This critical transfer point, which is consistent with delivery stipulation", "endpoint": "/api/v1/nodes/incoterms-2020-cip-v2.json" }, { "id": "incoterms-2020-cpt", "title": "Incoterms 2020: CPT (Carriage Paid To)", "category": "Logistics & Supply Chain", "bluf": "Under the Carriage Paid To (CPT) rule, a seller's primary obligations encompass arranging and paying for freight to a specified destination, while the critical transfer of risk from seller to buyer occurs at a fundamentally different, earlier point. Per Incoterms 2020 Article A2/B2, delivery is comp", "endpoint": "/api/v1/nodes/incoterms-2020-cpt.json" }, { "id": "incoterms-2020-ddp-logic", "title": "Incoterms: DDP Compliance", "category": "Logistics & Supply Chain", "bluf": "Delivered Duty Paid (DDP) is the maximum-obligation Incoterm for the seller. The seller delivers the goods at the disposal of the buyer at the named place of destination, cleared for import, and including all taxes and duties paid. Use with extreme caution as it requires the seller to navigate impor", "endpoint": "/api/v1/nodes/incoterms-2020-ddp-logic.json" }, { "id": "incoterms-2020-ddp-v2", "title": "Incoterms 2020: DDP (Delivered Duty Paid)", "category": "Logistics & Supply Chain", "bluf": "Incoterms 2020 rule DDP (Delivered Duty Paid) imposes the maximum obligation upon the seller, who assumes all costs and risks until the goods are delivered to the named destination, ready for unloading. Per this rule, risk transfers when the consignment is destination-ready for unloading; the seller", "endpoint": "/api/v1/nodes/incoterms-2020-ddp-v2.json" }, { "id": "incoterms-2020-exw", "title": "Incoterms 2020: EXW (Ex Works)", "category": "Logistics & Supply Chain", "bluf": "Ex Works (EXW) under the ICC Incoterms® 2020 rules establishes a transaction imposing maximum obligation on the buyer and minimal responsibility on the seller, whose delivery duty consistent with principles in CISG Article 31 is fulfilled by placing goods at the buyer’s disposal alongside a provided", "endpoint": "/api/v1/nodes/incoterms-2020-exw.json" }, { "id": "incoterms-2020-fas-logic", "title": "Incoterms: FAS (Free Alongside Ship)", "category": "Logistics & Supply Chain", "bluf": "Maritime-only logic where the seller delivers when goods are placed alongside the vessel at the named port of shipment.", "endpoint": "/api/v1/nodes/incoterms-2020-fas-logic.json" }, { "id": "incoterms-2020-fca-logic", "title": "Incoterms: FAS (Free Alongside Ship)", "category": "Logistics & Supply Chain", "bluf": "Free Alongside Ship (FAS) is a maritime-only Incoterm where the seller delivers the goods when they are placed alongside the vessel nominated by the buyer at the named port of shipment. FAS 2020 requires the seller to clear the goods for export, making it a common choice for liquid bulk or heavy-lif", "endpoint": "/api/v1/nodes/incoterms-2020-fca-logic.json" }, { "id": "incoterms-2020-fca-v2", "title": "Incoterms 2020: FCA (Free Carrier)", "category": "Logistics & Supply Chain", "bluf": "Free Carrier (FCA) compliance mandates the seller deliver goods cleared for export, as `seller_export_customs_clearance_required` is true, unto a carrier designated by the buyer. A critical operational parameter is that `fca_named_place_explicitly_defined` must be satisfied, articulating the handove", "endpoint": "/api/v1/nodes/incoterms-2020-fca-v2.json" }, { "id": "incoterms-2020-fob-logic", "title": "Incoterms: FOB Risk Transfer", "category": "Logistics & Supply Chain", "bluf": "Free On Board (FOB) is an Incoterm limited to sea and inland waterway transport. Under FOB 2020, the seller delivers the goods on board the vessel nominated by the buyer at the named port of shipment, at which point the risk of loss or damage and the costs transfer to the buyer.", "endpoint": "/api/v1/nodes/incoterms-2020-fob-logic.json" }, { "id": "india-dpdp-act", "title": "India DPDP Act 2023", "category": "Legal & IP Sovereignty", "bluf": "The Digital Personal Data Protection (DPDP) Act of 2023 is India's principal statute for digital personal data, prioritizing individual rights and organizational obligations. It introduces the role of Consent Managers and Data Fiduciaries, with significant penalties (up to ₹250 crore) for non-compli", "endpoint": "/api/v1/nodes/india-dpdp-act.json" }, { "id": "interagency-guidance-third-party-risk-management", "title": "Third-Party Relationships: Interagency Guidance on Risk Management", "category": "Banking & Global Finance", "bluf": "The Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation issued the \"Interagency Guidance on Third-Party Relationships: Risk Management.\" This guidance applies to all banks with third-party relationships,", "endpoint": "/api/v1/nodes/interagency-guidance-third-party-risk-management.json" }, { "id": "intermodal-container-std", "title": "Intermodal Container Standards (ISO)", "category": "Logistics & Supply Chain", "bluf": "Compliance with intermodal container standards mandates strict adherence to a framework of structural integrity, operational safety, and cybersecurity protocols. All units must possess a valid Convention for Safe Containers (CSC) safety approval plate and ensure their external dimensions conform to ", "endpoint": "/api/v1/nodes/intermodal-container-std.json" }, { "id": "inventory-eoq-deterministic", "title": "Agentic Economic Order Quantity", "category": "Logistics & Supply Chain", "bluf": "The Economic Order Quantity (EOQ) model is a deterministic inventory optimization formula that calculates the optimal order quantity that minimizes total inventory cost (ordering cost + holding cost) for a single product with constant, known demand and instantaneous replenishment. The classical Wils", "endpoint": "/api/v1/nodes/inventory-eoq-deterministic.json" }, { "id": "iosco-bench-interest-rate", "title": "IOSCO Principles (Benchmarks)", "category": "Banking & Global Finance", "bluf": "The IOSCO Principles for Financial Benchmarks (2013) are the global standards for the governance, quality, and integrity of the benchmarks used in financial markets (e.g., LIBOR transition rates, indices). They are designed to prevent the manipulation of market benchmarks and ensure their transparen", "endpoint": "/api/v1/nodes/iosco-bench-interest-rate.json" }, { "id": "iptc-photo-metadata", "title": "IPTC Photo Metadata", "category": "Creative, Content & Media IP", "bluf": "Verification of IPTC photo metadata ensures digital assets comply with international intellectual property conventions and mitigate significant legal risks. This compliance framework mandates that specified metadata is embedded directly within the file itself. Key validation points include the manda", "endpoint": "/api/v1/nodes/iptc-photo-metadata.json" }, { "id": "iptc-video-metadata", "title": "IPTC Video Meta", "category": "Creative, Content & Media IP", "bluf": "Regulatory compliance for video assets under this control requires stringent adherence to established IPTC metadata protocols and digital rights frameworks. Each asset is mandated to contain a complete hasIPTCVideoMetadataBlock. The integrity of this data must be cryptographically verifiable via a m", "endpoint": "/api/v1/nodes/iptc-video-metadata.json" }, { "id": "irap-australia-cloud", "title": "IRAP (Australia Cloud)", "category": "Cloud & SaaS", "bluf": "Achieving an Information Security Registered Assessors Program (IRAP) assessment confirms a cloud service's alignment with Australian Government security requirements for handling data up to the PROTECTED classification. This rigorous process, governed by the Australian Signals Directorate (ASD), ma", "endpoint": "/api/v1/nodes/irap-australia-cloud.json" }, { "id": "isan-audiovisual-number", "title": "ISAN (Audiovisual)", "category": "Creative, Content & Media IP", "bluf": "Compliance with this node dictates that all qualifying `is_audiovisual_content` must be uniquely identified with a valid International Standard Audiovisual Number. As stipulated by governing international agreements, this requirement is absolute, meaning the `requires_isan_identifier` control is enf", "endpoint": "/api/v1/nodes/isan-audiovisual-number.json" }, { "id": "isbn-book-standard", "title": "ISBN (Book Standard)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the International Standard Book Number (ISBN) system mandates a multi-faceted validation process to ensure data integrity and interoperability across the global publishing supply chain. An identifier must adhere to strict structural requirements defined by authoritative standards, in", "endpoint": "/api/v1/nodes/isbn-book-standard.json" }, { "id": "isds-investor-state-dispute", "title": "ISDS (Investor-State Dispute)", "category": "Legal & IP Sovereignty", "bluf": "Investor-State Dispute Settlement (ISDS) is an international legal mechanism that allows foreign investors to bring claims against a host state for alleged violations of a bilateral investment treaty (BIT) or free trade agreement (FTA). It provides investors with a neutral forum (e.g., ICSID) to res", "endpoint": "/api/v1/nodes/isds-investor-state-dispute.json" }, { "id": "ism-code-vessel-safety", "title": "ISM Code (Vessel Safety)", "category": "Logistics & Supply Chain", "bluf": "The International Safety Management (ISM) Code provides an international standard for the safe management and operation of ships and for pollution prevention. It requires the 'Company' to establish a 'Safety Management System' (SMS) and mandates the 'Designated Person Ashore' (DPA) to provide a dire", "endpoint": "/api/v1/nodes/ism-code-vessel-safety.json" }, { "id": "ismp-medication-safety", "title": "ISMP Medication Safety", "category": "Medical & Healthcare", "bluf": "The ISMP (Institute for Safe Medication Practices) Best Practices provide a set of consensus-based national standards for reducing medication errors in hospitals and healthcare settings. They focus on high-alert medications, 'Look-Alike/Sound-Alike' (LASA) drug nomenclature, and the implementation o", "endpoint": "/api/v1/nodes/ismp-medication-safety.json" }, { "id": "iso-10002-complaints-mgt", "title": "ISO 10002 (Complaints)", "category": "Workplace", "bluf": "Compliance with ISO 10002 mandates a structured, transparent, and customer-focused complaints-handling framework, grounded in established international standards. Foundational principles require an organization's complaints-handling policy to be publicly accessible, ensuring transparency for all sta", "endpoint": "/api/v1/nodes/iso-10002-complaints-mgt.json" }, { "id": "iso-10004-feedback-mgt", "title": "ISO 10004 (Feedback)", "category": "Workplace", "bluf": "Compliance with ISO 10004 necessitates a structured and comprehensive framework for monitoring and utilizing customer feedback to enhance satisfaction. Organizational adherence requires a formally documented feedback process that incorporates clearly defined satisfaction indicators. This framework m", "endpoint": "/api/v1/nodes/iso-10004-feedback-mgt.json" }, { "id": "iso-10008-b2c-ecommerce", "title": "ISO 10008 (B2C E-commerce)", "category": "Sales, Marketing & PR", "bluf": "ISO 10008 establishes a comprehensive framework for business-to-consumer electronic commerce transactions, emphasizing consumer trust, transparency, and effective redress mechanisms. Foundational guidance stipulates that adherence requires organizations to publish a clear privacy policy and maintain", "endpoint": "/api/v1/nodes/iso-10008-b2c-ecommerce.json" }, { "id": "iso-10668-brand-valuation", "title": "ISO 10668 (Brand Value)", "category": "Sales, Marketing & PR", "bluf": "Adherence to ISO 10668 for monetary brand valuation mandates a rigorous and auditable framework, ensuring transparency, consistency, and reliability in all assessments. This compliance node enforces these normative requirements through a series of procedural gates. Every valuation engagement must co", "endpoint": "/api/v1/nodes/iso-10668-brand-valuation.json" }, { "id": "iso-12639-tiff-it", "title": "ISO 12639 (TIFF/IT)", "category": "Creative, Content & Media IP", "bluf": "Compliance with ISO 12639, governing the Tag Image File Format for Image Technology (TIFF/IT), mandates strict adherence to a specific set of structural and content-based rules for digital graphic arts data exchange. A file must present a valid profile declaration, which is restricted to Line Work (", "endpoint": "/api/v1/nodes/iso-12639-tiff-it.json" }, { "id": "iso-13009-beach-mgmt", "title": "Beach Management (ISO 13009)", "category": "Food & Hospitality", "bluf": "Compliance with international beach operation standards necessitates a comprehensive framework for safety, environmental management, and service quality. ISO 13009:2015 requires a formalized beach management plan that integrates multiple operational facets. Water quality monitoring, a cornerstone of", "endpoint": "/api/v1/nodes/iso-13009-beach-mgmt.json" }, { "id": "iso-13485-medical-qms", "title": "ISO 13485 (Medical QMS)", "category": "Medical & Healthcare", "bluf": "ISO 13485:2016 is the global standard for Medical Device Quality Management Systems (QMS). It specifies requirements for a QMS where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements", "endpoint": "/api/v1/nodes/iso-13485-medical-qms.json" }, { "id": "iso-13485-qms", "title": "Medical Quality (ISO 13485)", "category": "Medical & Healthcare", "bluf": "ISO 13485:2016 is the internationally recognized Quality Management System standard specifically designed for organizations in the medical device industry, covering the full lifecycle of medical devices from design and development through manufacturing, installation, and servicing. Unlike ISO 9001 w", "endpoint": "/api/v1/nodes/iso-13485-qms.json" }, { "id": "iso-14001-ems-v2", "title": "Env Management (ISO 14001)", "category": "Sustainability & ESG", "bluf": "International standard for environmental management systems (EMS).", "endpoint": "/api/v1/nodes/iso-14001-ems-v2.json" }, { "id": "iso-14001-ems", "title": "Env Management (ISO 14001)", "category": "Sustainability & ESG", "bluf": "ISO 14001:2015 is the international standard for Environmental Management Systems (EMS), providing a framework for organizations to manage their environmental responsibilities systematically and contribute to the environmental pillar of sustainable development. The standard follows the Plan-Do-Check", "endpoint": "/api/v1/nodes/iso-14001-ems.json" }, { "id": "iso-14046-water-footprint", "title": "Water Footprint (ISO 14046)", "category": "Sustainability & ESG", "bluf": "An assessment of the water footprint, conducted in alignment with the comprehensive principles of international environmental management standards, confirms substantial conformance. The analysis established a defined goal and scope, including a clearly delineated system boundary and a specific funct", "endpoint": "/api/v1/nodes/iso-14046-water-footprint.json" }, { "id": "iso-14064-ghg-quantify", "title": "GHG Verification (ISO 14064)", "category": "Sustainability & ESG", "bluf": "Successful completion provides reasonable assurance over an organization's greenhouse gas statement through a rigorous third-party verification process aligned with specifications from ISO 14064-3:2019. This is critical for meeting mandatory disclosure obligations under frameworks such as the EU's C", "endpoint": "/api/v1/nodes/iso-14064-ghg-quantify.json" }, { "id": "iso-14064-ghg-reporting", "title": "ISO 14064 (GHG Reporting)", "category": "Sustainability & ESG", "bluf": "ISO 14064-1 specifies principles and requirements for the design, development, management, and reporting of organization-level GHG inventories. It provides a common set of requirements for GHG quantification and reporting, ensuring consistency and credibility for carbon footprint claims.", "endpoint": "/api/v1/nodes/iso-14064-ghg-reporting.json" }, { "id": "iso-14090-climate-adapt", "title": "Climate Adaptation (ISO 14090)", "category": "Sustainability & ESG", "bluf": "Compliance with the Climate Adaptation (ISO 14090) framework mandates a structured, iterative process beginning with pre-planning activities outlined in Section 5. This initial stage requires verified leadership commitment, where `leadership_commitment_verified` is true, and a minimum resource alloc", "endpoint": "/api/v1/nodes/iso-14090-climate-adapt.json" }, { "id": "iso-14721-oais-archival", "title": "ISO 14721 (OAIS)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the ISO 14721 reference model mandates the establishment of a comprehensive framework for long-term digital preservation and access. An organization must first fulfill the `requiresDesignatedCommunityDefinition` prerequisite, explicitly identifying the user base for whom information ", "endpoint": "/api/v1/nodes/iso-14721-oais-archival.json" }, { "id": "iso-14971-medical-risk", "title": "ISO 14971 (Medical Risk)", "category": "Medical & Healthcare", "bluf": "ISO 14971:2019 is the international standard for the application of risk management to medical devices. It provides a framework for manufacturers to identify hazards, estimate and evaluate risks, control these risks, and monitor the effectiveness of these controls throughout the entire product lifec", "endpoint": "/api/v1/nodes/iso-14971-medical-risk.json" }, { "id": "iso-15189-medical-labs", "title": "ISO 15189 (Medical Labs)", "category": "Medical & Healthcare", "bluf": "ISO 15189:2022 is the international standard for medical laboratories, specifying requirements for quality and competence. It addresses both the technical competence of the laboratory and its ability to deliver technically valid results, focusing on patient safety and the clinical utility of laborat", "endpoint": "/api/v1/nodes/iso-15189-medical-labs.json" }, { "id": "iso-15930-pdf-x", "title": "ISO 15930 (PDF/X)", "category": "Creative, Content & Media IP", "bluf": "ISO 15930 establishes the compliance framework for graphic content exchange, ensuring predictable and reliable print reproduction. Conformance mandates that documents explicitly declare their status via a `PDFXVersionIdentifier` and must also include an `OutputIntent` describing the intended printin", "endpoint": "/api/v1/nodes/iso-15930-pdf-x.json" }, { "id": "iso-16363-trusted-digital-repo", "title": "ISO 16363 (Trust Repo)", "category": "Creative, Content & Media IP", "bluf": "Adherence to ISO 16363 certifies a digital repository’s trustworthiness across its organizational infrastructure, digital object management, and technology frameworks. The audited entity demonstrates comprehensive compliance, evidenced by a defined mission statement and an enacted succession plan, w", "endpoint": "/api/v1/nodes/iso-16363-trusted-digital-repo.json" }, { "id": "iso-16684-xmp-metadata", "title": "ISO 16684 (XMP)", "category": "Creative, Content & Media IP", "bluf": "ISO 16684 establishes the framework for embedding extensible metadata within digital assets using the Extensible Metadata Platform (XMP) specification. Compliance mandates a strict structural and semantic adherence to ensure interoperability and data integrity across systems. The standard requires t", "endpoint": "/api/v1/nodes/iso-16684-xmp-metadata.json" }, { "id": "iso-18513-tourism-svc", "title": "Tourism Services (ISO 18513)", "category": "Food & Hospitality", "bluf": "Compliance with ISO 18513 for tourism services mandates a comprehensive framework for hotel operations centered on international standardization and guest welfare, as defined by established global best practices. This assessment verifies adherence to critical communication protocols, requiring the u", "endpoint": "/api/v1/nodes/iso-18513-tourism-svc.json" }, { "id": "iso-19011-audit-guidelines", "title": "Audit Guidelines (ISO 19011)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with this node ensures the establishment and management of a systematic audit programme guided by the core principles articulated in ISO 19011:2018. A foundational requirement is that an `audit_program_established` configuration is active, with objectives defined through a `risk_based_app", "endpoint": "/api/v1/nodes/iso-19011-audit-guidelines.json" }, { "id": "iso-20000-service-mgt", "title": "ISO 20000-1 (Service Mgt)", "category": "Cloud & SaaS", "bluf": "Compliance with ISO 20000-1 mandates the establishment and operation of a comprehensive Service Management System (SMS) to plan, design, transition, deliver, and improve services. Foundational requirements stipulate that an organization must formalize its commitment through a documented service mana", "endpoint": "/api/v1/nodes/iso-20000-service-mgt.json" }, { "id": "iso-20022-messaging", "title": "ISO 20022 Messaging", "category": "Crypto & Sovereign Finance", "bluf": "ISO 20022 is the global standard for financial messaging, providing a methodology and XML/JSON-based message catalog for financial communication between financial institutions, central banks, payment infrastructures, and increasingly, AI agents executing financial transactions. The standard is being", "endpoint": "/api/v1/nodes/iso-20022-messaging.json" }, { "id": "iso-20022-mx-messaging", "title": "ISO 20022 MX Messaging", "category": "Banking & Global Finance", "bluf": "ISO 20022 is the universal standard for financial industry messaging. It provides a platform-independent model for financial business processes and is the standard for modern high-value payment systems (HVPS) and cross-border payments, replacing the legacy MT messaging with richer XML-based MX messa", "endpoint": "/api/v1/nodes/iso-20022-mx-messaging.json" }, { "id": "iso-20245-remanufactured", "title": "Remanufactured Goods (ISO 20245)", "category": "Logistics & Supply Chain", "bluf": "Compliance with remanufacturing standards necessitates a comprehensive, documented process and verifiable end-product quality. The core operational requirement mandates that a product undergoes full disassembly into its individual components. Following this teardown, process documentation must confi", "endpoint": "/api/v1/nodes/iso-20245-remanufactured.json" }, { "id": "iso-20252-market-research", "title": "ISO 20252 (Market Research)", "category": "Sales, Marketing & PR", "bluf": "Conformance with the international standard for market, opinion, and social research necessitates a verifiable, quality-managed framework governing the entire research lifecycle from inception through archival. Effective compliance requires establishing a formal `hasDocumentedProposalProcess` where ", "endpoint": "/api/v1/nodes/iso-20252-market-research.json" }, { "id": "iso-20252-opinion-research", "title": "ISO 20252 (Opinion)", "category": "Sales, Marketing & PR", "bluf": "An assessment of the current state reveals profound non-conformance with core tenets of the ISO 20252 standard for market, opinion, and social research. The research process exhibits systemic deficiencies across multiple critical domains, undermining its validity and reliability. Methodological rigo", "endpoint": "/api/v1/nodes/iso-20252-opinion-research.json" }, { "id": "iso-20400-sustainable-proc", "title": "Sustainable Procure (ISO 20400)", "category": "Sustainability & ESG", "bluf": "Organizational adherence to ISO 20400 guidance, as informed by authoritative frameworks, requires a comprehensive and verifiable sustainable procurement system. Compliance is predicated on establishing a formal sustainable procurement policy, ensuring it is actively communicated to all suppliers, an", "endpoint": "/api/v1/nodes/iso-20400-sustainable-proc.json" }, { "id": "iso-20400-sustainable-procure", "title": "ISO 20400 (Sustainable Procure)", "category": "Workplace", "bluf": "Adherence to the ISO 20400 (Sustainable Procure) node requires an organization to integrate sustainability principles throughout its procurement lifecycle, substantiated by verifiable controls and performance metrics. The framework mandates establishing a formal, management-approved sustainable proc", "endpoint": "/api/v1/nodes/iso-20400-sustainable-procure.json" }, { "id": "iso-20671-brand-evaluation", "title": "ISO 20671 (Brand)", "category": "Sales, Marketing & PR", "bluf": "Adherence to the ISO 20671 standard requires a comprehensive framework for brand evaluation, encompassing legal, financial, market, and stakeholder dimensions. This module verifies the robustness of an organization's brand governance by examining critical data points. The assessment confirms legal p", "endpoint": "/api/v1/nodes/iso-20671-brand-evaluation.json" }, { "id": "iso-21101-adventure-tour", "title": "Adventure Tourism (ISO 21101)", "category": "Food & Hospitality", "bluf": "Adventure tourism providers must establish and maintain a comprehensive safety management system, confirming `safety_management_system_active` is true to align with ISO 21101. Top management holds accountability for creating and disseminating a core safety policy, as stipulated by Clause 5.2. A crit", "endpoint": "/api/v1/nodes/iso-21101-adventure-tour.json" }, { "id": "iso-21401-tourism-sustain", "title": "Sustainable Tourism (ISO 21401)", "category": "Food & Hospitality", "bluf": "Compliance with the Sustainable Tourism standard necessitates the establishment and maintenance of a comprehensive sustainability management system (SMS). An organization must demonstrate a formal sustainability policy, documented and endorsed by top management, that has been effectively communicate", "endpoint": "/api/v1/nodes/iso-21401-tourism-sustain.json" }, { "id": "iso-21500-project-gov", "title": "ISO 21500 (Project Gov)", "category": "Workplace", "bluf": "ISO 21500 (Project Gov) evaluates an organization's adherence to international standards for project, programme, and portfolio governance. Compliance mandates the establishment of a formal framework; validation through `isFrameworkAlignedWithISO21500` confirms if concepts are explicitly referenced i", "endpoint": "/api/v1/nodes/iso-21500-project-gov.json" }, { "id": "iso-21500-project-mgt", "title": "Project Management (ISO 21500)", "category": "Legal & IP Sovereignty", "bluf": "Conformance with this node mandates adherence to structured project management principles benchmarked against ISO 21500. Enterprise initiatives must be formally authorized via an evidence-based requirement that a project charter exists, and all relevant parties are managed through a process where st", "endpoint": "/api/v1/nodes/iso-21500-project-mgt.json" }, { "id": "iso-21502-project-mgt", "title": "ISO 21502 (Project Mgt)", "category": "Workplace", "bluf": "Conformance with governing ISO 21502 guidance for project, program, and portfolio management mandates a rigorous framework of controls and documented procedures. The standard requires that every project be initiated with a formal project charter and operate under a clearly defined and controlled sco", "endpoint": "/api/v1/nodes/iso-21502-project-mgt.json" }, { "id": "iso-22000-food-mgt", "title": "Food Safety Mgt (ISO 22000)", "category": "Food & Hospitality", "bluf": "Conformance with ISO 22000 requires a comprehensive Food Safety Management System (FSMS) built upon a documented food safety policy, as mandated by Clause 5.2, which must be communicated and understood. Organizations shall establish and maintain prerequisite programmes (PRPs) according to Clause 8.2", "endpoint": "/api/v1/nodes/iso-22000-food-mgt.json" }, { "id": "iso-22301-biz-continuity", "title": "Biz Continuity (ISO 22301)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with this node mandates the implementation and maintenance of a comprehensive Business Continuity Management System (BCMS) in alignment with ISO 22301 requirements. Top management must formally establish and endorse a documented business continuity policy appropriate for the organization'", "endpoint": "/api/v1/nodes/iso-22301-biz-continuity.json" }, { "id": "iso-22301-business-cont", "title": "ISO 22301 (Business Cont)", "category": "Cloud & SaaS", "bluf": "ISO 22301:2019 is the premier international standard for Business Continuity Management Systems (BCMS). it specifies requirements for the organization to the 'Plan, Do, Check, Act' for the business resilience, ensuring that the organization can protect itself from, and the respond to, the disruptive", "endpoint": "/api/v1/nodes/iso-22301-business-cont.json" }, { "id": "iso-26000-social-resp-mgt", "title": "ISO 26000 (Social Resp)", "category": "Workplace", "bluf": "Organizational alignment with ISO 26000 principles necessitates a comprehensive assessment of integrated social responsibility frameworks, verified through specific data points. Foundational governance is evidenced by an affirmative `has_sr_policy_endorsed_by_leadership` status, coupled with a syste", "endpoint": "/api/v1/nodes/iso-26000-social-resp-mgt.json" }, { "id": "iso-26000-social-resp", "title": "Social Responsibility (ISO 26000)", "category": "Sustainability & ESG", "bluf": "An organization's alignment with ISO 26000 principles is assessed through a multi-faceted verification of governance structures, operational practices, and public disclosures. Compliance necessitates a formal, publicly available Social Responsibility policy and the designation of a specific officer ", "endpoint": "/api/v1/nodes/iso-26000-social-resp.json" }, { "id": "iso-27001-2022", "title": "ISO/IEC 27001:2022 — Information Security Management", "category": "Cybersecurity", "bluf": "ISO/IEC 27001:2022 (published October 2022, replacing ISO 27001:2013) is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It applies to any organization regardless of size or sector and is administered", "endpoint": "/api/v1/nodes/iso-27001-2022.json" }, { "id": "iso-27017-cloud-controls", "title": "ISO/IEC 27017 (Cloud Controls)", "category": "Cloud & SaaS", "bluf": "The organizational posture concerning ISO/IEC 27017 establishes a comprehensive framework for cloud security controls, yet presents a material deviation regarding data jurisdiction. Adherence to controls for provider-customer relationships is demonstrated through a formally defined shared responsibi", "endpoint": "/api/v1/nodes/iso-27017-cloud-controls.json" }, { "id": "iso-27017-cloud-defence", "title": "Cloud Security for Defense (ISO 27017)", "category": "Aviation Defense & Quantum", "bluf": "ISO/IEC 27017:2015 is an international code of practice for information security controls applicable to cloud services, providing cloud-specific implementation guidance for 37 controls from ISO/IEC 27002 and introducing 7 new cloud-specific controls not found in the base standard. In defense context", "endpoint": "/api/v1/nodes/iso-27017-cloud-defence.json" }, { "id": "iso-27018-pii-cloud", "title": "ISO/IEC 27018 (PII Cloud)", "category": "Cloud & SaaS", "bluf": "ISO/IEC 27018 establishes a comprehensive code of practice for protecting Personally Identifiable Information (PII) within public cloud computing environments, acting as a guide for PII processors. The framework mandates that processors operate solely based upon documented customer instructions, ens", "endpoint": "/api/v1/nodes/iso-27018-pii-cloud.json" }, { "id": "iso-27031-dr-readiness", "title": "ISO/IEC 27031 (ICT Readiness)", "category": "Cloud & SaaS", "bluf": "ISO/IEC 27031:2011 (superseded by modern resilience standards but still foundational) provides the guidelines for Information and Communication Technology Readiness for Business Continuity (IRBC). it specifies the required the strategies to ensure that the digital infrastructure remains available an", "endpoint": "/api/v1/nodes/iso-27031-dr-readiness.json" }, { "id": "iso-27799-health-info-sec", "title": "ISO 27799 (Health InfoSec)", "category": "Medical & Healthcare", "bluf": "ISO 27799:2016 (Health informatics — Information security management in health using ISO/IEC 27002) is the primary standard for implementing ISO 27001 in healthcare. It provides specific guidance on the additional security controls and management practices needed to protect personal health informati", "endpoint": "/api/v1/nodes/iso-27799-health-info-sec.json" }, { "id": "iso-28000-supply-chain-sec", "title": "Supply Chain Security (ISO 28000)", "category": "Logistics & Supply Chain", "bluf": "Security management system for the entire supply chain.", "endpoint": "/api/v1/nodes/iso-28000-supply-chain-sec.json" }, { "id": "iso-28000-supply-chain", "title": "Supply Chain Security (ISO 28000)", "category": "Logistics & Supply Chain", "bluf": "ISO 28000 is the specification for security management systems in the supply chain. It provides a formal framework to assess and manage security risks, such as theft, terrorism, and piracy, aimed at ensuring the integrity and continuity of global logistics operations across all stakeholders.", "endpoint": "/api/v1/nodes/iso-28000-supply-chain.json" }, { "id": "iso-30414-human-capital-rep", "title": "ISO 30414 (Human Capital)", "category": "Workplace", "bluf": "Compliance with the ISO 30414 standard demands a systematic approach to human capital reporting, establishing transparent and comparable metrics for internal governance and external stakeholder review. Foundational requirements include the documented existence of a formal policy for human capital go", "endpoint": "/api/v1/nodes/iso-30414-human-capital-rep.json" }, { "id": "iso-30414-human-capital", "title": "Human Capital Reporting (ISO 30414)", "category": "Workplace", "bluf": "ISO 30414 is the first international standard that allows organizations (SMEs, large enterprises, and public bodies) to get a clear view of their human capital's contribution. It provides a standardized framework for HR metrics across 11 core areas including recruitment, leadership, and diversity.", "endpoint": "/api/v1/nodes/iso-30414-human-capital.json" }, { "id": "iso-31000-risk-mgt-std", "title": "ISO 31000 (Risk Mgt)", "category": "Workplace", "bluf": "Adherence to governing risk management principles mandates a structured, enterprise-wide approach to identifying, analyzing, and treating uncertainty. This control node verifies the existence of foundational governance documents, including a formal, board-approved Risk Management Policy and a clearl", "endpoint": "/api/v1/nodes/iso-31000-risk-mgt-std.json" }, { "id": "iso-31000-risk-mgt", "title": "Risk Management (ISO 31000)", "category": "Legal & IP Sovereignty", "bluf": "Organizational compliance with established international risk management principles necessitates a structured, integrated, and dynamic approach to identifying, analyzing, and treating uncertainty. The BIDDA compliance framework mandates the existence of a formal risk management policy and a thorough", "endpoint": "/api/v1/nodes/iso-31000-risk-mgt.json" }, { "id": "iso-37001-anti-bribery-mgt", "title": "ISO 37001 (Anti-Bribery)", "category": "Workplace", "bluf": "Conformance with the ISO 37001 standard requires establishing and maintaining a robust anti-bribery management system (ABMS). This operational framework mandates a formally documented ABMS policy and oversight by a designated compliance function. Leadership commitment is demonstrated through managem", "endpoint": "/api/v1/nodes/iso-37001-anti-bribery-mgt.json" }, { "id": "iso-37001-anti-bribery-ms", "title": "ISO 37001 (Anti-Bribery MS)", "category": "Legal & IP Sovereignty", "bluf": "ISO 37001:2016 is the international standard for anti-bribery management systems (ABMS). It provides a framework for organizations to prevent, detect, and respond to bribery by establishing a culture of integrity, transparency, and compliance, applicable to small, medium, and large organizations in ", "endpoint": "/api/v1/nodes/iso-37001-anti-bribery-ms.json" }, { "id": "iso-37001-anti-bribery", "title": "Anti-Bribery Systems (ISO 37001)", "category": "Workplace", "bluf": "ISO 37001 is the international standard for anti-bribery management systems (ABMS). It specifies measures to help organizations prevent, detect, and address bribery by establishing a culture of integrity, transparency, and compliance.", "endpoint": "/api/v1/nodes/iso-37001-anti-bribery.json" }, { "id": "iso-37301-compliance-mgt", "title": "ISO 37301 (Compliance)", "category": "Workplace", "bluf": "Conformance with ISO 37301 necessitates a robust and effective Compliance Management System (CMS) built upon a culture of integrity and accountability. This evaluation verifies foundational governance structures, including a board-approved, accessible compliance policy and an operationally independe", "endpoint": "/api/v1/nodes/iso-37301-compliance-mgt.json" }, { "id": "iso-37301-compliance-ms", "title": "ISO 37301 (Compliance MS)", "category": "Legal & IP Sovereignty", "bluf": "ISO 37301:2021 is the global standard for Compliance Management Systems (CMS). It specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining, and improving an effective CMS within an organization, superseding ISO 19600 and making it a certifiab", "endpoint": "/api/v1/nodes/iso-37301-compliance-ms.json" }, { "id": "iso-37301-compliance", "title": "Compliance Mgt (ISO 37301)", "category": "Legal & IP Sovereignty", "bluf": "Effective implementation of an ISO 37301 compliant framework mandates demonstrated leadership and commitment from top management and its governing body, evidenced by verified commitment and a published compliance policy. The foundation requires a systematic process to identify and evaluate legal req", "endpoint": "/api/v1/nodes/iso-37301-compliance.json" }, { "id": "iso-39001-road-traffic", "title": "Road Traffic Safety (ISO 39001)", "category": "Logistics & Supply Chain", "bluf": "Adherence to the ISO 39001:2012 standard for Road Traffic Safety (RTS) management systems requires a comprehensive, documented framework designed to eliminate or significantly reduce death and serious injuries from road traffic incidents. This system's effectiveness, which aligns with principles fro", "endpoint": "/api/v1/nodes/iso-39001-road-traffic.json" }, { "id": "iso-42001-improvement", "title": "AIMS Improvement (ISO 42001)", "category": "AI Governance & Law", "bluf": "ISO/IEC 42001:2023 Clause 10 (Improvement) mandates that organizations operating an AI Management System (AIMS) establish systematic processes for identifying, addressing, and preventing nonconformities — including AI safety incidents, bias events, harmful outputs, and performance degradation — and ", "endpoint": "/api/v1/nodes/iso-42001-improvement.json" }, { "id": "iso-42001-performance", "title": "AIMS Performance Eval (ISO 42001)", "category": "AI Governance & Law", "bluf": "ISO/IEC 42001:2023 Clause 9 (Performance Evaluation) requires organizations operating an AI Management System (AIMS) to establish monitoring and measurement programs for AI systems and the AIMS itself, conduct internal audits of AIMS conformity, and hold management reviews that use performance data ", "endpoint": "/api/v1/nodes/iso-42001-performance.json" }, { "id": "iso-42001-risk-assess", "title": "AI System Impact & Risk Assessment (ISO/IEC 42001:2023)", "category": "AI Governance & Law", "bluf": "The AI System Impact Assessment (Clause 6.1.2) is a mandatory requirement to identify, analyze, and evaluate the potential consequences of an AI system on individuals, groups, and society, focusing on fairness, privacy, safety, and security.", "endpoint": "/api/v1/nodes/iso-42001-risk-assess.json" }, { "id": "iso-42001-transparency", "title": "AI Transparency & Communication (ISO/IEC 42001:2023 Annex A.8)", "category": "AI Governance & Law", "bluf": "Transparency controls (Annex A.8) mandate the provision of clear, accessible information regarding the AI system’s intent, capabilities, and limitations to ensure stakeholders can make informed decisions.", "endpoint": "/api/v1/nodes/iso-42001-transparency.json" }, { "id": "iso-44001-collaborative", "title": "Collaborative Ops (ISO 44001)", "category": "Legal & IP Sovereignty", "bluf": "Operationalizing collaborative business relationships under ISO 44001 demands rigorous adherence to a structured framework for joint activities and governance. Compliance mandates an active relationship management plan, which according to Clause 8.5, must articulate a minimum of three defined collab", "endpoint": "/api/v1/nodes/iso-44001-collaborative.json" }, { "id": "iso-45001-health-safety", "title": "Occupational Health & Safety (ISO 45001)", "category": "Workplace", "bluf": "ISO 45001:2018 is the global standard for occupational health and safety (OH&S), designed to prevent work-related injuries and illnesses while promoting a safe work environment through risk-based resource allocation.", "endpoint": "/api/v1/nodes/iso-45001-health-safety.json" }, { "id": "iso-45001-work-safety", "title": "ISO 45001 (Work Safety)", "category": "Workplace", "bluf": "Organizational adherence to the ISO 45001 standard for occupational health and safety (OHS) management is systematically demonstrated through a comprehensive and well-documented framework. The compliance posture is fundamentally supported by an established OHS policy and unequivocal, demonstrated le", "endpoint": "/api/v1/nodes/iso-45001-work-safety.json" }, { "id": "iso-46001-water-eff", "title": "Water Efficiency (ISO 46001)", "category": "Sustainability & ESG", "bluf": "Adherence to the Water Efficiency (ISO 46001) standard necessitates the implementation of a systematic Water Efficiency Management System (WEMS). Verification requires evidence of a formal water efficiency policy, endorsed by top management and communicated throughout the organization. The WEMS must", "endpoint": "/api/v1/nodes/iso-46001-water-eff.json" }, { "id": "iso-50001-energy-mgmt", "title": "Energy Management (ISO 50001)", "category": "Industrial IoT & Energy", "bluf": "ISO 50001 is the international standard for energy management systems (EnMS). It provides a framework for organizations to improve energy performance, including efficiency, use, and consumption, through a systematic approach aimed at reducing operational costs and greenhouse gas emissions.", "endpoint": "/api/v1/nodes/iso-50001-energy-mgmt.json" }, { "id": "iso-50001-energy-v2", "title": "Energy Management (ISO 50001)", "category": "Sustainability & ESG", "bluf": "Requirements for establishing, implementing, and improving energy management systems.", "endpoint": "/api/v1/nodes/iso-50001-energy-v2.json" }, { "id": "iso-50001-energy", "title": "Energy Management (ISO 50001)", "category": "Industrial IoT & Energy", "bluf": "ISO 50001:2018 is the international standard for Energy Management Systems (EnMS), providing a framework for organizations to continuously improve energy performance — energy efficiency, energy consumption, and energy intensity — through systematic planning, implementation, monitoring, and review. T", "endpoint": "/api/v1/nodes/iso-50001-energy.json" }, { "id": "iso-55001-asset-mgt", "title": "Asset Management (ISO 55001)", "category": "Legal & IP Sovereignty", "bluf": "Effective asset management system implementation necessitates a comprehensive framework grounded in understanding the organization and its context as stipulated by ISO 55001:2014 clause 4.1. Verifiable leadership commitment, a core tenet of clause 5.1, must be confirmed, for which the `leadership_co", "endpoint": "/api/v1/nodes/iso-55001-asset-mgt.json" }, { "id": "iso-9001-ai-quality", "title": "AI Quality Management (ISO 9001 Extension)", "category": "Operations & CX", "bluf": "ISO 9001:2015 provides the foundational Quality Management System (QMS) framework for organizations. Applying these principles to AI-generated output requires rigorous documentation, performance monitoring, and iterative corrective actions.", "endpoint": "/api/v1/nodes/iso-9001-ai-quality.json" }, { "id": "iso-9001-quality-mgt", "title": "ISO 9001 (Quality Mgt)", "category": "Workplace", "bluf": "Compliance with the ISO 9001 standard necessitates the establishment and maintenance of a comprehensive Quality Management System (QMS). A fundamental requirement is that organizations must possess a documented QMS scope and a formally defined quality policy. The framework mandates a proactive appro", "endpoint": "/api/v1/nodes/iso-9001-quality-mgt.json" }, { "id": "iso-iec-17025-lab", "title": "Lab Competence (ISO 17025)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with ISO 17025 necessitates a comprehensive framework for establishing and maintaining laboratory competence. The standard mandates that formal, documented competence requirements exist for all personnel involved in laboratory activities, and that there is an ongoing process for monitorin", "endpoint": "/api/v1/nodes/iso-iec-17025-lab.json" }, { "id": "iso-iec-24027-bias-fairness", "title": "ISO/IEC 24027: Bias and Fairness in AI", "category": "AI Governance & Law", "bluf": "The mathematical and technical playbook for mitigating human cognitive bias, data bias, and engineering bias through quantitative fairness metrics like demographic parity and equalized odds.", "endpoint": "/api/v1/nodes/iso-iec-24027-bias-fairness.json" }, { "id": "iso-iec-5230-openchain", "title": "Open Source (ISO 5230)", "category": "Legal & IP Sovereignty", "bluf": "ISO/IEC 5230:2020 (OpenChain) is the international standard for open source software license compliance, defining the minimum requirements for a quality open source compliance program that enables organizations to trust open source software they receive from third parties and to manage the open sour", "endpoint": "/api/v1/nodes/iso-iec-5230-openchain.json" }, { "id": "isps-code-vessel-security", "title": "ISPS Code (Vessel Security)", "category": "Logistics & Supply Chain", "bluf": "The International Ship and Port Facility Security (ISPS) Code is a mandatory set of measures to enhance the security of ships and port facilities. It provides a standardized framework for evaluating risk, enabling governments to offset changes in threat with changes in security level for ships and p", "endpoint": "/api/v1/nodes/isps-code-vessel-security.json" }, { "id": "isrc-recording-code", "title": "ISRC (Recording Code)", "category": "Creative, Content & Media IP", "bluf": "International Standard Recording Code (ISRC) compliance necessitates rigorous validation against its established global standard for identifying sound recordings and music videos. For accurate automated processing, the code must first be stripped of any separators, such as hyphens. The resulting san", "endpoint": "/api/v1/nodes/isrc-recording-code.json" }, { "id": "issb-s1-s2-standard", "title": "ISSB S1/S2 Standards", "category": "Sustainability & ESG", "bluf": "The International Sustainability Standards Board (ISSB) issued its inaugural standards, IFRS S1 and IFRS S2, to provide a global baseline for sustainability disclosures. IFRS S1 covers general requirements for sustainability-related financial information, while IFRS S2 focuses on climate-related dis", "endpoint": "/api/v1/nodes/issb-s1-s2-standard.json" }, { "id": "issn-serial-standard", "title": "ISSN (Serial Standard)", "category": "Creative, Content & Media IP", "bluf": "International Standard Serial Number (ISSN) compliance mandates stringent data integrity and structural validation for all applicable serial publications. A designated 'issn' field must be present and conform to the canonical 'NNNN-NNNC' format, where the final character is a digit or an uppercase '", "endpoint": "/api/v1/nodes/issn-serial-standard.json" }, { "id": "itar-compliance-workflow", "title": "ITAR Compliance Workflow", "category": "Aviation, Defense & Quantum", "bluf": "The International Traffic in Arms Regulations (ITAR) control the export and temporary import of defense articles and defense services on the United States Munitions List (USML). Compliance is mandatory for all U.S. manufacturers, exporters, and brokers of defense articles to prevent unauthorized acc", "endpoint": "/api/v1/nodes/itar-compliance-workflow.json" }, { "id": "itar-license-check", "title": "ITAR Export Control Logic", "category": "Aviation Defense & Quantum", "bluf": "Mandatory controls for the export, re-export, and brokering of defense articles, services, and technical data listed on the United States Munitions List (USML).", "endpoint": "/api/v1/nodes/itar-license-check.json" }, { "id": "itil-v4-service-value", "title": "ITIL v4 (Value System)", "category": "Cloud & SaaS", "bluf": "ITIL v4 (Information Technology Infrastructure Library) is the world's the premier the framework for the IT service management (ITSM). it shifts the focus from the traditional process-based management to a 'Service Value System' (SVS) that integrates the '7 Guiding Principles', 'Governance', and the", "endpoint": "/api/v1/nodes/itil-v4-service-value.json" }, { "id": "itu-r-bt-2020-uhdtv", "title": "ITU-R BT.2020 (UHD)", "category": "Creative, Content & Media IP", "bluf": "Regulatory conformance with the ITU-R BT.2020 standard for Ultra High Definition (UHD) video mandates strict adherence to a comprehensive set of technical specifications. An asset’s spatial resolution must precisely match either 3840x2160 pixels or 7680x4320 pixels, presented with a required display", "endpoint": "/api/v1/nodes/itu-r-bt-2020-uhdtv.json" }, { "id": "itu-r-bt-709-hdtv", "title": "ITU-R BT.709 (HDTV)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the foundational ITU-R Recommendation BT.709 mandates strict adherence to several key colorimetry and signal format parameters for high-definition television systems. Verification procedures confirm that video assets conform to the standard's specifications for color representation, ", "endpoint": "/api/v1/nodes/itu-r-bt-709-hdtv.json" }, { "id": "kanban-replenishment", "title": "Kanban Replenishment Algorithm", "category": "Logistics & Supply Chain", "bluf": "Compliance with this node's Kanban Replenishment Algorithm mandates adherence to a comprehensive set of security protocols and operational thresholds designed for ensuring supply chain integrity and data protection in line with governing frameworks. System integrity is upheld through stringent contr", "endpoint": "/api/v1/nodes/kanban-replenishment.json" }, { "id": "kcs-evolve-loop", "title": "KCS Evolve Loop", "category": "Operations & CX", "bluf": "Knowledge-Centered Service (KCS) v6, developed by the Consortium for Service Innovation, defines the Evolve Loop as the organizational and strategic activities that ensure the KCS program itself continuously improves and delivers increasing value — distinct from the Solve Loop which focuses on captu", "endpoint": "/api/v1/nodes/kcs-evolve-loop.json" }, { "id": "kcs-solve-loop", "title": "KCS Solve Loop", "category": "Operations & CX", "bluf": "Knowledge-Centered Service (KCS) v6 Solve Loop defines the practices agents follow during each customer interaction to search, reuse, create, improve, and contribute knowledge as an integral part of solving customer problems — not as a separate activity. The Solve Loop embeds knowledge management in", "endpoint": "/api/v1/nodes/kcs-solve-loop.json" }, { "id": "korea-pipa-standard", "title": "South Korea PIPA", "category": "Legal & IP Sovereignty", "bluf": "The Personal Information Protection Act (PIPA) of South Korea is one of the world's strictest data protection regimes, mandating specific opt-in consent for sensitive information and imposing criminal penalties for data misuse. It is overseen by the PIPC (Personal Information Protection Commission).", "endpoint": "/api/v1/nodes/korea-pipa-standard.json" }, { "id": "last-mile-algorithm-ethics", "title": "Last-Mile Delivery Ethics", "category": "Logistics & Supply Chain", "bluf": "Operational governance of last-mile delivery activities necessitates rigorous adherence to established ethical and performance standards. This compliance framework ensures all logistical operations, from dispatch to final customer handover, are executed with fairness, transparency, and accountabilit", "endpoint": "/api/v1/nodes/last-mile-algorithm-ethics.json" }, { "id": "law-society-conveyancing", "title": "Conveyancing Quality (UK)", "category": "Legal & IP Sovereignty", "bluf": "Evaluation of a firm's adherence to UK conveyancing standards necessitates a multi-faceted compliance assessment, centered on the Law Society Conveyancing Quality Scheme Core Practice Management Standards. Verifiable active CQS accreditation is mandatory, alongside confirmation that designated fee e", "endpoint": "/api/v1/nodes/law-society-conveyancing.json" }, { "id": "lcr-disclosure-standards", "title": "Liquidity coverage ratio disclosure standards", "category": "Banking & Global Finance", "bluf": "This disclosure framework sets out requirements for the Liquidity Coverage Ratio (LCR) to improve transparency, reinforce the Sound Principles for sound liquidity risk management, enhance market discipline, and reduce market uncertainty. The LCR standard aims to promote the short-term resilience of ", "endpoint": "/api/v1/nodes/lcr-disclosure-standards.json" }, { "id": "leed-green-building", "title": "LEED Green Building Rating", "category": "Sustainability & ESG", "bluf": "The LEED Green Building Rating system establishes a framework of performance-based prerequisites and optional credits for certifying sustainable building projects. Foundational compliance requires executing multiple non-negotiable measures, starting with verification that a site assessment is comple", "endpoint": "/api/v1/nodes/leed-green-building.json" }, { "id": "legal-nda-deterministic", "title": "Deterministic NDA Review", "category": "Legal & IP Sovereignty", "bluf": "Deterministic NDA review is an AI-assisted legal workflow that systematically extracts, analyzes, and scores the key clauses of a Non-Disclosure Agreement (NDA) — including confidentiality definition, permitted disclosures, exclusions, term and termination provisions, return/destruction of materials", "endpoint": "/api/v1/nodes/legal-nda-deterministic.json" }, { "id": "linkedin-ads-policy-std", "title": "LinkedIn Ads (Policies)", "category": "Sales, Marketing & PR", "bluf": "Enforcement of LinkedIn's advertising policies is paramount, with this compliance node systematically evaluating campaign assets against rigorous standards for quality, transparency, and user safety. The assessment protocol mandates that ad copy must be devoid of any misleading claims and avoid unsu", "endpoint": "/api/v1/nodes/linkedin-ads-policy-std.json" }, { "id": "liquidity-staking-security", "title": "Liquidity Staking Risk (LST)", "category": "Crypto & Sovereign Finance", "bluf": "Liquid Staking Tokens (LSTs) represent a user's claim on staked cryptocurrency (primarily Ethereum via protocols like Lido's stETH, Rocket Pool's rETH, and Coinbase's cbETH) that can be freely traded, used as DeFi collateral, or compounded while the underlying stake earns validation rewards. LST sec", "endpoint": "/api/v1/nodes/liquidity-staking-security.json" }, { "id": "logistics-3pl-matrix", "title": "3PL Service Provider Selection", "category": "Logistics & Supply Chain", "bluf": "Selection of Third-Party Logistics (3PL) service providers mandates a rigorous due diligence process aligned with established cybersecurity and operational resilience frameworks. This control enforces procurement criteria consistent with guidance from NIST Special Publication 800-161r1 and CISA Info", "endpoint": "/api/v1/nodes/logistics-3pl-matrix.json" }, { "id": "logistics-3pl-slas", "title": "Automated 3PL Performance SLAs", "category": "Logistics & Supply Chain", "bluf": "Third-Party Logistics (3PL) Service Level Agreements (SLAs) define the contractually binding performance thresholds that logistics service providers must meet for order fulfillment, warehousing, transportation, and returns management on behalf of their clients. For AI-managed logistics operations, t", "endpoint": "/api/v1/nodes/logistics-3pl-slas.json" }, { "id": "logistics-bonded-warehouse", "title": "Bonded Warehouse Audit Protocol", "category": "Logistics & Supply Chain", "bluf": "Mandatory compliance protocols for bonded warehouse operations are established to ensure strict adherence to international and national customs regulations. Under the authority of 19 U.S.C. § 1555 and the detailed requirements outlined in 19 CFR Part 19, operators must maintain absolute control over", "endpoint": "/api/v1/nodes/logistics-bonded-warehouse.json" }, { "id": "logistics-carbon-glec", "title": "Logistics Carbon Accounting (GLEC)", "category": "Logistics & Supply Chain", "bluf": "Logistics carbon accounting practices demonstrate strong methodological alignment with the Global Logistics Emissions Council (GLEC) Framework and full compliance with ISO 14083 standards. The operational boundary for emissions calculation is clearly defined, crucially encompassing Scope 3 outsource", "endpoint": "/api/v1/nodes/logistics-carbon-glec.json" }, { "id": "logistics-edi-messaging", "title": "Logistics EDI Standards (ANSI X12)", "category": "Logistics & Supply Chain", "bluf": "Adherence to Logistics EDI Standards under ANSI X12 mandates a comprehensive framework of technical controls and governance protocols to ensure secure, reliable, and auditable electronic data interchange. The required configuration enforces implementation of critical transaction sets, including 856 ", "endpoint": "/api/v1/nodes/logistics-edi-messaging.json" }, { "id": "logistics-hs-classification", "title": "Automated HS Classification", "category": "Logistics & Supply Chain", "bluf": "The Harmonized System (HS) Classification node provides a deterministic logic framework based on the WCO General Rules for the Interpretation (GRI) to classify goods for global customs, ensuring accurate duty calculation and regulatory compliance.", "endpoint": "/api/v1/nodes/logistics-hs-classification.json" }, { "id": "logistics-hs-codes", "title": "Automated HS Code Classification", "category": "Logistics & Supply Chain", "bluf": "The Harmonized System (HS) is the international nomenclature for classifying traded products, administered by the World Customs Organization (WCO) and used by over 200 countries as the basis for customs tariffs, trade statistics, and trade compliance. Every internationally traded product must be ass", "endpoint": "/api/v1/nodes/logistics-hs-codes.json" }, { "id": "logistics-jit-inventory", "title": "Just-In-Time (JIT) Inventory Logic", "category": "Logistics & Supply Chain", "bluf": "Just-In-Time (JIT) Inventory Logic codifies the essential operational and technical controls governing automated inventory management to ensure full compliance and mitigate risk. The node's configuration mandates that on-hand supply levels must not exceed a 5-day threshold, with procurement actions ", "endpoint": "/api/v1/nodes/logistics-jit-inventory.json" }, { "id": "madrid-system-trademarks", "title": "Madrid System (Trademarks)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the Madrid System for the International Registration of Marks is affirmed based on current data parameters. The application fulfills essential procedural and jurisdictional prerequisites, as the system confirms the applicant possesses a basic mark and originates from a member contrac", "endpoint": "/api/v1/nodes/madrid-system-trademarks.json" }, { "id": "malware-incident-prevention-handling", "title": "Guide to Malware Incident Prevention and Handling for Desktops and Laptops", "category": "Cybersecurity", "bluf": "Malware, also known as malicious code, refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating s", "endpoint": "/api/v1/nodes/malware-incident-prevention-handling.json" }, { "id": "marketing-attribution-models", "title": "Marketing Attribution", "category": "Sales, Marketing & PR", "bluf": "Organizational adherence to marketing attribution standards mandates a comprehensive, multi-faceted approach to measurement and reporting. Prevailing regulations require the concurrent implementation of both a Multi-Touch Attribution (MTA) framework and a Marketing Mix Modeling (MMM) framework. Esta", "endpoint": "/api/v1/nodes/marketing-attribution-models.json" }, { "id": "mas-tr-management-sg", "title": "MAS TRM Guidelines (Singapore)", "category": "Banking & Global Finance", "bluf": "The Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines are the gold standard for financial technology governance in Asia-Pacific. it provides a comprehensive framework for the management of the IT risk, the security of the critical systems, and the oversight of the dig", "endpoint": "/api/v1/nodes/mas-tr-management-sg.json" }, { "id": "mcp-enterprise-auth", "title": "Model Context Protocol (MCP) Enterprise Security", "category": "Operations & CX", "bluf": "Standardized security protocols for establishing trust, authenticating context, and limiting data exposure between enterprise data sources and LLM agents using MCP.", "endpoint": "/api/v1/nodes/mcp-enterprise-auth.json" }, { "id": "meta-ads-policy-standard", "title": "Meta Ads (Policies)", "category": "Sales, Marketing & PR", "bluf": "This advertising asset presents a low composite risk score of 0.15 for policy violation, though a material vulnerability exists within its data implementation framework. The campaign demonstrates compliance with several foundational Advertising Policies, confirming ad content is neither harmful nor ", "endpoint": "/api/v1/nodes/meta-ads-policy-standard.json" }, { "id": "mev-boost-audit", "title": "MEV-Boost Ethics & Audit", "category": "Crypto & Sovereign Finance", "bluf": "MEV-Boost (Maximal Extractable Value Boost) is the dominant block-building middleware for Ethereum Proof-of-Stake validators, enabling validators (proposers) to outsource block construction to a competitive market of block builders who maximize transaction ordering revenue, with profits shared betwe", "endpoint": "/api/v1/nodes/mev-boost-audit.json" }, { "id": "mica-stablecoin-reserve", "title": "MiCA (Stablecoin Reserve)", "category": "Banking & Global Finance", "bluf": "MiCA (Markets in Crypto-Assets Regulation, EU 2023/1114) is the first comprehensive framework for the crypto-asset market. it introduces strict reserve requirements for 'Asset-Referenced Tokens' (ARTs) and 'E-Money Tokens' (EMTs), commonly known as stablecoins, requiring issuers to maintain a 1:1 li", "endpoint": "/api/v1/nodes/mica-stablecoin-reserve.json" }, { "id": "mifid-ii-best-execution", "title": "MiFID II Best Execution", "category": "Banking & Global Finance", "bluf": "MiFID II Best Execution (Markets in Financial Instruments Directive II) requires investment firms to take all sufficient steps to obtain the best possible result for their clients when executing orders. it focuses on a multi-factor assessment including price, costs, speed, and likelihood of executio", "endpoint": "/api/v1/nodes/mifid-ii-best-execution.json" }, { "id": "mifid-ii", "title": "Markets in Financial Instruments Directive II (MiFID II)", "category": "Banking & Global Finance", "bluf": "Markets in Financial Instruments Directive II (MiFID II) establishes a comprehensive regulatory framework designed to enhance transparency, investor protection, and market efficiency across European Union financial markets. Compliance requires rigorous adherence to numerous obligations, mandating th", "endpoint": "/api/v1/nodes/mifid-ii.json" }, { "id": "mifir-transaction-report", "title": "MiFIR Transaction (Reporting)", "category": "Banking & Global Finance", "bluf": "MiFIR Transaction Reporting (Markets in Financial Instruments Regulation, Article 26) is the mandatory standard for reporting the details of the financial trades to the EU regulators. it requires the timely disclosure of the 65 data fields (e.g., identity of the buyer/seller, LEIs, time-stamping) wi", "endpoint": "/api/v1/nodes/mifir-transaction-report.json" }, { "id": "mitre-t1562", "title": "Impair Defenses (MITRE T1562)", "category": "Cybersecurity", "bluf": "MITRE ATT&CK Technique T1562 (Impair Defenses) describes adversary behaviors aimed at disabling, tampering with, or reducing the effectiveness of security tools and controls — including antivirus, endpoint detection and response (EDR), logging systems, firewalls, and audit trails — to reduce detecti", "endpoint": "/api/v1/nodes/mitre-t1562.json" }, { "id": "mod-safe-ai", "title": "UK Ministry of Defence (MoD) AI Safety Protocol", "category": "Aviation Defense & Quantum", "bluf": "A mandatory safety assurance framework for AI systems deployed in British Armed Forces, requiring a structured Safety Case and human-in-the-loop gating for lethal force.", "endpoint": "/api/v1/nodes/mod-safe-ai.json" }, { "id": "model-card-report", "title": "Standardized Model Card Logic", "category": "AI Governance & Law", "bluf": "Model Cards, introduced by Mitchell et al. (2019) and subsequently adopted as a documentation standard in EU AI Act Article 11 (technical documentation), ISO/IEC 42001 Annex B, and NIST AI RMF Govern 1.2, are structured reports that document an AI model's intended use, training data characteristics,", "endpoint": "/api/v1/nodes/model-card-report.json" }, { "id": "modern-slavery-act-rep", "title": "Modern Slavery Act", "category": "Workplace", "bluf": "Modern slavery legislation mandates that certain commercial organizations actively identify, mitigate, and report on risks of slavery and human trafficking within their global operations and supply chains. The governing statutory frameworks establish clear triggers for compliance; for example, `isUk", "endpoint": "/api/v1/nodes/modern-slavery-act-rep.json" }, { "id": "mrc-viewability-standard", "title": "MRC (Viewability)", "category": "Sales, Marketing & PR", "bluf": "Adherence to Media Rating Council and Interactive Advertising Bureau standards for viewable impressions is mandatory for compliant digital advertising measurement. This configuration enforces the baseline criteria established within the Viewable Ad Impression Measurement Guidelines. For standard dis", "endpoint": "/api/v1/nodes/mrc-viewability-standard.json" }, { "id": "msc-fisheries-cert", "title": "MSC Seafood Sustainability", "category": "Sustainability & ESG", "bluf": "Compliance with the Marine Stewardship Council framework for seafood sustainability mandates a multi-faceted assessment of fishery operations and supply chain integrity. Verification begins with confirming the entity holds a valid MSC certificate that is not suspended. The product itself must fall w", "endpoint": "/api/v1/nodes/msc-fisheries-cert.json" }, { "id": "nerc-cip-v6-cyber", "title": "NERC CIP: Energy Cyber Infrastructure", "category": "Industrial IoT & Energy", "bluf": "The NERC Critical Infrastructure Protection (CIP) standards are the mandatory cybersecurity requirements for North American bulk power systems. They focus on identifying 'BES' (Bulk Electric System) Cyber Systems and implementing defense-in-depth controls to protect critical energy reliability from ", "endpoint": "/api/v1/nodes/nerc-cip-v6-cyber.json" }, { "id": "ngs-ivds-germline-diseases", "title": "Considerations for Design, Development, and Analytical Validation of Next Generation Sequencing (NGS) – Based In Vitro Diagnostics (IVDs) Intended to Aid in the Diagnosis of Suspected Germline Diseases", "category": "Medical & Healthcare", "bluf": "This guidance document describes one part of FDA’s efforts to create a flexible and adaptive regulatory approach to the oversight of next generation sequencing (NGS)-based tests. As a step toward this vision, FDA is outlining key considerations for designing, developing, and establishing analytical ", "endpoint": "/api/v1/nodes/ngs-ivds-germline-diseases.json" }, { "id": "nis2-directive", "title": "NIS2 Directive — EU Critical Infrastructure Cybersecurity", "category": "Cybersecurity", "bluf": "Directive (EU) 2022/2555 (NIS2), published December 27, 2022 and mandatorily transposed into national law by EU member states by October 17, 2024, replaces the original NIS Directive (2016/1148) and dramatically expands both the scope and enforcement regime for network and information security acros", "endpoint": "/api/v1/nodes/nis2-directive.json" }, { "id": "nist-800-122-pii", "title": "Protecting PII (NIST 800-122)", "category": "Legal & IP Sovereignty", "bluf": "NIST Special Publication 800-122 (Guide to Protecting the Confidentiality of Personally Identifiable Information) provides a comprehensive framework for federal agencies and their contractors to identify, categorize, and protect PII held in information systems — establishing that PII protection must", "endpoint": "/api/v1/nodes/nist-800-122-pii.json" }, { "id": "nist-800-123-server-sec", "title": "NIST SP 800-123 (Server Security)", "category": "Cloud & SaaS", "bluf": "NIST SP 800-123 (Guide to General Server Security) provides the foundational standard for the secure deployment and the management of the servers. it focuses on the full 'Security Life Cycle', covering the host hardening, the logical the access control, and the persistent the monitoring of the serve", "endpoint": "/api/v1/nodes/nist-800-123-server-sec.json" }, { "id": "nist-800-171-cui", "title": "CUI Protection (NIST 800-171)", "category": "Aviation Defense & Quantum", "bluf": "NIST Special Publication 800-171 Revision 3 (published May 2024) defines 17 control families containing 110 security requirements for protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations — primarily defense contractors, research institutions, and suppliers pr", "endpoint": "/api/v1/nodes/nist-800-171-cui.json" }, { "id": "nist-800-171-rev-3", "title": "NIST SP 800-171 Rev 3 (CUI)", "category": "Aviation, Defense & Quantum", "bluf": "NIST SP 800-171 Rev 3 provides the requirements for protecting the confidentiality of Controlled Unclassified Information (CUI) in nonfederal systems and organizations. It is the foundational standard for defense contractors, and the latest 2024 revision incorporates significant updates to controls ", "endpoint": "/api/v1/nodes/nist-800-171-rev-3.json" }, { "id": "nist-800-190-container", "title": "NIST SP 800-190 (Containers)", "category": "Cloud & SaaS", "bluf": "Compliance with NIST SP 800-190 guidance for application container security necessitates a multi-layered control framework that addresses risks across the entire lifecycle. This node enforces critical security postures, beginning with the image build process where each image_uses_trusted_base is man", "endpoint": "/api/v1/nodes/nist-800-190-container.json" }, { "id": "nist-800-204-microservices", "title": "NIST SP 800-204 (Microservices)", "category": "Cloud & SaaS", "bluf": "NIST SP 800-204 establishes stringent security strategies for microservice-based applications, mandating a defense-in-depth architecture. Compliance requires the deployment and configuration of an API gateway to mediate all ingress traffic, complemented by a service mesh for managing and securing in", "endpoint": "/api/v1/nodes/nist-800-204-microservices.json" }, { "id": "nist-800-53-au2", "title": "Audit Event Logging (NIST 800-53)", "category": "Cybersecurity", "bluf": "NIST SP 800-53 Rev 5 Control AU-2 (Event Logging) requires organizations to identify the types of events that the system is capable of logging in support of the audit function, coordinate the event logging function with other organizations requiring audit-related information, and specify the types o", "endpoint": "/api/v1/nodes/nist-800-53-au2.json" }, { "id": "nist-800-53-cp2", "title": "Contingency Planning (NIST 800-53)", "category": "Cybersecurity", "bluf": "NIST SP 800-53 Rev 5 Control CP-2 (Contingency Plan) requires organizations to develop a contingency plan for the information system that identifies essential missions and business functions, provides recovery objectives, priorities, and metrics, addresses contingency roles, responsibilities, and as", "endpoint": "/api/v1/nodes/nist-800-53-cp2.json" }, { "id": "nist-800-53-ia2", "title": "Ident & Auth (NIST 800-53)", "category": "Cybersecurity", "bluf": "NIST SP 800-53 Rev 5 Control IA-2 (Identification and Authentication — Organizational Users) requires information systems to uniquely identify and authenticate organizational users (including processes acting on behalf of users) and mandates multi-factor authentication (MFA) for all access to privil", "endpoint": "/api/v1/nodes/nist-800-53-ia2.json" }, { "id": "nist-800-53-sc7", "title": "Boundary Protection (NIST 800-53)", "category": "Cybersecurity", "bluf": "NIST SP 800-53 Rev 5 Control SC-7 (Boundary Protection) requires organizations to monitor and control communications at the external boundary of the system and at key internal boundaries, implement subnetworks for publicly accessible system components, and connect to external networks or systems onl", "endpoint": "/api/v1/nodes/nist-800-53-sc7.json" }, { "id": "nist-800-61-incident-resp", "title": "NIST SP 800-61 (Incidents)", "category": "Cloud & SaaS", "bluf": "NIST SP 800-61 Rev 2 (Computer Security Incident Handling Guide) is the definitive U.S. standard for managing the lifecycle of the cyber incidents. it provides an operational framework for the established 'Incident Response Team' (CSIRT) to the efficiently coordinate the 'Detection', 'Analysis', 'Co", "endpoint": "/api/v1/nodes/nist-800-61-incident-resp.json" }, { "id": "nist-800-88-sanitization", "title": "NIST SP 800-88 (Sanitization)", "category": "Cloud & SaaS", "bluf": "NIST SP 800-88 Rev 1 (Guidelines for Media Sanitization) is the definitive U.S. standard for the secure destruction and the disposal of the information. it provides a systematic framework for the 'Sanitization' of the storage media (HDDs, SSDs, Mobile, Cloud) through the categorized methods of the '", "endpoint": "/api/v1/nodes/nist-800-88-sanitization.json" }, { "id": "nist-ai-100-2-aml-taxonomy", "title": "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations", "category": "AI Governance & Law", "bluf": "This NIST Trustworthy and Responsible AI report develops a taxonomy of concepts and defines terminology in the field of adversarial machine learning (AML). The taxonomy is built on surveying the AML literature and is arranged in a conceptual hierarchy that includes key types of ML methods and lifecy", "endpoint": "/api/v1/nodes/nist-ai-100-2-aml-taxonomy.json" }, { "id": "nist-ai-100-4-redteam", "title": "AI Red Teaming (NIST AI 100-4)", "category": "AI Governance & Law", "bluf": "Adversarial red teaming constitutes a mandatory control for designated AI systems, aligning with directives in U.S. Executive Order 14110 and fulfilling the accuracy, robustness, and cybersecurity requirements detailed within the EU AI Act's Article 15. This node’s primary objective is to systematic", "endpoint": "/api/v1/nodes/nist-ai-100-4-redteam.json" }, { "id": "nist-ai-100-4-synthetic-content", "title": "Reducing Risks Posed by Synthetic Content An Overview of Technical Approaches to Digital Content Transparency", "category": "AI Governance & Law", "bluf": "This report examines existing standards, tools, methods, and practices for authenticating digital content, tracking its provenance, labeling and detecting synthetic content, and preventing generative AI from producing harmful material like child sexual abuse material or non-consensual intimate image", "endpoint": "/api/v1/nodes/nist-ai-100-4-synthetic-content.json" }, { "id": "nist-ai-100-5-global-engagement-plan", "title": "A Plan for Global Engagement on AI Standards", "category": "AI Governance & Law", "bluf": "Recognizing the importance of technical standards in shaping development and use of Artificial Intelligence (AI), the President’s October 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) calls for “a coordinated effort...to drive the", "endpoint": "/api/v1/nodes/nist-ai-100-5-global-engagement-plan.json" }, { "id": "nist-ai-600-1-gen-ai-profile", "title": "Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile", "category": "AI Governance & Law", "bluf": "This document is a cross-sectoral profile of and a companion resource for the AI Risk Management Framework (AI RMF 1.0) for Generative AI, developed pursuant to Executive Order 14110 on Safe, Secure, and Trustworthy Artificial Intelligence. It is intended for voluntary use by organizations to improv", "endpoint": "/api/v1/nodes/nist-ai-600-1-gen-ai-profile.json" }, { "id": "nist-ai-adversarial-machine-learning", "title": "Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations", "category": "AI Governance & Law", "bluf": "This NIST Trustworthy and Responsible AI report develops a taxonomy of concepts and defines terminology in the field of adversarial machine learning (AML), which may aid in securing applications of artificial intelligence (AI) against adversarial manipulations. The taxonomy is built on surveying the", "endpoint": "/api/v1/nodes/nist-ai-adversarial-machine-learning.json" }, { "id": "nist-ai-rmf-1-0", "title": "Artificial Intelligence Risk Management Framework (AI RMF 1.0)", "category": "AI Governance & Law", "bluf": "The goal of the AI RMF is to offer a resource to the organizations designing, developing, deploying, or using AI systems to help manage the many risks of AI and promote trustworthy and responsible development and use of AI systems. The Framework is intended to be voluntary, rights-preserving, non-se", "endpoint": "/api/v1/nodes/nist-ai-rmf-1-0.json" }, { "id": "nist-ai-rmf-govern", "title": "NIST AI RMF: Governance & Accountability (Govern 1.1)", "category": "Cybersecurity", "bluf": "The NIST AI Risk Management Framework (RMF) 'Govern' function establishes the institutional foundation for safe AI. Sub-category Govern 1.1 specifically mandates that legal and regulatory AI requirements are identified, documented, and actively managed.", "endpoint": "/api/v1/nodes/nist-ai-rmf-govern.json" }, { "id": "nist-ai-rmf-manage", "title": "NIST AI RMF: Response", "category": "AI Governance & Law", "bluf": "NIST AI RMF MANAGE is the action function of the AI Risk Management Framework (NIST AI 100-1, January 2023). It converts the risk assessments produced by MAP and MEASURE into concrete treatment decisions: accept, mitigate, transfer, or avoid. MANAGE specifies how AI risk responses are planned, resou", "endpoint": "/api/v1/nodes/nist-ai-rmf-manage.json" }, { "id": "nist-ai-rmf-map", "title": "NIST AI RMF: Risk Context", "category": "AI Governance & Law", "bluf": "NIST AI RMF MAP is the discovery function of the AI Risk Management Framework (NIST AI 100-1, January 2023). It establishes the context for each AI system — its intended use, deployment environment, affected stakeholders, and the categories of risk that apply. MAP must be completed before MEASURE or", "endpoint": "/api/v1/nodes/nist-ai-rmf-map.json" }, { "id": "nist-ai-rmf-measure", "title": "NIST AI RMF: Metrics", "category": "AI Governance & Law", "bluf": "NIST AI RMF MEASURE is the evaluation function of the AI Risk Management Framework (NIST AI 100-1, January 2023). It converts the context established in MAP into quantitative and qualitative assessments of AI risk using appropriate tools, metrics, and methodologies. MEASURE determines the actual sev", "endpoint": "/api/v1/nodes/nist-ai-rmf-measure.json" }, { "id": "nist-contingency-planning-federal-systems", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-34, Rev. 1, provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to interim measures to recover information system services after a disruption, which may include relocation to an alter", "endpoint": "/api/v1/nodes/nist-contingency-planning-federal-systems.json" }, { "id": "nist-cswp-30-automation-support", "title": "Automation Support for Control Assessments: Project Update and Vision", "category": "AI Governance & Law", "bluf": "NIST Interagency Report (IR) 8011 is a multi-volume series that provides a blueprint for supporting automated control assessments. It proposes an approach for creating specific tests, denominated as 'defect checks,' that can be executed using automation to verify that controls are in place and opera", "endpoint": "/api/v1/nodes/nist-cswp-30-automation-support.json" }, { "id": "nist-cswp-34-telehealth-smart-home", "title": "Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration", "category": "Cybersecurity", "bluf": "Hospital-at-Home (HaH) solutions, a form of telehealth providing in-patient level care within patients' residences, introduce significant privacy and cybersecurity risks by placing hospital-grade medical or biometric devices and information systems outside of a hospital's direct control. These risks", "endpoint": "/api/v1/nodes/nist-cswp-34-telehealth-smart-home.json" }, { "id": "nist-cswp-36b-hardware-enabled-security-5g", "title": "Using Hardware-Enabled Security to Ensure 5G System Platform Integrity: Applying 5G Cybersecurity and Privacy Capabilities", "category": "Cybersecurity", "bluf": "This white paper provides an overview and an example of employing hardware-enabled security capabilities to provision, measure, attest to, and enforce the integrity of the compute platform to foster trust in a 5G system’s server infrastructure. As 5G systems adopt cloud-native technologies on commod", "endpoint": "/api/v1/nodes/nist-cswp-36b-hardware-enabled-security-5g.json" }, { "id": "nist-cybersecurity-framework-2-0", "title": "The NIST Cybersecurity Framework (CSF) 2.0", "category": "Cybersecurity", "bluf": "The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It is designed to help organizations of all sizes and sectors—including industry, government, academia, and nonprofit—to manage and reduce their cyber", "endpoint": "/api/v1/nodes/nist-cybersecurity-framework-2-0.json" }, { "id": "nist-devsecops-microservices-service-mesh", "title": "Implementation of DevSecOps for a Microservices-based Application with Service Mesh", "category": "Cloud & SaaS", "bluf": "Cloud-native applications have evolved into a standardized architecture consisting of multiple loosely coupled components called microservices, often implemented as containers, supported by an infrastructure for providing application services, such as service mesh. Due to security, business competit", "endpoint": "/api/v1/nodes/nist-devsecops-microservices-service-mesh.json" }, { "id": "nist-fips-186-5-dss", "title": "Digital Signature Standard (DSS)", "category": "Cybersecurity", "bluf": "This standard specifies a suite of algorithms that can be used to generate a digital signature for applications requiring a digital signature rather than a written signature. Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. T", "endpoint": "/api/v1/nodes/nist-fips-186-5-dss.json" }, { "id": "nist-guidelines-mobile-device-forensics", "title": "Guidelines on Mobile Device Forensics", "category": "Cybersecurity", "bluf": "Mobile device forensics is the science of recovering digital evidence from a mobile device under forensically sound conditions using accepted methods. This guide discusses procedures for the preservation, acquisition, examination, analysis, and reporting of digital evidence. The guide is intended to", "endpoint": "/api/v1/nodes/nist-guidelines-mobile-device-forensics.json" }, { "id": "nist-ir-7622-scrm-practices", "title": "Notional Supply Chain Risk Management Practices for Federal Information Systems", "category": "Cybersecurity", "bluf": "This publication provides a notional set of repeatable and commercially reasonable supply chain assurance methods and practices to help federal departments and agencies mitigate supply chain risk to federal information systems. It is intended for a diverse federal audience, including mission/busines", "endpoint": "/api/v1/nodes/nist-ir-7622-scrm-practices.json" }, { "id": "nist-ir-7628-smart-grid-cybersecurity", "title": "Guidelines for Smart Grid Cybersecurity, Volume 1 - Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements", "category": "Cybersecurity", "bluf": "This three-volume report, Guidelines for Smart Grid Cybersecurity, presents an analytical framework that organizations can use to develop effective cybersecurity strategies tailored to their particular combinations of smart grid-related characteristics, risks, and vulnerabilities. Organizations in t", "endpoint": "/api/v1/nodes/nist-ir-7628-smart-grid-cybersecurity.json" }, { "id": "nist-ir-8011-v1-automated-assessments", "title": "Automation Support for Security Control Assessments Volume 1: Overview", "category": "Cybersecurity", "bluf": "This volume introduces concepts to support automated assessment of security controls detailed in NIST Special Publication (SP) 800-53. The ability to assess all implemented information security controls as frequently as needed using manual procedural methods is impractical for most organizations due", "endpoint": "/api/v1/nodes/nist-ir-8011-v1-automated-assessments.json" }, { "id": "nist-ir-8062-privacy-engineering", "title": "NISTIR 8062 An Introduction to Privacy Engineering and Risk Management in Federal Systems", "category": "Cybersecurity", "bluf": "This publication provides an introduction to how systems engineering and risk management can be used to develop more trustworthy systems that include privacy as an integral attribute. It is intended for federal agencies that need repeatable and measurable approaches to bridge the distance between hi", "endpoint": "/api/v1/nodes/nist-ir-8062-privacy-engineering.json" }, { "id": "nist-ir-8176-linux-container-security", "title": "Security Assurance Requirements for Linux Application Container Deployments", "category": "Cybersecurity", "bluf": "This document outlines security assurance requirements for security solutions implemented in Linux application container platforms. To assess the effectiveness of security solutions, it is necessary to analyze those solutions and detail the metrics they must satisfy in the form of security assurance", "endpoint": "/api/v1/nodes/nist-ir-8176-linux-container-security.json" }, { "id": "nist-ir-8202-blockchain-overview", "title": "NISTIR 8202 Blockchain Technology Overview", "category": "AI Governance & Law", "bluf": "Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions ", "endpoint": "/api/v1/nodes/nist-ir-8202-blockchain-overview.json" }, { "id": "nist-ir-8259b-iot-non-technical-baseline", "title": "IoT Non-Technical Supporting Capability Core Baseline", "category": "Cybersecurity", "bluf": "This publication defines an Internet of Things (IoT) device manufacturers’ non-technical supporting capability core baseline, which is a set of non-technical supporting capabilities generally needed from manufacturers or other third parties to support common cybersecurity controls that protect an or", "endpoint": "/api/v1/nodes/nist-ir-8259b-iot-non-technical-baseline.json" }, { "id": "nist-ir-8276-cyber-scrm-practices", "title": "Key Practices in Cyber Supply Chain Risk Management: Observations from Industry", "category": "Cybersecurity", "bluf": "In today’s highly connected, interdependent world, all organizations rely on others for critical products and services. The reality of globalization has resulted in a world where organizations no longer fully control—and often do not have full visibility into—the supply ecosystems of the products th", "endpoint": "/api/v1/nodes/nist-ir-8276-cyber-scrm-practices.json" }, { "id": "nist-ir-8286a-cybersecurity-risk", "title": "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management", "category": "Cybersecurity", "bluf": "This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. The report offers examples and information to illustrate risk tolerance, risk appe", "endpoint": "/api/v1/nodes/nist-ir-8286a-cybersecurity-risk.json" }, { "id": "nist-ir-8286b-prioritizing-cybersecurity-risk", "title": "Prioritizing Cybersecurity Risk for Enterprise Risk Management", "category": "Cybersecurity", "bluf": "This document provides supplemental guidance for aligning cybersecurity risks with an organization’s overall Enterprise Risk Management (ERM) program. It is the second publication in a series that supplements NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report de", "endpoint": "/api/v1/nodes/nist-ir-8286b-prioritizing-cybersecurity-risk.json" }, { "id": "nist-ir-8286c-staging-cybersecurity-risks", "title": "Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight", "category": "Cybersecurity", "bluf": "This document supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). It explores methods for integrating disparate cybersecurity risk management (CSRM) information from throughout an enterprise to create a composite Enterprise Risk", "endpoint": "/api/v1/nodes/nist-ir-8286c-staging-cybersecurity-risks.json" }, { "id": "nist-ir-8286d-bia-for-risk", "title": "Using Business Impact Analysis to Inform Risk Prioritization and Response", "category": "Cybersecurity", "bluf": "This publication describes how a business impact analysis (BIA), historically used for determining availability requirements for business continuity, can be extended to provide a broad understanding of the potential impacts of any type of loss on an enterprise mission. The management of enterprise r", "endpoint": "/api/v1/nodes/nist-ir-8286d-bia-for-risk.json" }, { "id": "nist-ir-8374-ransomware-risk-management", "title": "Ransomware Risk Management: A Cybersecurity Framework Profile", "category": "Cybersecurity", "bluf": "Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information. This Ransomware Profile identifies the C", "endpoint": "/api/v1/nodes/nist-ir-8374-ransomware-risk-management.json" }, { "id": "nist-ir-8413-pqc-third-round", "title": "Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process", "category": "Aviation Defense & Quantum", "bluf": "The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorith", "endpoint": "/api/v1/nodes/nist-ir-8413-pqc-third-round.json" }, { "id": "nist-ir-8425-iot-core-baseline-profile", "title": "Profile of the IoT Core Baseline for Consumer IoT Products", "category": "Cybersecurity", "bluf": "This publication documents the consumer profile of NIST’s Internet of Things (IoT) core baseline and identifies cybersecurity capabilities commonly needed for the consumer IoT sector (i.e., IoT products for home or personal use). It can also be a starting point for businesses to consider in the purc", "endpoint": "/api/v1/nodes/nist-ir-8425-iot-core-baseline-profile.json" }, { "id": "nist-ir-8432-genomic-data", "title": "Cybersecurity of Genomic Data", "category": "Medical & Healthcare", "bluf": "This report describes current practices in cybersecurity and privacy risk management for protecting genomic data. Genomic data's unique characteristics, such as being immutable and containing information about kinship and health, raise cybersecurity and privacy concerns that are inadequately address", "endpoint": "/api/v1/nodes/nist-ir-8432-genomic-data.json" }, { "id": "nist-ir-8441-hsn-profile", "title": "Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN)", "category": "Cybersecurity", "bluf": "The space sector is transitioning towards Hybrid Satellite Networks (HSN), which are an aggregation of independently owned and operated terminals, antennas, satellites, payloads, or other components that comprise a satellite system. An HSN may interact with government systems and critical infrastruc", "endpoint": "/api/v1/nodes/nist-ir-8441-hsn-profile.json" }, { "id": "nist-ir-8547-pqc-transition", "title": "Transition to Post-Quantum Cryptography Standards", "category": "Aviation Defense & Quantum", "bluf": "This report describes NIST’s expected approach to transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature algorithms and key-establishment schemes. It identifies existing quantum-vulnerable cryptographic standards and the quantum-resistant standards to which ", "endpoint": "/api/v1/nodes/nist-ir-8547-pqc-transition.json" }, { "id": "nist-language-of-trustworthy-ai", "title": "The Language of Trustworthy AI: An In-Depth Glossary of Terms", "category": "AI Governance & Law", "bluf": "This document is a guide and record of the development for the NIST (National Institute of Standards and Technology) glossary of terms for trustworthy and responsible artificial intelligence (AI) and machine learning (ML). The glossary effort seeks to promote a shared understanding and improved comm", "endpoint": "/api/v1/nodes/nist-language-of-trustworthy-ai.json" }, { "id": "nist-mobile-device-security-enterprise", "title": "Guidelines for Managing the Security of Mobile Devices in the Enterprise", "category": "Cybersecurity", "bluf": "This publication assists organizations in managing and securing mobile devices by describing available technologies and strategies. As mobile devices perform everyday enterprise tasks, they regularly process, modify, and store sensitive data, bringing unique threats to the enterprise. To reduce the ", "endpoint": "/api/v1/nodes/nist-mobile-device-security-enterprise.json" }, { "id": "nist-pqc-third-round-report", "title": "Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process", "category": "Aviation Defense & Quantum", "bluf": "The National Institute of Standards and Technology (NIST) is in the process of selecting public-key cryptographic algorithms through a public, competition-like process to protect sensitive information well into the foreseeable future, including after the advent of quantum computers. The new public-k", "endpoint": "/api/v1/nodes/nist-pqc-third-round-report.json" }, { "id": "nist-recommendation-key-management-pt3", "title": "Recommendation for Key Management Part 3: Application-Specific Key Management Guidance", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-57 Part 3 provides application-specific cryptographic key management guidance, intended primarily for system administrators, system installers, and end users to adequately secure applications based on product availability and organizational needs. This document addresses", "endpoint": "/api/v1/nodes/nist-recommendation-key-management-pt3.json" }, { "id": "nist-sp-1270-managing-ai-bias", "title": "Towards a Standard for Identifying and Managing Bias in Artificial Intelligence", "category": "AI Governance & Law", "bluf": "This special publication describes the challenges of bias in artificial intelligence and provides examples of how and why it can erode public trust. It identifies three categories of bias in AI—systemic, statistical, and human—and describes how and where they contribute to harms. The document also d", "endpoint": "/api/v1/nodes/nist-sp-1270-managing-ai-bias.json" }, { "id": "nist-sp-1800-1-securing-ehr-mobile", "title": "NIST SPECIAL PUBLICATION 1800-1 Securing Electronic Health Records on Mobile Devices", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide provides a modular, open, end-to-end reference design demonstrating how healthcare organizations can more securely share patient information among caregivers using mobile devices. It shows how security engineers and IT professionals, using commercially availabl", "endpoint": "/api/v1/nodes/nist-sp-1800-1-securing-ehr-mobile.json" }, { "id": "nist-sp-1800-10-ics-integrity", "title": "Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector", "category": "Cybersecurity", "bluf": "Many manufacturing organizations rely on industrial control systems (ICS) to monitor and control their machinery, production lines, and other physical processes that produce goods. As OT and IT systems become increasingly interconnected, manufacturers have become a major target of more widespread an", "endpoint": "/api/v1/nodes/nist-sp-1800-10-ics-integrity.json" }, { "id": "nist-sp-1800-11-data-integrity", "title": "NIST SPECIAL PUBLICATION 1800-11 Data Integrity Recovering from Ransomware and Other Destructive Events", "category": "Cybersecurity", "bluf": "Destructive malware, ransomware, malicious insider activity, and even honest mistakes all set the stage for why organizations need to quickly recover from an event that alters or destroys data. Businesses must be confident that recovered data is accurate and safe. When data integrity events occur, o", "endpoint": "/api/v1/nodes/nist-sp-1800-11-data-integrity.json" }, { "id": "nist-sp-1800-12-derived-piv", "title": "Derived Personal Identity Verification (PIV) Credentials", "category": "Cybersecurity", "bluf": "Access to federal information systems relies on strong authentication of the user with a Personal Identity Verification (PIV) Card, a smart card containing identifying information. However, access to information systems is increasingly from mobile phones and tablets that lack integrated smart card r", "endpoint": "/api/v1/nodes/nist-sp-1800-12-derived-piv.json" }, { "id": "nist-sp-1800-13-mobile-sso", "title": "Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders", "category": "Cybersecurity", "bluf": "On-demand access to public safety data is critical to ensuring that public safety and first responders (PSFRs) can protect life and property during an emergency. This information, often accessed via mobile devices, includes sensitive data requiring robust authentication. In collaboration with indust", "endpoint": "/api/v1/nodes/nist-sp-1800-13-mobile-sso.json" }, { "id": "nist-sp-1800-14-bgp-rov", "title": "NIST SPECIAL PUBLICATION 1800-14 Protecting the Integrity of Internet Routing: Border Gateway Protocol (BGP) Route Origin Validation", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide demonstrates how networks can protect Border Gateway Protocol (BGP) routes from vulnerability to route hijacks by using available security protocols, products, and tools to perform BGP route origin validation (ROV). BGP, the protocol used by internet service pr", "endpoint": "/api/v1/nodes/nist-sp-1800-14-bgp-rov.json" }, { "id": "nist-sp-1800-15-iot-mud", "title": "NIST SPECIAL PUBLICATION 1800-15 Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)", "category": "Cybersecurity", "bluf": "The rapid growth of Internet of Things (IoT) devices is a cause for concern because they are tempting targets for attackers, often having minimal security, unpatched software flaws, and constraints that make them challenging to secure. The consequences can be catastrophic, as malicious actors can de", "endpoint": "/api/v1/nodes/nist-sp-1800-15-iot-mud.json" }, { "id": "nist-sp-1800-16-tls-certificate-management", "title": "NIST SPECIAL PUBLICATION 1800-16 Securing Web Transactions TLS Server Certificate Management", "category": "Cybersecurity", "bluf": "Transport Layer Security (TLS) server certificates are critical to the security of both internet-facing and private web services. Many organizations, especially large- or medium-scale enterprises with thousands of certificates, lack a formal TLS certificate management program and do not have the abi", "endpoint": "/api/v1/nodes/nist-sp-1800-16-tls-certificate-management.json" }, { "id": "nist-sp-1800-17-mfa-ecommerce", "title": "NIST SPECIAL PUBLICATION 1800-17 Multifactor Authentication for E-Commerce: Risk-Based, FIDO Universal Second Factor Implementations for Purchasers", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide demonstrates how online retailers can implement multifactor authentication (MFA) to help reduce electronic commerce (e-commerce) fraud. MFA is a security enhancement that allows a user to present several pieces of evidence when logging into an account, which mu", "endpoint": "/api/v1/nodes/nist-sp-1800-17-mfa-ecommerce.json" }, { "id": "nist-sp-1800-19-trusted-cloud", "title": "Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments", "category": "Cybersecurity", "bluf": "This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide demonstrates how organizations can implement trusted compute pools to safeguard the security and privacy of their applications and data being run within a cloud or being transferred between a private cloud and a ", "endpoint": "/api/v1/nodes/nist-sp-1800-19-trusted-cloud.json" }, { "id": "nist-sp-1800-21-cope", "title": "NIST SPECIAL PUBLICATION 1800-21 Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards-based, commercially available products to help meet their Corporate-Owned Personally-Enabled (COPE) mobile device security and privacy needs. COPE devices are owned by the enterprise, issued to the employee, and ", "endpoint": "/api/v1/nodes/nist-sp-1800-21-cope.json" }, { "id": "nist-sp-1800-22-byod", "title": "NIST SPECIAL PUBLICATION 1800-22 Mobile Device Security: Bring Your Own Device (BYOD)", "category": "Cybersecurity", "bluf": "This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide provides an example solution demonstrating how organizations can use standards-based, commercially available products to enhance security and privacy for Bring Your Own Device (BYOD) deployments on Android and Ap", "endpoint": "/api/v1/nodes/nist-sp-1800-22-byod.json" }, { "id": "nist-sp-1800-23-energy-asset-management", "title": "Energy Sector Asset Management For Electric Utilities, Oil & Gas Industry", "category": "Cybersecurity", "bluf": "As critical infrastructures, the incapacitation or destruction of assets in the energy sector, including electric utilities and the oil and gas industry, could have serious negative effects on the economy, public health, and safety. A primary challenge for these organizations is maintaining an updat", "endpoint": "/api/v1/nodes/nist-sp-1800-23-energy-asset-management.json" }, { "id": "nist-sp-1800-24-securing-pacs", "title": "NIST SPECIAL PUBLICATION 1800-24 Securing Picture Archiving and Communication System (PACS): Cybersecurity for the Healthcare Sector", "category": "Cybersecurity", "bluf": "This guide details how the National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment to emulate a medical imaging environment, performed a risk assessment, and identified controls from the NIST Cybersecurity Framework to secure a medical imaging ecosystem. The projec", "endpoint": "/api/v1/nodes/nist-sp-1800-24-securing-pacs.json" }, { "id": "nist-sp-1800-25-data-integrity", "title": "NIST SPECIAL PUBLICATION 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions before a detected data integrity cybersecurity event. The guide focuses on data integrity: the property that data has not been altered in an unauthorized manner, covering data in stora", "endpoint": "/api/v1/nodes/nist-sp-1800-25-data-integrity.json" }, { "id": "nist-sp-1800-28-data-confidentiality", "title": "NIST SPECIAL PUBLICATION 1800-28 Data Confidentiality: Identifying and Protecting Assets Against Data Breaches", "category": "Cybersecurity", "bluf": "This guide helps organizations implement strategies to prevent data confidentiality attacks by demonstrating how to develop and implement appropriate actions to identify and protect data against a confidentiality cybersecurity event. An organization must protect its information from unauthorized acc", "endpoint": "/api/v1/nodes/nist-sp-1800-28-data-confidentiality.json" }, { "id": "nist-sp-1800-29-data-breaches", "title": "NIST SPECIAL PUBLICATION 1800-29 Data Confidentiality: Detect, Respond to, and Recover from Data Breaches", "category": "Cybersecurity", "bluf": "An organization must protect its information from unauthorized access and disclosure, as data breaches can have far-reaching operational, financial, and reputational impacts. In the event of a data breach, data confidentiality can be compromised via unauthorized exfiltration, leaking, or spills of d", "endpoint": "/api/v1/nodes/nist-sp-1800-29-data-breaches.json" }, { "id": "nist-sp-1800-32-securing-ders", "title": "Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity", "category": "Cybersecurity", "bluf": "This practice guide from the National Cybersecurity Center of Excellence (NCCoE) applies standards, best practices, and commercially available technology to protect the digital communication, data, and control of cyber-physical grid-edge devices. It addresses the challenge that the growing use of sm", "endpoint": "/api/v1/nodes/nist-sp-1800-32-securing-ders.json" }, { "id": "nist-sp-1800-35-zero-trust-architecture", "title": "NIST SPECIAL PUBLICATION 1800-35 Implementing a Zero Trust Architecture: High-Level Document", "category": "Cybersecurity", "bluf": "A zero trust architecture (ZTA) is an enterprise cybersecurity architecture based on zero trust principles, such as those outlined in NIST Special Publication (SP) 800-207, designed to prevent data breaches and limit internal lateral movement. This guide is intended to help organizations gradually e", "endpoint": "/api/v1/nodes/nist-sp-1800-35-zero-trust-architecture.json" }, { "id": "nist-sp-1800-4-mobile-device-security", "title": "NIST SPECIAL PUBLICATION 1800-4 Mobile Device Security Cloud and Hybrid Builds", "category": "Cybersecurity", "bluf": "This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide addresses the challenge of securely deploying and managing mobile devices in an enterprise. In many organizations, mobile devices are adopted on an ad hoc basis, possibly without the appropriate policies and infr", "endpoint": "/api/v1/nodes/nist-sp-1800-4-mobile-device-security.json" }, { "id": "nist-sp-1800-5-it-asset-management", "title": "NIST SPECIAL PUBLICATION 1800-5 IT Asset Management", "category": "Cybersecurity", "bluf": "This NIST Cybersecurity Practice Guide offers a proof-of-concept solution for financial services companies to more securely and efficiently monitor and manage their information technology (IT) assets. The guide details an example solution using open source and commercially available products that ca", "endpoint": "/api/v1/nodes/nist-sp-1800-5-it-asset-management.json" }, { "id": "nist-sp-1800-6-email-security", "title": "Domain Name System-Based Electronic Mail Security", "category": "Cybersecurity", "bluf": "This guide details proof-of-concept security platforms that demonstrate trustworthy email exchanges across organizational boundaries for both public and private-sector business operations. The project's goals include the authentication of mail transfer agents, signing and encryption of email, and bi", "endpoint": "/api/v1/nodes/nist-sp-1800-6-email-security.json" }, { "id": "nist-sp-1800-7-electric-utilities", "title": "NIST SPECIAL PUBLICATION 1800-7 Situational Awareness For Electric Utilities", "category": "Cybersecurity", "bluf": "Through direct dialogue between NCCoE staff and members of the energy sector it became clear that energy companies need to create and maintain a high level of visibility into their operating environments to ensure the security of their operational resources (operational technology [OT]), including i", "endpoint": "/api/v1/nodes/nist-sp-1800-7-electric-utilities.json" }, { "id": "nist-sp-1800-8-infusion-pumps", "title": "NIST SPECIAL PUBLICATION 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations", "category": "Cybersecurity", "bluf": "Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements, these devices now connect wirelessly to a variety of systems within a healthcare delivery organization (HDO), contributing to the Inte", "endpoint": "/api/v1/nodes/nist-sp-1800-8-infusion-pumps.json" }, { "id": "nist-sp-800-100-security-handbook", "title": "Information Security Handbook: A Guide for Managers", "category": "Cybersecurity", "bluf": "This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. The guidance is intended for agency heads, chief information officers (CIOs), senior agency inform", "endpoint": "/api/v1/nodes/nist-sp-800-100-security-handbook.json" }, { "id": "nist-sp-800-108r1-key-derivation", "title": "Recommendation for Key Derivation Using Pseudorandom Functions", "category": "Cybersecurity", "bluf": "This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key-establishment scheme or shared through some other manner, using pseudorandom functions (PRFs): HMAC, CMAC, and KMAC. The key-derivation functions (KDFs) can b", "endpoint": "/api/v1/nodes/nist-sp-800-108r1-key-derivation.json" }, { "id": "nist-sp-800-113-guide-ssl-vpns", "title": "Guide to SSL VPNs", "category": "Cybersecurity", "bluf": "Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization’s resources. A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two end", "endpoint": "/api/v1/nodes/nist-sp-800-113-guide-ssl-vpns.json" }, { "id": "nist-sp-800-114-r1-byod-security", "title": "User’s Guide to Telework and Bring Your Own Device (BYOD) Security", "category": "Cybersecurity", "bluf": "This publication provides recommendations for securing Bring Your Own Device (BYOD) devices used for telework and remote access, as well as those directly attached to the enterprise’s own networks. It applies to an organization’s employees, contractors, business partners, vendors, and other users wh", "endpoint": "/api/v1/nodes/nist-sp-800-114-r1-byod-security.json" }, { "id": "nist-sp-800-115-security-testing", "title": "Technical Guide to Information Security Testing and Assessment", "category": "Cybersecurity", "bluf": "An information security assessment is the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person) meets specific security objectives. This document provides a guide to the basic technical aspects of conducting information security assessments,", "endpoint": "/api/v1/nodes/nist-sp-800-115-security-testing.json" }, { "id": "nist-sp-800-121r2-bluetooth-security", "title": "Guide to Bluetooth Security", "category": "Cybersecurity", "bluf": "Bluetooth wireless technology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and has been integrated into many types of business and consumer devices. This publication provides information on the security capabil", "endpoint": "/api/v1/nodes/nist-sp-800-121r2-bluetooth-security.json" }, { "id": "nist-sp-800-123-server-security", "title": "Special Publication 800-123 Guide to General Server Security", "category": "Cybersecurity", "bluf": "This publication addresses the general security issues of typical servers, assisting organizations in installing, configuring, and maintaining them securely. Servers are frequently targeted by attackers due to the value of their data and services, which can include personally identifiable informatio", "endpoint": "/api/v1/nodes/nist-sp-800-123-server-security.json" }, { "id": "nist-sp-800-128-config-management", "title": "Guide for Security-Focused Configuration Management of Information Systems", "category": "Cybersecurity", "bluf": "This guide provides guidelines for organizations responsible for managing and administering the security of federal information systems and associated environments of operation. The focus of this document is on implementation of the information system security aspects of configuration management, re", "endpoint": "/api/v1/nodes/nist-sp-800-128-config-management.json" }, { "id": "nist-sp-800-12r1-intro-infosec", "title": "An Introduction to Information Security (NIST Special Publication 800-12 Revision 1)", "category": "Cybersecurity", "bluf": "This publication serves as a starting-point for those new to information security and for those unfamiliar with NIST information security publications and guidelines. Its intent is to provide a high-level overview of information security principles by introducing related concepts and the security co", "endpoint": "/api/v1/nodes/nist-sp-800-12r1-intro-infosec.json" }, { "id": "nist-sp-800-131a-rev-2-crypto-transitions", "title": "Transitioning the Use of Cryptographic Algorithms and Key Lengths", "category": "Cybersecurity", "bluf": "This Recommendation (SP 800-131A) provides specific guidance for transitions to the use of stronger cryptographic keys and more robust algorithms for Federal Government agencies protecting sensitive, but unclassified information. The document addresses the use of algorithms and key lengths specified", "endpoint": "/api/v1/nodes/nist-sp-800-131a-rev-2-crypto-transitions.json" }, { "id": "nist-sp-800-132-pbkdf", "title": "NIST Special Publication 800-132 Recommendation for Password-Based Key Derivation Part 1: Storage Applications", "category": "Cybersecurity", "bluf": "This Recommendation specifies techniques for the derivation of master keys from passwords or passphrases to protect stored electronic data or data protection keys. Due to the low entropy and possibly poor randomness of passwords, they are not suitable to be used directly as cryptographic keys. This ", "endpoint": "/api/v1/nodes/nist-sp-800-132-pbkdf.json" }, { "id": "nist-sp-800-140-dtr", "title": "FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759", "category": "Cybersecurity", "bluf": "NIST Special Publication (SP) 800-140 specifies the modifications of the Derived Test Requirements (DTR) for Federal Information Processing Standard (FIPS) 140-3. It modifies the test (TE) and vendor (VE) evidence requirements of International Organization for Standardization/International Electrote", "endpoint": "/api/v1/nodes/nist-sp-800-140-dtr.json" }, { "id": "nist-sp-800-144-cloud-computing", "title": "Guidelines on Security and Privacy in Public Cloud Computing", "category": "Cybersecurity", "bluf": "This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment. The primary purpose of this report is to des", "endpoint": "/api/v1/nodes/nist-sp-800-144-cloud-computing.json" }, { "id": "nist-sp-800-145-cloud-computing", "title": "The NIST Definition of Cloud Computing", "category": "Cloud & SaaS", "bluf": "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider", "endpoint": "/api/v1/nodes/nist-sp-800-145-cloud-computing.json" }, { "id": "nist-sp-800-146-cloud-recommendations", "title": "Cloud Computing Synopsis and Recommendations", "category": "Cloud & SaaS", "bluf": "This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and ri", "endpoint": "/api/v1/nodes/nist-sp-800-146-cloud-recommendations.json" }, { "id": "nist-sp-800-152-key-management", "title": "A Profile for U.S. Federal Cryptographic Key Management Systems", "category": "Cybersecurity", "bluf": "This Profile for U.S. Federal Cryptographic Key Management Systems (FCKMSs) contains requirements for their design, implementation, procurement, installation, configuration, management, operation, and use by U.S. Federal organizations. It is intended to assist CKMS designers and implementers in sele", "endpoint": "/api/v1/nodes/nist-sp-800-152-key-management.json" }, { "id": "nist-sp-800-160-v1r1", "title": "Engineering Trustworthy Secure Systems", "category": "Cybersecurity", "bluf": "This publication describes a basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. These can be effectively applied within systems engineering efforts to foster a common mindset to deliver security for any system, regardless of its purpose, ty", "endpoint": "/api/v1/nodes/nist-sp-800-160-v1r1.json" }, { "id": "nist-sp-800-160-v2r1", "title": "NIST Special Publication 800-160, Volume 2, Revision 1: Developing Cyber-Resilient Systems: A Systems Security Engineering Approach", "category": "Cybersecurity", "bluf": "NIST Special Publication (SP) 800-160, Volume 2, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with resilience engineering and systems security engineering to develop more survivable, trustworthy systems. Cyber resiliency engineer", "endpoint": "/api/v1/nodes/nist-sp-800-160-v2r1.json" }, { "id": "nist-sp-800-161r1-csrm-practices", "title": "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations", "category": "Cybersecurity", "bluf": "This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. It addresses concerns about the risks associated with products and services that may potentially contain malicious funct", "endpoint": "/api/v1/nodes/nist-sp-800-161r1-csrm-practices.json" }, { "id": "nist-sp-800-162-abac", "title": "Guide to Attribute Based Access Control (ABAC) Definition and Considerations", "category": "Cybersecurity", "bluf": "This document provides Federal agencies with a definition of attribute based access control (ABAC), a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some c", "endpoint": "/api/v1/nodes/nist-sp-800-162-abac.json" }, { "id": "nist-sp-800-163r1-mobile-app-vetting", "title": "NIST Special Publication 800-163 Revision 1: Vetting the Security of Mobile Applications", "category": "Cybersecurity", "bluf": "As both public and private organizations rely more on mobile applications, ensuring that they are reasonably free from vulnerabilities and defects is paramount. Mobile apps can pose serious security risks to an organization and its users due to vulnerabilities that may be exploited to steal informat", "endpoint": "/api/v1/nodes/nist-sp-800-163r1-mobile-app-vetting.json" }, { "id": "nist-sp-800-167-application-whitelisting", "title": "Guide to Application Whitelisting", "category": "Cybersecurity", "bluf": "An application whitelist is a list of applications and application components that are authorized to be present or active on a host according to a well-defined baseline. Application whitelisting technologies use these lists to control which applications are permitted to install or execute, with the ", "endpoint": "/api/v1/nodes/nist-sp-800-167-application-whitelisting.json" }, { "id": "nist-sp-800-172-enhanced-security", "title": "Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171", "category": "Cybersecurity", "bluf": "The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the Federal Government to successfully conduct its essential missions and functions. This publication pro", "endpoint": "/api/v1/nodes/nist-sp-800-172-enhanced-security.json" }, { "id": "nist-sp-800-172a-assessment", "title": "Assessing Enhanced Security Requirements for Controlled Unclassified Information", "category": "Cybersecurity", "bluf": "This publication provides federal agencies and nonfederal organizations with assessment procedures to carry out assessments of the requirements in NIST Special Publication 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information (CUI). The protection of CUI in nonfe", "endpoint": "/api/v1/nodes/nist-sp-800-172a-assessment.json" }, { "id": "nist-sp-800-177-trustworthy-email", "title": "NIST Special Publication 800-177 Revision 1 Trustworthy Email", "category": "Cybersecurity", "bluf": "This document provides recommendations and guidelines for enhancing trust in email, applicable to federal IT systems and also useful for small or medium-sized organizations. The primary audience includes enterprise email administrators, information security specialists, and network managers. Given t", "endpoint": "/api/v1/nodes/nist-sp-800-177-trustworthy-email.json" }, { "id": "nist-sp-800-18-r1-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "This guide provides direction for developing system security plans for federal information systems, a requirement of the Office of Management and Budget (OMB) Circular A-130 and the Federal Information Security Management Act (FISMA). The purpose of the system security plan is to provide an overview", "endpoint": "/api/v1/nodes/nist-sp-800-18-r1-security-plans.json" }, { "id": "nist-sp-800-18-r1", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice. The protection of a system must be documented in a system security plan, a requirement of", "endpoint": "/api/v1/nodes/nist-sp-800-18-r1.json" }, { "id": "nist-sp-800-18-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice, and the protection of a system must be documented in a system security plan. This is a re", "endpoint": "/api/v1/nodes/nist-sp-800-18-security-plans.json" }, { "id": "nist-sp-800-181r1-nice-framework", "title": "Workforce Framework for Cybersecurity (NICE Framework)", "category": "Cybersecurity", "bluf": "This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It provides a reference taxonomy—a common language—of cybers", "endpoint": "/api/v1/nodes/nist-sp-800-181r1-nice-framework.json" }, { "id": "nist-sp-800-183-networks-of-things", "title": "NIST Special Publication 800-183 Networks of ‘Things’", "category": "Cybersecurity", "bluf": "This document offers an underlying and foundational understanding of the Internet of Things (IoT) based on the realization that IoT involves sensing, computing, communication, and actuation. It presents five core primitives as the basic building blocks for a Network of ‘Things’ (NoT), which includes", "endpoint": "/api/v1/nodes/nist-sp-800-183-networks-of-things.json" }, { "id": "nist-sp-800-184-event-recovery", "title": "Guide for Cybersecurity Event Recovery", "category": "Cybersecurity", "bluf": "In light of an increasing number of cybersecurity events, organizations can improve resilience by ensuring that their risk management processes include comprehensive recovery planning. Although there are existing federal policies, standards, and guidelines on cyber event handling, none of them focus", "endpoint": "/api/v1/nodes/nist-sp-800-184-event-recovery.json" }, { "id": "nist-sp-800-185-sha3-derived-functions", "title": "SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash", "category": "Cybersecurity", "bluf": "This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security ", "endpoint": "/api/v1/nodes/nist-sp-800-185-sha3-derived-functions.json" }, { "id": "nist-sp-800-186-elliptic-curves", "title": "Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters", "category": "Cybersecurity", "bluf": "This Recommendation specifies the set of elliptic curves recommended for U.S. Government use. It provides updated specifications of elliptic curves appropriate for digital signatures and key agreement schemes, intended for implementers of cryptographic systems. In addition to previously recommended ", "endpoint": "/api/v1/nodes/nist-sp-800-186-elliptic-curves.json" }, { "id": "nist-sp-800-188-de-identification", "title": "De-Identifying Government Datasets: Techniques and Governance", "category": "Cybersecurity", "bluf": "De-identification is a general term for any process of removing the association between a set of identifying data and the data subject. This document, NIST SP 800-188, provides specific guidance to U.S. government agencies that wish to use de-identification to make government datasets available whil", "endpoint": "/api/v1/nodes/nist-sp-800-188-de-identification.json" }, { "id": "nist-sp-800-18r1-security-plans-federal-systems", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection, which must be documented in a system security plan. This is a requirement of the Office of Management and Budget (OMB) Circul", "endpoint": "/api/v1/nodes/nist-sp-800-18r1-security-plans-federal-systems.json" }, { "id": "nist-sp-800-18r1-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. The protection of a system must be documented in a system security plan, a requirement of OMB Circular A-130 and the Federal Information Security Management Act (FISMA). This guidance applies to all f", "endpoint": "/api/v1/nodes/nist-sp-800-18r1-security-plans.json" }, { "id": "nist-sp-800-190-container-security", "title": "Application Container Security Guide", "category": "Cybersecurity", "bluf": "Application container technologies are a form of operating system virtualization combined with application software packaging that provide a portable, reusable, and automatable way to package and run applications. This publication explains the potential security concerns associated with the use of c", "endpoint": "/api/v1/nodes/nist-sp-800-190-container-security.json" }, { "id": "nist-sp-800-193-firmware-resiliency", "title": "NIST Special Publication 800-193 Platform Firmware Resiliency Guidelines", "category": "Cybersecurity", "bluf": "This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platfo", "endpoint": "/api/v1/nodes/nist-sp-800-193-firmware-resiliency.json" }, { "id": "nist-sp-800-204b-abac-microservices", "title": "Attribute-based Access Control for Microservices-based Applications Using a Service Mesh", "category": "Cloud & SaaS", "bluf": "With the disappearance of a network perimeter due to the need to provide ubiquitous access to applications from multiple remote locations using different types of devices, it is necessary to build the concept of zero trust into the application environment. Two critical security requirements in this ", "endpoint": "/api/v1/nodes/nist-sp-800-204b-abac-microservices.json" }, { "id": "nist-sp-800-204b-abac", "title": "Attribute-based Access Control for Microservices-based Applications Using a Service Mesh", "category": "Cloud & SaaS", "bluf": "This document provides deployment guidance for building an authentication and authorization framework within a service mesh for microservices-based applications. In modern cloud-native architectures featuring loosely coupled microservices, it is necessary to build the concept of zero trust into the ", "endpoint": "/api/v1/nodes/nist-sp-800-204b-abac.json" }, { "id": "nist-sp-800-204c-devsecops-microservices", "title": "Implementation of DevSecOps for a Microservices-based Application with Service Mesh", "category": "Cloud & SaaS", "bluf": "Cloud-native applications have evolved into a standardized architecture consisting of multiple loosely coupled components called microservices that are supported by an infrastructure for providing application services, such as service mesh. In this architecture, the entire set of source code can be ", "endpoint": "/api/v1/nodes/nist-sp-800-204c-devsecops-microservices.json" }, { "id": "nist-sp-800-204d-sssc-devsecops", "title": "Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines", "category": "Cybersecurity", "bluf": "This document outlines strategies for integrating Software Supply Chain (SSC) security assurance measures into Continuous Integration/Continuous Delivery (CI/CD) pipelines to protect the integrity of the underlying activities. The overall goal is to ensure that the CI/CD pipeline activities that tak", "endpoint": "/api/v1/nodes/nist-sp-800-204d-sssc-devsecops.json" }, { "id": "nist-sp-800-205-access-control", "title": "NIST Special Publication 800-205 Attribute Considerations for Access Control Systems", "category": "Cybersecurity", "bluf": "This document provides federal agencies with a guide for implementing attributes in access control systems. Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested ", "endpoint": "/api/v1/nodes/nist-sp-800-205-access-control.json" }, { "id": "nist-sp-800-207", "title": "NIST SP 800-207 — Zero Trust Architecture", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-207 (August 2020) defines Zero Trust Architecture (ZTA) — the security paradigm that shifts from perimeter-based ('castle and moat') defenses to identity-centric, per-session access decisions on all resources. The core principle is 'never trust, always verify': no implic", "endpoint": "/api/v1/nodes/nist-sp-800-207.json" }, { "id": "nist-sp-800-208-stateful-hbs", "title": "Recommendation for Stateful Hash-Based Signature Schemes", "category": "Cybersecurity", "bluf": "This recommendation specifies two stateful hash-based signature (HBS) schemes, the Leighton-Micali Signature (LMS) system and the eXtended Merkle Signature Scheme (XMSS), along with their multi-tree variants, as supplements to FIPS 186. The security of these schemes depends on the security of the un", "endpoint": "/api/v1/nodes/nist-sp-800-208-stateful-hbs.json" }, { "id": "nist-sp-800-209-storage-infrastructure", "title": "Security Guidelines for Storage Infrastructure", "category": "Cybersecurity", "bluf": "This document provides an overview of the evolution of the storage technology landscape, current security threats, and the resultant risks. The primary purpose is to provide a comprehensive set of security recommendations for the current landscape of storage infrastructure, which consists of a mixtu", "endpoint": "/api/v1/nodes/nist-sp-800-209-storage-infrastructure.json" }, { "id": "nist-sp-800-210-cloud-access-control", "title": "General Access Control Guidance for Cloud Systems", "category": "Cloud & SaaS", "bluf": "This document presents cloud access control (AC) characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). The main focus is on technical aspects of access control without", "endpoint": "/api/v1/nodes/nist-sp-800-210-cloud-access-control.json" }, { "id": "nist-sp-800-210-cloud-access", "title": "NIST Special Publication 800-210 General Access Control Guidance for Cloud Systems", "category": "Cloud & SaaS", "bluf": "This document presents cloud access control (AC) characteristics and a set of general access control guidance for cloud service models—IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). The main focus is on technical aspects of access control without ", "endpoint": "/api/v1/nodes/nist-sp-800-210-cloud-access.json" }, { "id": "nist-sp-800-213-iot-guidance", "title": "NIST Special Publication 800-213 IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements", "category": "Cybersecurity", "bluf": "As organizations increasingly use Internet of Things (IoT) devices, care must be taken in their acquisition and implementation. This publication contains background and recommendations to help federal organizations consider how an IoT device they plan to acquire can integrate into a system. It provi", "endpoint": "/api/v1/nodes/nist-sp-800-213-iot-guidance.json" }, { "id": "nist-sp-800-213a-iot-catalog", "title": "NIST Special Publication 800-213A IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog", "category": "Cybersecurity", "bluf": "This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities and non-technical supporting capabilities to help federal organizations determine and establish device cybersecurity requirements. The guidance applies to federal organizations, including information se", "endpoint": "/api/v1/nodes/nist-sp-800-213a-iot-catalog.json" }, { "id": "nist-sp-800-215-secure-enterprise-network", "title": "NIST SP 800-215 Guide to a Secure Enterprise Network Landscape", "category": "Cybersecurity", "bluf": "The enterprise network landscape has undergone tremendous changes due to enterprise access to multiple cloud services, the geographical spread of on-premises IT resources, and the architectural shift from monolithic applications to microservices. These drivers have resulted in the disappearance of a", "endpoint": "/api/v1/nodes/nist-sp-800-215-secure-enterprise-network.json" }, { "id": "nist-sp-800-216-vulnerability-disclosure-guidelines", "title": "Recommendations for Federal Vulnerability Disclosure Guidelines", "category": "Cybersecurity", "bluf": "This document provides guidelines for managing vulnerability disclosure for information systems within the Federal Government, following the IoT Cybersecurity Improvement Act of 2020. It recommends guidance for establishing a federal vulnerability disclosure framework, properly handling vulnerabilit", "endpoint": "/api/v1/nodes/nist-sp-800-216-vulnerability-disclosure-guidelines.json" }, { "id": "nist-sp-800-218-ssdf", "title": "NIST Special Publication 800-218 Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities", "category": "Cybersecurity", "bluf": "This document describes the Secure Software Development Framework (SSDF), a core set of fundamental, sound, high-level practices for secure software development. The framework is intended to be integrated into any existing software development life cycle (SDLC) implementation. The primary audiences ", "endpoint": "/api/v1/nodes/nist-sp-800-218-ssdf.json" }, { "id": "nist-sp-800-218", "title": "NIST SP 800-218 Secure Software Development Framework (SSDF)", "category": "Cybersecurity", "bluf": "Compliance with the NIST SP 800-218 Secure Software Development Framework (SSDF) necessitates a holistic, risk-based approach to software security throughout its lifecycle. This assessment validates the establishment of organizational preparedness (PO) by confirming that `has_defined_security_requir", "endpoint": "/api/v1/nodes/nist-sp-800-218.json" }, { "id": "nist-sp-800-219-macos-mscp", "title": "Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)", "category": "Cybersecurity", "bluf": "This publication introduces the macOS Security Compliance Project (mSCP), an open-source initiative by the National Institute of Standards and Technology (NIST) designed to provide security configuration guidance for Apple macOS in a machine-consumable format. The mSCP provides resources that system", "endpoint": "/api/v1/nodes/nist-sp-800-219-macos-mscp.json" }, { "id": "nist-sp-800-221-ict-risk", "title": "Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio", "category": "Cybersecurity", "bluf": "This publication helps individual organizations within an enterprise improve their Information and Communications Technology (ICT) risk management (ICTRM) to better identify, assess, and manage ICT risks in the context of broader mission and business objectives. It applies to both Federal Government", "endpoint": "/api/v1/nodes/nist-sp-800-221-ict-risk.json" }, { "id": "nist-sp-800-221a-ict-risk-outcomes", "title": "Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio", "category": "Cybersecurity", "bluf": "The increasing frequency, creativity, and severity of technology attacks means that all enterprises should ensure that information and communications technology (ICT) risk is receiving appropriate attention within their enterprise risk management (ERM) programs. Specific types of ICT risk include, b", "endpoint": "/api/v1/nodes/nist-sp-800-221a-ict-risk-outcomes.json" }, { "id": "nist-sp-800-223-hpc-security", "title": "High-Performance Computing Security: Architecture, Threat Analysis, and Security Posture", "category": "Aviation Defense & Quantum", "bluf": "This NIST Special Publication aims to standardize and facilitate the sharing of High-Performance Computing (HPC) security information and knowledge through the development of an HPC system reference architecture and key components, which are introduced as the basics of the HPC system lexicon. The re", "endpoint": "/api/v1/nodes/nist-sp-800-223-hpc-security.json" }, { "id": "nist-sp-800-226-differential-privacy", "title": "Guidelines for Evaluating Differential Privacy Guarantees", "category": "Cybersecurity", "bluf": "This publication describes differential privacy — a PET that quantifies privacy risk to individuals when their data appears in a dataset. Differential privacy was first defined in 2006 as a theoretical framework and is still making the transition from theory to practice. This publication is intended", "endpoint": "/api/v1/nodes/nist-sp-800-226-differential-privacy.json" }, { "id": "nist-sp-800-30-risk-assessment", "title": "Guide for Conducting Risk Assessments", "category": "Cybersecurity", "bluf": "This guide provides a structured approach for conducting risk assessments of federal information systems and organizations, amplifying the guidance in NIST Special Publication 800-39. Risk assessments are a fundamental component of an organizational risk management process, used to identify, estimat", "endpoint": "/api/v1/nodes/nist-sp-800-30-risk-assessment.json" }, { "id": "nist-sp-800-34-contingency-planning-guide", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-34, Rev. 1, provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to interim measures to recover information system services after a disruption. These measures may include relocation of", "endpoint": "/api/v1/nodes/nist-sp-800-34-contingency-planning-guide.json" }, { "id": "nist-sp-800-34-contingency-planning", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-34, Rev. 1 provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to interim measures and a coordinated strategy involving plans, procedures, and technical measures that enable the recov", "endpoint": "/api/v1/nodes/nist-sp-800-34-contingency-planning.json" }, { "id": "nist-sp-800-34-r1", "title": "Contingency Planning Guide for Federal Information Systems", "category": "Cybersecurity", "bluf": "NIST Special Publication 800-34, Rev. 1 provides instructions, recommendations, and considerations for federal information system contingency planning. Contingency planning refers to a coordinated strategy involving interim measures to recover information system services after a disruption. These me", "endpoint": "/api/v1/nodes/nist-sp-800-34-r1.json" }, { "id": "nist-sp-800-39-managing-information-security-risk", "title": "NIST Special Publication 800-39: Managing Information Security Risk: Organization, Mission, and Information System View", "category": "Cybersecurity", "bluf": "This publication provides guidance for an integrated, organization-wide program for managing information security risk to organizational operations, assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. The guidance applies to a", "endpoint": "/api/v1/nodes/nist-sp-800-39-managing-information-security-risk.json" }, { "id": "nist-sp-800-39-managing-risk", "title": "Managing Information Security Risk: Organization, Mission, and Information System View", "category": "Cybersecurity", "bluf": "This guidance provides an integrated, organization-wide program for managing information security risk to organizational operations, assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. It establishes a multi-tiered approach th", "endpoint": "/api/v1/nodes/nist-sp-800-39-managing-risk.json" }, { "id": "nist-sp-800-40r4-enterprise-patch-management", "title": "Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology", "category": "Cybersecurity", "bluf": "Enterprise patch management is the process of identifying, prioritizing, acquiring, installing, and verifying the installation of patches, updates, and upgrades throughout an organization. This process is more important than ever because of the increasing reliance on technology and the shift towards", "endpoint": "/api/v1/nodes/nist-sp-800-40r4-enterprise-patch-management.json" }, { "id": "nist-sp-800-41-r1-firewalls", "title": "Guidelines on Firewalls and Firewall Policy", "category": "Cybersecurity", "bluf": "Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. This guidance provides an overview of firewall technologies, discusses their security capabilities, and makes recommendations for establishing firewall polici", "endpoint": "/api/v1/nodes/nist-sp-800-41-r1-firewalls.json" }, { "id": "nist-sp-800-47-information-exchanges", "title": "Managing the Security of Information Exchanges", "category": "Cybersecurity", "bluf": "This publication provides guidance for managing the security of information exchanges between systems that are owned and operated by different organizations or are within the same organization but with different authorization boundaries. An organization often has mission and business-based needs to ", "endpoint": "/api/v1/nodes/nist-sp-800-47-information-exchanges.json" }, { "id": "nist-sp-800-50r1-learning-program", "title": "Building a Cybersecurity and Privacy Learning Program", "category": "Cybersecurity", "bluf": "This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP). The program is intended to address the needs of large and small organizations and includes cybersecurity and privacy ", "endpoint": "/api/v1/nodes/nist-sp-800-50r1-learning-program.json" }, { "id": "nist-sp-800-52r2-tls-guidelines", "title": "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations", "category": "Cybersecurity", "bluf": "Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards", "endpoint": "/api/v1/nodes/nist-sp-800-52r2-tls-guidelines.json" }, { "id": "nist-sp-800-53-r5", "title": "Security and Privacy Controls for Information Systems and Organizations", "category": "Cybersecurity", "bluf": "This publication provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural d", "endpoint": "/api/v1/nodes/nist-sp-800-53-r5.json" }, { "id": "nist-sp-800-53b-control-baselines", "title": "Control Baselines for Information Systems and Organizations", "category": "Cybersecurity", "bluf": "This publication provides security and privacy control baselines for the Federal Government. It establishes three security control baselines, one for each system impact level—low-impact, moderate-impact, and high-impact—as well as a privacy baseline that is applied to systems irrespective of impact ", "endpoint": "/api/v1/nodes/nist-sp-800-53b-control-baselines.json" }, { "id": "nist-sp-800-56b-key-establishment", "title": "Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography", "category": "Cybersecurity", "bluf": "This Recommendation specifies key-establishment schemes using integer factorization cryptography, in particular, RSA. The schemes are appropriate for use by the U.S. Federal Government to support cryptographic algorithms used in modern applications with automated key-establishment. Both key-agreemen", "endpoint": "/api/v1/nodes/nist-sp-800-56b-key-establishment.json" }, { "id": "nist-sp-800-57-key-management", "title": "Recommendation for Key Management: Part 1 – General", "category": "Cybersecurity", "bluf": "This Recommendation provides cryptographic key-management guidance, focusing on general best practices for the management of cryptographic keying material. The proper management of cryptographic keys is essential to the effective use of cryptography for security, as poor key management may easily co", "endpoint": "/api/v1/nodes/nist-sp-800-57-key-management.json" }, { "id": "nist-sp-800-57-p2-r1", "title": "Recommendation for Key Management: Part 2 – Best Practices for Key Management Organizations", "category": "Cybersecurity", "bluf": "NIST Special Publication (SP) 800-57 provides cryptographic key management guidance. Part 2 of this recommendation identifies the concepts, functions, and elements common to effective systems for the management of symmetric and asymmetric keys. It details the security planning requirements and docum", "endpoint": "/api/v1/nodes/nist-sp-800-57-p2-r1.json" }, { "id": "nist-sp-800-60-v2r1-appendices", "title": "Volume II: Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories", "category": "Cybersecurity", "bluf": "Developed by the National Institute of Standards and Technology (NIST) in response to the Federal Information Security Management Act (FISMA), this guideline assists Federal government agencies in categorizing their information and information systems. Its primary objective is to facilitate the prov", "endpoint": "/api/v1/nodes/nist-sp-800-60-v2r1-appendices.json" }, { "id": "nist-sp-800-61r2-incident-handling", "title": "Computer Security Incident Handling Guide", "category": "Cybersecurity", "bluf": "Computer security incident response has become an important component of information technology (IT) programs. Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. This publicati", "endpoint": "/api/v1/nodes/nist-sp-800-61r2-incident-handling.json" }, { "id": "nist-sp-800-63b-authentication", "title": "Digital Identity Guidelines: Authentication and Lifecycle Management", "category": "Cybersecurity", "bluf": "These guidelines provide technical requirements for federal agencies implementing digital identity services, but may be used by non-governmental organizations on a voluntary basis. The guidelines focus on the authentication of subjects interacting with government systems over open networks, establis", "endpoint": "/api/v1/nodes/nist-sp-800-63b-authentication.json" }, { "id": "nist-sp-800-63b-digital-identity", "title": "NIST Special Publication 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management", "category": "Cybersecurity", "bluf": "These guidelines provide technical requirements for federal agencies implementing digital identity services, focusing on the authentication of subjects interacting with government systems over open networks. The core obligation is to establish that a given claimant is a subscriber who has been previ", "endpoint": "/api/v1/nodes/nist-sp-800-63b-digital-identity.json" }, { "id": "nist-sp-800-70-r4-ncp", "title": "National Checklist Program for IT Products – Guidelines for Checklist Users and Developers", "category": "Cybersecurity", "bluf": "A security configuration checklist (also called a lockdown or hardening guide) is a series of instructions for configuring an IT product to a particular operational environment, verifying its configuration, and identifying unauthorized changes. Using well-written, standardized checklists can markedl", "endpoint": "/api/v1/nodes/nist-sp-800-70-r4-ncp.json" }, { "id": "nist-sp-800-84-tte-programs", "title": "Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities", "category": "Cybersecurity", "bluf": "This document provides guidance on designing, developing, conducting, and evaluating test, training, and exercise (TT&E) events so that organizations can improve their ability to prepare for, respond to, manage, and recover from adverse events that may affect their missions. It is intended for organ", "endpoint": "/api/v1/nodes/nist-sp-800-84-tte-programs.json" }, { "id": "nist-sp-800-86-forensic-techniques", "title": "Guide to Integrating Forensic Techniques into Incident Response", "category": "Cybersecurity", "bluf": "Digital forensics is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. This guide provides practical guidance on performing computer and network for", "endpoint": "/api/v1/nodes/nist-sp-800-86-forensic-techniques.json" }, { "id": "nist-sp-800-88-media-sanitization", "title": "Guidelines for Media Sanitization", "category": "Cybersecurity", "bluf": "This guide assists organizations and system owners in making practical media sanitization decisions based on the categorization of their information's confidentiality. Sanitization is a process that renders access to target data on media infeasible for a given level of effort. As data passes through", "endpoint": "/api/v1/nodes/nist-sp-800-88-media-sanitization.json" }, { "id": "nist-sp-800-90a-rev1-drbg", "title": "Recommendation for Random Number Generation Using Deterministic Random Bit Generators", "category": "Cybersecurity", "bluf": "This Recommendation specifies mechanisms for the generation of random bits using deterministic methods. The methods provided are based on either hash functions or block cipher algorithms. A Deterministic Random Bit Generator (DRBG) is based on a DRBG mechanism and includes a source of randomness. A ", "endpoint": "/api/v1/nodes/nist-sp-800-90a-rev1-drbg.json" }, { "id": "nist-sp-800-92-log-management", "title": "Guide to Computer Security Log Management", "category": "Cybersecurity", "bluf": "A log is a record of the events occurring within an organization’s systems and networks. The number, volume, and variety of computer security logs have increased greatly, which has created the need for computer security log management—the process for generating, transmitting, storing, analyzing, and", "endpoint": "/api/v1/nodes/nist-sp-800-92-log-management.json" }, { "id": "nist-sp-800-97-ieee-802-11i", "title": "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i", "category": "Cybersecurity", "bluf": "This guide seeks to assist organizations in better understanding the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards for wireless local area networks (WLANs), focusing on the security enhancements introduced in the IEEE 802.11i amendment. The IEEE 802.11i amendmen", "endpoint": "/api/v1/nodes/nist-sp-800-97-ieee-802-11i.json" }, { "id": "nist-sp800-18-developing-security-plans", "title": "Guide for Developing Security Plans for Federal Information Systems", "category": "Cybersecurity", "bluf": "The objective of system security planning is to improve protection of information system resources. All federal systems have some level of sensitivity and require protection as part of good management practice, and the protection of a system must be documented in a system security plan. This is a re", "endpoint": "/api/v1/nodes/nist-sp800-18-developing-security-plans.json" }, { "id": "nist-telehealth-smart-home-integration", "title": "Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration", "category": "Cybersecurity", "bluf": "This paper introduces a notional high-level smart home integration reference architecture to better understand cybersecurity and privacy risks associated with Hospital-at-Home (HaH) deployments in the context of an integrated smart home environment, focusing on voice assistants (e.g., smart speakers", "endpoint": "/api/v1/nodes/nist-telehealth-smart-home-integration.json" }, { "id": "nistir-7298r3-glossary-security-terms", "title": "Glossary of Key Information Security Terms", "category": "Cybersecurity", "bluf": "This publication, NISTIR 7298 Revision 3, describes an easily-accessible repository of terms and definitions extracted verbatim from National Institute of Standards and Technology (NIST) publications and Committee on National Security Systems (CNSS) Instruction 4009. The repository, referred to as '", "endpoint": "/api/v1/nodes/nistir-7298r3-glossary-security-terms.json" }, { "id": "nistir-7628-smartgrid", "title": "Smart Grid Security Framework", "category": "Industrial IoT & Energy", "bluf": "NISTIR 7628 Revision 1 (2014) provides the definitive cybersecurity guidelines for smart grid systems, covering all functional domains from bulk generation to consumer premises. It defines 189 high-level security requirements across seven categories (Smart Grid Cybersecurity Strategy, Architecture, ", "endpoint": "/api/v1/nodes/nistir-7628-smartgrid.json" }, { "id": "nistir-8006-cloud-forensic-challenges", "title": "NIST Cloud Computing Forensic Science Challenges", "category": "Cloud & SaaS", "bluf": "This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges ar", "endpoint": "/api/v1/nodes/nistir-8006-cloud-forensic-challenges.json" }, { "id": "nistir-8114-lightweight-cryptography", "title": "NISTIR 8114 Report on Lightweight Cryptography", "category": "Cybersecurity", "bluf": "NIST-approved cryptographic standards were designed to perform well on general-purpose computers, but their performance may not be acceptable for the increasing number of small, resource-constrained computing devices found in areas like the Internet of Things (IoT), sensor networks, and healthcare. ", "endpoint": "/api/v1/nodes/nistir-8114-lightweight-cryptography.json" }, { "id": "nistir-8183-manufacturing-profile", "title": "NISTIR 8183 Cybersecurity Framework Manufacturing Profile", "category": "Cybersecurity", "bluf": "This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The “Manufacturing Profile” of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector", "endpoint": "/api/v1/nodes/nistir-8183-manufacturing-profile.json" }, { "id": "nistir-8228-iot-cybersecurity-risks", "title": "NISTIR 8228 Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks", "category": "Cybersecurity", "bluf": "The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. The purpose of this publication is to help federal agencies and other organizations better understand and manage the cybersecurity and privacy risks associated w", "endpoint": "/api/v1/nodes/nistir-8228-iot-cybersecurity-risks.json" }, { "id": "nistir-8259-iot-device-manufacturers", "title": "Foundational Cybersecurity Activities for IoT Device Manufacturers", "category": "AI Governance & Law", "bluf": "This publication provides recommendations for manufacturers to improve the securability of the Internet of Things (IoT) devices they create. Many IoT devices lack cybersecurity capabilities that customers can use to mitigate risks. Manufacturers can assist customers by providing necessary cybersecur", "endpoint": "/api/v1/nodes/nistir-8259-iot-device-manufacturers.json" }, { "id": "nistir-8259a-iot-device-cybersecurity", "title": "NISTIR 8259A IoT Device Cybersecurity Capability Core Baseline", "category": "Cybersecurity", "bluf": "This publication defines an Internet of Things (IoT) device cybersecurity capability core baseline, which is a set of device capabilities generally needed to support common cybersecurity controls that protect an organization’s devices as well as device data, systems, and ecosystems. The purpose of t", "endpoint": "/api/v1/nodes/nistir-8259a-iot-device-cybersecurity.json" }, { "id": "nistir-8312-explainable-ai-principles", "title": "NISTIR 8312 Four Principles of Explainable Artificial Intelligence", "category": "AI Governance & Law", "bluf": "This document introduces four principles for explainable artificial intelligence (AI) that comprise fundamental properties for explainable AI systems. For AI systems that are intended or required to be explainable, it is proposed that they adhere to these principles. First, a system must deliver acc", "endpoint": "/api/v1/nodes/nistir-8312-explainable-ai-principles.json" }, { "id": "nistir-8419-supply-chain-traceability", "title": "Blockchain and Related Technologies to Support Manufacturing Supply Chain Traceability: Needs and Industry Perspectives", "category": "Cybersecurity", "bluf": "This publication explores the issues surrounding supply chain traceability, assessing the role blockchain and related technologies can play in its improvement. It targets all stakeholders in the U.S. national manufacturing supply chain, including businesses, regulatory agencies, standards bodies, re", "endpoint": "/api/v1/nodes/nistir-8419-supply-chain-traceability.json" }, { "id": "notary-public-standard", "title": "Notary Public Standards", "category": "Legal & IP Sovereignty", "bluf": "Compliance with established Notary Public Standards mandates rigorous adherence to procedural and documentary requirements for all notarial acts. A fundamental prerequisite is the satisfactory identification of the principal signer, which necessitates presentation of a current, unexpired government-", "endpoint": "/api/v1/nodes/notary-public-standard.json" }, { "id": "nuclear-safety-iaea", "title": "IAEA Nuclear Safety (GS-R-3)", "category": "Sustainability & ESG", "bluf": "Compliance with IAEA Safety Standard GS-R-3 mandates establishing, implementing, and continually improving a documented, integrated management system wherein safety holds paramount importance. Top management must demonstrate clear commitment by providing adequate resources, which includes ensuring c", "endpoint": "/api/v1/nodes/nuclear-safety-iaea.json" }, { "id": "occ-asset-management-handbook", "title": "Comptroller’s Handbook Asset Management", "category": "Banking & Global Finance", "bluf": "The Office of the Comptroller of the Currency (OCC) defines asset management as the business of providing financial products or services to a third party for a fee or commission. This guidance applies to the asset management activities of national banks, federal savings associations (FSA), and limit", "endpoint": "/api/v1/nodes/occ-asset-management-handbook.json" }, { "id": "occ-bank-supervision-process", "title": "Comptroller’s Handbook Examination Process Bank Supervision Process", "category": "Banking & Global Finance", "bluf": "This booklet is the central reference for the Office of the Comptroller of the Currency (OCC)’s bank supervision policy, explains the OCC’s risk-based bank supervision approach, and discusses the general supervisory process for all types of OCC-supervised banks. The OCC's mission is to ensure that n", "endpoint": "/api/v1/nodes/occ-bank-supervision-process.json" }, { "id": "occ-bulletin-2023-17-risk", "title": "OCC 2023-17 (Third-Party)", "category": "Banking & Global Finance", "bluf": "OCC Bulletin 2023-17 (Interagency Guidance on Third-Party Relationships: Risk Management) provides a unified U.S. standard for managing the risks of the third-party providers. it specifies a life-cycle approach to the oversight of the vendor, the cloud service, and the any other outside partnership.", "endpoint": "/api/v1/nodes/occ-bulletin-2023-17-risk.json" }, { "id": "oecd-ai-principles", "title": "The OECD AI Principles", "category": "AI Governance & Law", "bluf": "The OECD AI Principles are the first intergovernmental standard on AI, designed to promote innovative, trustworthy artificial intelligence that respects human rights and democratic values. While AI holds the potential to address complex challenges and boost productivity, AI systems also pose risks t", "endpoint": "/api/v1/nodes/oecd-ai-principles.json" }, { "id": "oecd-corporate-governance-principles", "title": "OECD Corporate Governance", "category": "Legal & IP Sovereignty", "bluf": "The G20/OECD Principles of Corporate Governance are the international standard for corporate governance. Revised in 2023, they provide a framework for policy makers and corporations to ensure institutional and legal environments that support investment, sustainability, and corporate accountability i", "endpoint": "/api/v1/nodes/oecd-corporate-governance-principles.json" }, { "id": "oecd-guidelines-multinational-ent", "title": "OECD Guidelines (Multinationals)", "category": "Legal & IP Sovereignty", "bluf": "The OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (RBC) are the most comprehensive international standard on business conduct. Revised in 2023, they provide recommendations from governments to enterprises on issues such as human rights, employment, environment, anti-b", "endpoint": "/api/v1/nodes/oecd-guidelines-multinational-ent.json" }, { "id": "oecd-mineral-supply", "title": "OECD Mineral Due Diligence", "category": "Sustainability & ESG", "bluf": "Conformance with internationally recognized mineral due diligence frameworks is evaluated through a comprehensive five-step process. The organization demonstrates strong company management by maintaining a public supply chain policy that explicitly references OECD guidance. Governance is reinforced ", "endpoint": "/api/v1/nodes/oecd-mineral-supply.json" }, { "id": "oecd-pillar2-minimum", "title": "Global Minimum Tax (Pillar Two)", "category": "Banking & Global Finance", "bluf": "OECD Pillar Two (Global Anti-Base Erosion Rules — GloBE) establishes a global minimum corporate tax rate of 15% for multinational enterprises (MNEs) with annual revenue exceeding €750 million. Finalized in December 2021 and enacted in over 40 jurisdictions as of 2024 (EU Minimum Tax Directive effect", "endpoint": "/api/v1/nodes/oecd-pillar2-minimum.json" }, { "id": "ordered-t-way-combination-testing", "title": "Ordered t-way Combinations for Testing State-based Systems", "category": "Cybersecurity", "bluf": "This publication introduces a notion of ordered t-way combinations for testing state-based systems where the response depends on both input values and the current system state. In such systems, like network protocols or credit card transaction systems, internal states change as input values are proc", "endpoint": "/api/v1/nodes/ordered-t-way-combination-testing.json" }, { "id": "ordered-t-way-combinations-testing", "title": "Ordered t-way Combinations for Testing State-based Systems", "category": "Cybersecurity", "bluf": "Fault detection in state-based systems often depends on the specific order of inputs that establish states which eventually lead to a failure. For systems where the response depends on both input values and the current system state, such as network protocols or credit card systems, it is often diffi", "endpoint": "/api/v1/nodes/ordered-t-way-combinations-testing.json" }, { "id": "osha-hazard-communication-standard", "title": "HAZARD COMMUNICATION Small Entity Compliance Guide for Employers That Use Hazardous Chemicals", "category": "Workplace", "bluf": "The Occupational Safety and Health Administration’s (OSHA) Hazard Communication Standard (HCS), 29 CFR 1910.1200, addresses the informational needs of employers and workers with regard to chemicals. In 2012, the HCS was modified to align its provisions with the United Nations’ Globally Harmonized Sy", "endpoint": "/api/v1/nodes/osha-hazard-communication-standard.json" }, { "id": "osha-work-safety-us", "title": "OSHA (Work Safety)", "category": "Workplace", "bluf": "An evaluation of current occupational safety and health compliance reveals substantial adherence to certain regulatory mandates while also exposing critical deficiencies requiring immediate remediation. The organization maintains a written safety program, has an implemented Hazard Communication plan", "endpoint": "/api/v1/nodes/osha-work-safety-us.json" }, { "id": "owasp-agentic-top10", "title": "OWASP Top 10 for LLMs & Agents", "category": "Cybersecurity", "bluf": "Operationalizing the security framework delineated by the Open Web Application Security Project's Top 10 for Large Language Model Applications, this compliance control set establishes stringent policies for mitigating critical vulnerabilities. The configuration mandates a proactive defense against P", "endpoint": "/api/v1/nodes/owasp-agentic-top10.json" }, { "id": "owasp-asvs-l1", "title": "OWASP ASVS L1 (App Sec)", "category": "Cloud & SaaS", "bluf": "The OWASP Application Security Verification Standard (ASVS) Level 1 (Opportunistic) is the baseline requirement for all web applications. it focuses on the vulnerabilities that are the easy to the find and the automated scanning can detect. Level 1 ensures the most common the security flaws are the ", "endpoint": "/api/v1/nodes/owasp-asvs-l1.json" }, { "id": "owasp-asvs-l2", "title": "OWASP ASVS L2 (Standard)", "category": "Cloud & SaaS", "bluf": "Conformance with the OWASP ASVS L2 (Standard) establishes a requisite security posture for applications verified to handle sensitive data. This framework mandates a comprehensive, defense-in-depth strategy, commencing with proactive threat modeling performed as a foundational security activity. Veri", "endpoint": "/api/v1/nodes/owasp-asvs-l2.json" }, { "id": "owasp-asvs-l3", "title": "OWASP ASVS L3 (Advanced)", "category": "Cloud & SaaS", "bluf": "OWASP Application Security Verification Standard (ASVS) Level 3 establishes the highest assurance benchmark, designed for applications processing high-value transactions, containing sensitive data, or performing critical functions where failure could precipitate significant operational or financial ", "endpoint": "/api/v1/nodes/owasp-asvs-l3.json" }, { "id": "owasp-llm-1", "title": "Prompt Injection Prevention (OWASP LLM01)", "category": "Cybersecurity", "bluf": "Prompt Injection (LLM01) occurs when an attacker manipulates an LLM via crafted inputs to override system instructions. Prevention requires strict input sanitization, separation of data from instructions, and least-privilege tool access.", "endpoint": "/api/v1/nodes/owasp-llm-1.json" }, { "id": "owasp-llm-2", "title": "Insecure Output Handling (OWASP LLM02)", "category": "Cybersecurity", "bluf": "Insecure Output Handling (LLM02) occurs when an application trustingly processes LLM-generated output without validation, potentially leading to XSS, CSRF, or SSRF in downstream systems.", "endpoint": "/api/v1/nodes/owasp-llm-2.json" }, { "id": "owasp-samm-governance", "title": "OWASP SAMM (Governance)", "category": "Cloud & SaaS", "bluf": "The OWASP Software Assurance Maturity Model (SAMM) v2.0 is the premier framework for the analyzing and the improving the software security posture. it provides a measurable way for the organizations to the design, develop, and the deploy the highly secure software by partitioning the process into th", "endpoint": "/api/v1/nodes/owasp-samm-governance.json" }, { "id": "paris-convention-industrial-property", "title": "Paris Convention (IP)", "category": "Legal & IP Sovereignty", "bluf": "The Paris Convention for the Protection of Industrial Property (1883) is the foundational international treaty for IP rights. It introduced the 'Right of Priority' and 'National Treatment', ensuring that inventors can claim the original filing date across member states and that foreign innovators re", "endpoint": "/api/v1/nodes/paris-convention-industrial-property.json" }, { "id": "pcaob-audit-standards", "title": "PCAOB Auditing Standards", "category": "Legal & IP Sovereignty", "bluf": "Adherence to Public Company Accounting Oversight Board (PCAOB) auditing standards is substantiated through a meticulous review of engagement criteria. Foundational requirements are met, as the firm’s registration with the PCAOB is confirmed and auditor independence is maintained, consistent with the", "endpoint": "/api/v1/nodes/pcaob-audit-standards.json" }, { "id": "pci-dss-hospitality", "title": "PCI-DSS (Hospitality Payment)", "category": "Food & Hospitality", "bluf": "Adherence to the Payment Card Industry Data Security Standard (PCI-DSS) within hospitality environments necessitates a comprehensive framework of technical and operational controls to protect cardholder data (CHD). Critical security validations mandate that all CHD is encrypted using strong cryptogr", "endpoint": "/api/v1/nodes/pci-dss-hospitality.json" }, { "id": "pci-dss-v4-requirement-1", "title": "PCI DSS v4 Req 1 (NSC)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 1 (Install and Maintain Network Security Controls) mandates the use of the 'Network Security Controls' (NSCs) (historically Firewalls) to the protect the Cardholder Data Environment (CDE). it requires the strict logical and the physical isolation of the credit card processing ", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-1.json" }, { "id": "pci-dss-v4-requirement-2", "title": "PCI DSS v4 Req 2 (Hardening)", "category": "Cloud & SaaS", "bluf": "Requirement 2 mandates the application of secure configuration standards across all system components within the Cardholder Data Environment, explicitly prohibiting reliance on vendor-supplied defaults. Governing guidance stipulates that a formal, documented system hardening standard, based on estab", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-2.json" }, { "id": "pci-dss-v4-requirement-3", "title": "PCI DSS v4 Req 3 (Stored Data)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 3 (Protect Stored Account Data) focuses on the security of the cardholder information residing on the persistent storage. it mandates the prohibition of the 'Sensitive Authentication Data' (SAD) storage post-authorization and the requirement for the 'Primary Account Number' (P", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-3.json" }, { "id": "pci-dss-v4-requirement-4", "title": "PCI DSS v4 Req 4 (Transmission)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 4 (Protect Cardholder Data with Strong Cryptography During Transmission) revolves around the security of the clear-text card data as it travels across the any 'Open, Public' networks (e.g., the Internet, Cellular, Wireless). it mandates the use of the 'Strong Cryptography' (TL", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-4.json" }, { "id": "pci-dss-v4-requirement-5", "title": "PCI DSS v4 Req 5 (Malware)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 5 (Protect All Systems and Networks from Malicious Software) mandates the implementation of the active malware protection across the all system components. it focuses on the continuous monitoring, the detection, and the remediation of the 'Malicious Code' (Viruses, Worms, Troj", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-5.json" }, { "id": "pci-dss-v4-requirement-6", "title": "PCI DSS v4 Req 6 (Software)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 6 (Develop and Maintain Secure Systems and Software) specifies the requirements for the secure software development lifecycle (SDLC) and the vulnerability management. it mandates the protection of the public-facing web applications from the specific attacks (e.g., OWASP Top 10", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-6.json" }, { "id": "pci-dss-v4-requirement-7", "title": "PCI DSS v4 Req 7 (Access Control)", "category": "Cloud & SaaS", "bluf": "Payment Card Industry Data Security Standard v4 Requirement 7 mandates a stringent framework for restricting access to system components and cardholder data based on an explicit business need-to-know. Compliance necessitates that a formal access control policy is defined and actively maintained. Pur", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-7.json" }, { "id": "pci-dss-v4-requirement-8", "title": "PCI DSS v4 Req 8 (Identity)", "category": "Cloud & SaaS", "bluf": "PCI DSS v4 Requirement 8 (Identify Users and Authenticate Access to System Components) specifies the authentication standards for the payment environments. it mandates the 'Unique ID' per individual and the 'Multifactor Authentication' (MFA) for the all access to the Cardholder Data Environment (CDE", "endpoint": "/api/v1/nodes/pci-dss-v4-requirement-8.json" }, { "id": "pci-dss-v4", "title": "PCI DSS v4.0 — Payment Card Data Security", "category": "Banking & Global Finance", "bluf": "PCI DSS v4.0, published March 2022 by the PCI Security Standards Council (PCI SSC), is the mandatory security standard for all entities that store, process, or transmit payment card data (cardholder data / CHD) or sensitive authentication data (SAD). The standard contains 12 requirements organized a", "endpoint": "/api/v1/nodes/pci-dss-v4.json" }, { "id": "pefc-forest-mgt", "title": "PEFC Forest Management Standard", "category": "Sustainability & ESG", "bluf": "Compliance with the PEFC Forest Management Standard necessitates a holistic and verifiable approach to sustainable forestry operations. A core requirement is the existence of a comprehensive, up-to-date forest management plan that is actively used. Sustainable harvesting practices are mandatory, sti", "endpoint": "/api/v1/nodes/pefc-forest-mgt.json" }, { "id": "pfmi-assessment-report-switzerland", "title": "Implementation monitoring of PFMI: Assessment report for Switzerland", "category": "Banking & Global Finance", "bluf": "In April 2012, the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) issued the Principles for financial market infrastructures (PFMI). The Principles set expectations for the design and operation of key financial market infr", "endpoint": "/api/v1/nodes/pfmi-assessment-report-switzerland.json" }, { "id": "pmbok-7-guide-pm", "title": "PMBOK 7 (Project Guide)", "category": "Workplace", "bluf": "Compliance with the PMBOK 7 (Project Guide) node mandates a principles-based approach to project management, focusing on value delivery and adaptable governance. This framework requires the formal establishment of several key artifacts and processes to ensure project success and stakeholder alignmen", "endpoint": "/api/v1/nodes/pmbok-7-guide-pm.json" }, { "id": "pmi-code-ethics", "title": "PMI Code of Ethics", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the Project Management Institute Code of Ethics necessitates a rigorous adherence to four foundational values: Responsibility, Respect, Fairness, and Honesty, as mandated by governing professional conduct standards. This framework requires that the designated project manager is certi", "endpoint": "/api/v1/nodes/pmi-code-ethics.json" }, { "id": "port-facility-security-isps", "title": "ISPS Code: Port Facility Security", "category": "Logistics & Supply Chain", "bluf": "Compliance with International Ship and Port Facility Security (ISPS) Code requirements for a port facility mandates a comprehensive security framework. A qualified Port Facility Security Officer (PFSO) must be designated and in place. A current Port Facility Security Assessment (PFSA) is foundationa", "endpoint": "/api/v1/nodes/port-facility-security-isps.json" }, { "id": "pqc-migration-logic", "title": "PQC Migration Workflow", "category": "Aviation, Defense & Quantum", "bluf": "The PQC Migration Workflow (based on NSA CNSA 2.0 and NIST PQC timelines) provides the strategic five-step transition from 'Classical' cryptography to 'Post-Quantum' (PQC) standards. It focuses on mitigating the 'Store-Now-Decrypt-Later' (SNDL) risk for high-longevity data and ensuring quantum-secur", "endpoint": "/api/v1/nodes/pqc-migration-logic.json" }, { "id": "pra-ss1-21-resilience", "title": "PRA SS1/21 (Resilience)", "category": "Banking & Global Finance", "bluf": "PRA SS1/21 (Operational Resilience: Impact tolerances for important business services) is the UK's cornerstone standard for bank and insurer resilience. it shifts focus from traditional disaster recovery to ensuring that 'Important Business Services' (IBS) remain within set 'Impact Tolerances' durin", "endpoint": "/api/v1/nodes/pra-ss1-21-resilience.json" }, { "id": "prince2-7-framework-pm", "title": "PRINCE2 7 (Framework)", "category": "Workplace", "bluf": "Compliance with the PRINCE2 7 framework necessitates rigorous adherence to its integrated elements of principles, themes, processes, and the project environment. Governance requires that project board roles are explicitly defined and that the Project Initiation Documentation receives formal approval", "endpoint": "/api/v1/nodes/prince2-7-framework-pm.json" }, { "id": "principles-effective-risk-data-aggregation", "title": "Principles for effective risk data aggregation and risk reporting", "category": "Banking & Global Finance", "bluf": "One of the most significant lessons learned from the global financial crisis that began in 2007 was that banks’ information technology (IT) and data architectures were inadequate to support the broad management of financial risks. Many banks lacked the ability to aggregate risk exposures and identif", "endpoint": "/api/v1/nodes/principles-effective-risk-data-aggregation.json" }, { "id": "principles-financial-market-infrastructures", "title": "Principles for financial market infrastructures", "category": "Banking & Global Finance", "bluf": "These principles establish international standards for financial market infrastructures (FMIs) that facilitate the clearing, settlement, and recording of monetary and other financial transactions. The standards apply to systemically important payment systems (PSs), central securities depositories (C", "endpoint": "/api/v1/nodes/principles-financial-market-infrastructures.json" }, { "id": "principles-for-operational-resilience", "title": "Principles for Operational Resilience", "category": "Banking & Global Finance", "bluf": "This document promotes a principles-based approach to improving operational resilience for banks, building upon the Basel Committee's Principles for the Sound Management of Operational Risk (PSMOR). It defines operational resilience as the ability of a bank to deliver critical operations through dis", "endpoint": "/api/v1/nodes/principles-for-operational-resilience.json" }, { "id": "private-fund-advisers-compliance-reviews", "title": "Private Fund Advisers; Documentation of Registered Investment Adviser Compliance Reviews", "category": "Banking & Global Finance", "bluf": "The Securities and Exchange Commission is adopting new rules under the Investment Advisers Act of 1940 designed to protect investors who directly or indirectly invest in private funds. The rules aim to increase visibility into practices involving compensation schemes, sales practices, and conflicts ", "endpoint": "/api/v1/nodes/private-fund-advisers-compliance-reviews.json" }, { "id": "project-aurum-cbdc-prototype", "title": "Project Aurum A Prototype for Two-tier Central Bank Digital Currency (CBDC)", "category": "Crypto & Sovereign Finance", "bluf": "Project Aurum, a joint project by the Bank for International Settlements (BIS) Innovation Hub Hong Kong Centre and the Hong Kong Monetary Authority (HKMA), details the creation of a full-stack central bank digital currency (CBDC) system prototype. The system is built on the premise that a digital cu", "endpoint": "/api/v1/nodes/project-aurum-cbdc-prototype.json" }, { "id": "protecting-subscriber-identifiers-suci", "title": "Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI)", "category": "Cybersecurity", "bluf": "This white paper describes how Subscription Concealed Identifier (SUCI) protection can be enabled in 5G networks as an optional security capability defined by 5G standards. It addresses the problem of the Subscription Permanent Identifier (SUPI) being sent in the clear over the air, which allows eav", "endpoint": "/api/v1/nodes/protecting-subscriber-identifiers-suci.json" }, { "id": "prsa-code-of-ethics", "title": "PRSA (Code of Ethics)", "category": "Sales, Marketing & PR", "bluf": "The PRSA Code of Ethics identifies the foundational standards for the Public Relations (PR) professionals. it specifies the '6 Core Values' (Advocacy, Honesty, Expertise, Independence, Loyalty, Fairness) and the '6 Code Provisions' (Free Flow of Information, Disclosure of Information, Confidences, C", "endpoint": "/api/v1/nodes/prsa-code-of-ethics.json" }, { "id": "prudential-treatment-cryptoasset-exposures", "title": "Prudential treatment of cryptoasset exposures", "category": "Banking & Global Finance", "bluf": "This consultative document from the Basel Committee on Banking Supervision proposes a prudential framework for banks' exposures to cryptoassets, addressing potential financial stability concerns and increased risks. The framework is guided by the principles of 'same risk, same activity, same treatme", "endpoint": "/api/v1/nodes/prudential-treatment-cryptoasset-exposures.json" }, { "id": "psd2-sc-authentication", "title": "PSD2 SCA (Payments)", "category": "Banking & Global Finance", "bluf": "PSD2 Strong Customer Authentication (SCA) (Directive 2015/2366) is the mandatory security standard for electronic payments in Europe. it requires a multifactor authentication process based on 'Knowledge' (something only the user knows), 'Possession' (something only the user has), and 'Inherence' (so", "endpoint": "/api/v1/nodes/psd2-sc-authentication.json" }, { "id": "quantum-readiness-checklist", "title": "Quantum Readiness Checklist", "category": "Aviation, Defense & Quantum", "bluf": "The Quantum Readiness Checklist is based on OMB M-23-02, CISA's Quantum Strategy, and NIST PQC migration guidance. It provides an actionable framework for organizations to identify cryptographic assets vulnerable to quantum attacks (CRQC) and begin the transition to FIPS 203-205 standards to ensure ", "endpoint": "/api/v1/nodes/quantum-readiness-checklist.json" }, { "id": "quantum-risk-audit", "title": "Quantum Readiness Triage", "category": "Cybersecurity", "bluf": "A quantum readiness assessment is the systematic process of identifying all cryptographic assets in an organization that are vulnerable to attack by a Cryptographically Relevant Quantum Computer (CRQC) and producing a prioritized migration roadmap to post-quantum cryptography (PQC). NIST finalized t", "endpoint": "/api/v1/nodes/quantum-risk-audit.json" }, { "id": "re100-renewable-req", "title": "RE100 Renewable Energy Criteria", "category": "Sustainability & ESG", "bluf": "Corporate adherence to RE100 renewable energy criteria mandates a verifiable framework for achieving 100% renewable electricity sourcing. Foundational requirements demand a public commitment to reach this target by the year 2050, supported by aggressive interim milestones stipulating a minimum of 60", "endpoint": "/api/v1/nodes/re100-renewable-req.json" }, { "id": "reach-chemical-comp", "title": "REACH Chemical Compliance", "category": "Sustainability & ESG", "bluf": "Regulation (EC) No 1907/2006 (REACH) mandates a comprehensive framework for chemical management to protect human health and the environment. Compliance hinges on several core obligations for manufacturers, importers, and downstream users. A primary duty is substance registration with the European Ch", "endpoint": "/api/v1/nodes/reach-chemical-comp.json" }, { "id": "recommendation-for-pair-wise-key-establishment", "title": "Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography", "category": "Cybersecurity", "bluf": "This Recommendation specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman (DH) and Menezes-Qu-Vanstone (MQV) key establishment schemes. The specifications are appropriate for use by the U.S. ", "endpoint": "/api/v1/nodes/recommendation-for-pair-wise-key-establishment.json" }, { "id": "reducing-risks-posed-by-synthetic-content", "title": "Reducing Risks Posed by Synthetic Content: An Overview of Technical Approaches to Digital Content Transparency", "category": "AI Governance & Law", "bluf": "This report examines the existing standards, tools, methods, and practices for authenticating content, tracking its provenance, labeling synthetic content through techniques like watermarking, and detecting synthetic content. It also addresses methods for preventing generative AI (GAI) from producin", "endpoint": "/api/v1/nodes/reducing-risks-posed-by-synthetic-content.json" }, { "id": "report-post-quantum-cryptography", "title": "NISTIR 8105 Report on Post-Quantum Cryptography", "category": "Aviation Defense & Quantum", "bluf": "If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use, seriously compromising the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quan", "endpoint": "/api/v1/nodes/report-post-quantum-cryptography.json" }, { "id": "reverse-logistics-circular", "title": "Reverse Logistics & Circularity", "category": "Logistics & Supply Chain", "bluf": "Compliance for returned asset disposition is governed by a multi-stage evaluation process to ensure regulatory adherence and maximize value recovery. Initial triage assesses an item’s physical state using a `product_condition_score` from one to ten. Products achieving a score of 9 or 10 are determin", "endpoint": "/api/v1/nodes/reverse-logistics-circular.json" }, { "id": "rics-valuation-global", "title": "RICS Valuation - Global", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the RICS Valuation - Global standards mandates a comprehensive set of procedural and documentary requirements for all valuation assignments. This framework verifies that the individual signing any valuation report is a current RICS Registered Valuer and confirms the firm maintains ad", "endpoint": "/api/v1/nodes/rics-valuation-global.json" }, { "id": "risk-management-for-replication-devices", "title": "Risk Management for Replication Devices", "category": "Cybersecurity", "bluf": "This publication provides guidance on protecting the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices (RDs), which include copiers, printers, three-dimensional (3D) printers, scanners, 3D scanners, and multifunction machines. The gu", "endpoint": "/api/v1/nodes/risk-management-for-replication-devices.json" }, { "id": "rlhf-loop-audit", "title": "RLHF Transparency Protocol", "category": "AI Governance & Law", "bluf": "Reinforcement Learning from Human Feedback (RLHF) is the dominant alignment technique used to train large language models (LLMs) to follow instructions, avoid harmful outputs, and produce outputs preferred by human evaluators — combining supervised fine-tuning (SFT) on demonstration data with a rewa", "endpoint": "/api/v1/nodes/rlhf-loop-audit.json" }, { "id": "rohs-hazardous-sub", "title": "RoHS Hazardous Substances", "category": "Sustainability & ESG", "bluf": "Compliance with the Restriction of Hazardous Substances (RoHS) directive mandates that Electrical and Electronic Equipment (EEE) placed on the market does not contain specific restricted substances above defined maximum concentration values. This assessment applies to any product falling within one ", "endpoint": "/api/v1/nodes/rohs-hazardous-sub.json" }, { "id": "rotterdam-rules-maritime", "title": "Rotterdam Rules (UN Convention)", "category": "Logistics & Supply Chain", "bluf": "The Rotterdam Rules (2008) constitute the United Nations Convention on Contracts for the International Carriage of Goods Wholly or Partly by Sea. They modernize the maritime liability regime by covering 'door-to-door' transport involving maritime legs, and accommodating electronic commerce and paper", "endpoint": "/api/v1/nodes/rotterdam-rules-maritime.json" }, { "id": "rspo-palm-oil", "title": "RSPO Palm Oil Certification", "category": "Sustainability & ESG", "bluf": "RSPO Palm Oil Certification compliance mandates verifiable adherence to a multifaceted set of criteria established under governing principles and procedural rules. An entity must demonstrate its commitment through active RSPO membership, requiring that `is_rspo_member`:true, and by maintaining an `a", "endpoint": "/api/v1/nodes/rspo-palm-oil.json" }, { "id": "sa8000-social-account", "title": "SA8000 (Social Account)", "category": "Workplace", "bluf": "SA8000 establishes a comprehensive, auditable framework for ensuring decent workplace conditions and upholding fundamental worker rights. Compliance mandates the implementation of an explicit child labor policy, which enforces a minimum worker age of 15 years, alongside a formal policy against force", "endpoint": "/api/v1/nodes/sa8000-social-account.json" }, { "id": "safe-stays-hotel-audit", "title": "Safe Stays (Hotel Hygiene)", "category": "Food & Hospitality", "bluf": "Compliance with the Safe Stays (Hotel Hygiene) node mandates a comprehensive framework of verifiable sanitation and operational protocols to mitigate public health risks. The standard requires documented evidence that all staff have completed certified hygiene training (`isStaffHygieneTrainingDocume", "endpoint": "/api/v1/nodes/safe-stays-hotel-audit.json" }, { "id": "safeguarding-advisory-client-assets", "title": "Safeguarding Advisory Client Assets", "category": "Banking & Global Finance", "bluf": "The Securities and Exchange Commission (SEC) is proposing a new rule, designated as rule 223-1 under the Investment Advisers Act of 1940, to strengthen how investment advisers safeguard client assets. This proposed safeguarding rule redesignates and amends the current custody rule (rule 206(4)-2) to", "endpoint": "/api/v1/nodes/safeguarding-advisory-client-assets.json" }, { "id": "sales-crm-best-practices", "title": "Sales CRM Best Practices", "category": "Sales, Marketing & PR", "bluf": "Adherence to established Sales CRM best practices mandates stringent data governance and operational protocols to ensure integrity, security, and regulatory compliance. Pursuant to governing data standards, contact record integrity must be paramount, requiring a minimum contact completeness percenta", "endpoint": "/api/v1/nodes/sales-crm-best-practices.json" }, { "id": "sales-lead-gen-compliance", "title": "Lead Gen Compliance", "category": "Sales, Marketing & PR", "bluf": "Lead generation outreach activities are governed by a complex framework of federal and international regulations. Compliance necessitates rigorous validation of consent and adherence to do-not-call mandates under the Telephone Consumer Protection Act and the Telemarketing Sales Rule. Specifically, a", "endpoint": "/api/v1/nodes/sales-lead-gen-compliance.json" }, { "id": "sales-lead-scoring", "title": "Deterministic Lead Scoring Logic", "category": "Sales Marketing & PR", "bluf": "Deterministic Lead Scoring Logic establishes a compliant framework for evaluating individuals by mandating auditable, rule-based processing in alignment with key data protection regulations. The system's architecture requires explicit consent for any profiling activities, a direct implementation of ", "endpoint": "/api/v1/nodes/sales-lead-scoring.json" }, { "id": "sarbanes-oxley-act-sox", "title": "Sarbanes-Oxley Act (SOX)", "category": "Legal & IP Sovereignty", "bluf": "The Sarbanes-Oxley Act of 2002 (SOX) is a U.S. federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms. It was enacted in response to major corporate financial scandals (e.g., Enron, WorldCom) to restore investor confidence throug", "endpoint": "/api/v1/nodes/sarbanes-oxley-act-sox.json" }, { "id": "sarbannes-oxley-404", "title": "SOX 404 (Controls Audit)", "category": "Legal & IP Sovereignty", "bluf": "Sarbanes-Oxley Section 404 compliance centers on a robust framework for Internal Control over Financial Reporting (ICFR). Effective adherence is demonstrated when management's annual ICFR assessment is complete and published in the Form 10-K, corroborated by the external auditor's attestation report", "endpoint": "/api/v1/nodes/sarbannes-oxley-404.json" }, { "id": "sasb-conceptual-framework", "title": "SASB CONCEPTUAL FRAMEWORK", "category": "Sustainability & ESG", "bluf": "This Conceptual Framework sets out the basic concepts, principles, definitions, and objectives that guide the Sustainability Accounting Standards Board (SASB) in its approach to setting standards for sustainability accounting. SASB’s mission is to develop and disseminate sustainability accounting st", "endpoint": "/api/v1/nodes/sasb-conceptual-framework.json" }, { "id": "sasb-materiality-standard", "title": "SASB Materiality Standard", "category": "Sustainability & ESG", "bluf": "The Sustainability Accounting Standards Board (SASB) provides industry-specific disclosure standards covering 77 industries. It focuses on 'Financial Materiality'—identifying the subset of environmental, social, and governance (ESG) factors most likely to impact the financial performance or conditio", "endpoint": "/api/v1/nodes/sasb-materiality-standard.json" }, { "id": "sbti-carbon-target", "title": "SBTi Carbon Target Validation", "category": "Sustainability & ESG", "bluf": "Validating corporate greenhouse gas emissions reduction targets against the Science Based Targets initiative's rigorous framework necessitates a comprehensive assessment of inventory completeness, target ambition, and transparency. A foundational requirement is that `is_scope1_inventory_complete` an", "endpoint": "/api/v1/nodes/sbti-carbon-target.json" }, { "id": "scada-threat-detect", "title": "SCADA Threat Detection Algorithm", "category": "Industrial IoT & Energy", "bluf": "Specialized anomaly detection for Industrial Control System (ICS) protocols (DNP3, Modbus, IEC 61850), essential for securing critical infrastructure.", "endpoint": "/api/v1/nodes/scada-threat-detect.json" }, { "id": "scor-fulfill", "title": "SCOR DS: Fulfillment", "category": "Logistics & Supply Chain", "bluf": "SCOR DS (Supply Chain Operations Reference — Digital Standard) Fulfill covers all processes involved in executing customer orders from receipt through delivery and returns. Maintained by ASCM (Association for Supply Chain Management), SCOR DS defines a hierarchical process framework with standardize", "endpoint": "/api/v1/nodes/scor-fulfill.json" }, { "id": "scor-orchestrate", "title": "SCOR DS: Orchestration", "category": "Logistics & Supply Chain", "bluf": "SCOR DS Orchestrate is the meta-level planning process in the Supply Chain Operations Reference Digital Standard that coordinates strategy, governance, data flows, and performance management across all other SCOR processes (Plan, Source, Make, Deliver, Return, Enable). Unlike Plan, which is tactical", "endpoint": "/api/v1/nodes/scor-orchestrate.json" }, { "id": "sec-climate-disclosure", "title": "SEC Climate Disclosure Rule", "category": "Sustainability & ESG", "bluf": "The SEC Climate Disclosure Rule (Final Rule 33-11275) mandates that U.S. public companies and foreign private issuers disclose climate-related risks, their financial impacts, and greenhouse gas (GHG) emissions (Scope 1 and 2 for large accelerated filers). It aims to provide investors with consistent", "endpoint": "/api/v1/nodes/sec-climate-disclosure.json" }, { "id": "sec-cybersecurity-risk-incident-disclosure", "title": "Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure", "category": "Operations & CX", "bluf": "The Securities and Exchange Commission is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies subject to the reporting requirements of the Securities Exchange Act of 1934. These amendments require ", "endpoint": "/api/v1/nodes/sec-cybersecurity-risk-incident-disclosure.json" }, { "id": "sec-reg-s-k-106", "title": "SEC Regulation S-K Item 106 (Cybersecurity)", "category": "Banking & Global Finance", "bluf": "Regulation S-K Item 106 mandates a comprehensive framework for cybersecurity disclosure, encompassing both incident reporting and governance oversight. Registrants must report material cybersecurity incidents on Form 8-K Item 1.05 within a maximum of four business days from determining an incident's", "endpoint": "/api/v1/nodes/sec-reg-s-k-106.json" }, { "id": "sec-regulation-best-interest", "title": "Regulation Best Interest: The Broker-Dealer Standard of Conduct", "category": "Banking & Global Finance", "bluf": "The Securities and Exchange Commission (SEC) is adopting Regulation Best Interest, a new rule under the Securities Exchange Act of 1934 that establishes a standard of conduct for broker-dealers and their associated persons when they make a recommendation to a retail customer of any securities transa", "endpoint": "/api/v1/nodes/sec-regulation-best-interest.json" }, { "id": "sec-regulation-s-p-safeguarding", "title": "Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Customer Information", "category": "Legal & IP Sovereignty", "bluf": "The Securities and Exchange Commission is adopting rule amendments to Regulation S-P that are designed to modernize and enhance the protections that Regulation S-P provides by addressing the expanded use of technology and corresponding risks that have emerged since its original adoption. The amendme", "endpoint": "/api/v1/nodes/sec-regulation-s-p-safeguarding.json" }, { "id": "secure-hash-standard-fips-180-4", "title": "Secure Hash Standard (SHS)", "category": "Cybersecurity", "bluf": "This Standard specifies secure hash algorithms - SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 - for computing a condensed representation of electronic data (message) called a message digest. The digests are used to detect whether messages have been changed since the digests", "endpoint": "/api/v1/nodes/secure-hash-standard-fips-180-4.json" }, { "id": "securing-property-management-systems", "title": "Securing Property Management Systems", "category": "Cybersecurity", "bluf": "In recent years criminals and other attackers have compromised the networks of several major hotel chains, exposing the information of hundreds of millions of guests. Hospitality organizations can reduce the likelihood of a hotel data breach by strengthening the cybersecurity of their property manag", "endpoint": "/api/v1/nodes/securing-property-management-systems.json" }, { "id": "security-considerations-system-development-lifecycle", "title": "Security Considerations in the System Development Life Cycle", "category": "Cybersecurity", "bluf": "The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-64, Security Considerations in the System Development Life Cycle, was developed to assist federal government agencies in integrating essential information technology (IT) security steps into their established IT s", "endpoint": "/api/v1/nodes/security-considerations-system-development-lifecycle.json" }, { "id": "security-focused-configuration-management", "title": "Guide for Security-Focused Configuration Management of Information Systems", "category": "Cybersecurity", "bluf": "This guide provides guidelines for organizations responsible for managing and administering the security of federal information systems. It assumes that information security is an integral part of an organization’s overall configuration management, with a focus on implementing the security aspects o", "endpoint": "/api/v1/nodes/security-focused-configuration-management.json" }, { "id": "security-segmentation-small-manufacturing", "title": "Security Segmentation in a Small Manufacturing Environment", "category": "AI Governance & Law", "bluf": "Manufacturers are increasingly targeted in cyber-attacks. Small manufacturers are particularly vulnerable due to limitations in staff and resources to operate facilities and manage cybersecurity. This paper introduces security segmentation as a cost-effective and efficient approach to mitigate cyber", "endpoint": "/api/v1/nodes/security-segmentation-small-manufacturing.json" }, { "id": "sg-imda-agentic-ai", "title": "Singapore IMDA Agentic AI Framework", "category": "AI Governance & Law", "bluf": "Execution rules for the world's first framework specifically targeting Agentic AI, focusing on bounding autonomous actions, financial limits, and verifiable intent.", "endpoint": "/api/v1/nodes/sg-imda-agentic-ai.json" }, { "id": "shared-responsibility-model", "title": "Shared Responsibility Model", "category": "Cloud & SaaS", "bluf": "A clearly articulated Shared Responsibility Model delineates the distinct security and compliance obligations between the service provider and the customer, a principle established by foundational cloud computing standards. This framework confirms the provider manages security *of* the cloud, encomp", "endpoint": "/api/v1/nodes/shared-responsibility-model.json" }, { "id": "shrm-hr-competency", "title": "SHRM (HR Competency)", "category": "Workplace", "bluf": "Organizational conformity with established SHRM competency standards is evaluated through a multi-faceted set of controls governing professional conduct, strategic integration, and data governance. Successful validation requires a formally documented competency model and stipulates that no less than", "endpoint": "/api/v1/nodes/shrm-hr-competency.json" }, { "id": "smart-container-iot", "title": "Smart Container IoT Tracking", "category": "Logistics & Supply Chain", "bluf": "Smart Container IoT Tracking systems must adhere to stringent security and data privacy standards for ensuring regulatory compliance across global supply chains. As mandated by leading frameworks like NIST and ISO/IEC, all communications require robust encryption; data in transit necessitates TLS 1.", "endpoint": "/api/v1/nodes/smart-container-iot.json" }, { "id": "smart-contract-audit-swc", "title": "Smart Contract Audit (SWC)", "category": "Legal & IP Sovereignty", "bluf": "The Smart Contract Weakness Classification (SWC) Registry is the authoritative taxonomy of smart contract security vulnerabilities, maintained by the Ethereum security community and analogous to the CVE/CWE system for traditional software. It defines 37 weakness classes (SWC-100 through SWC-136) cov", "endpoint": "/api/v1/nodes/smart-contract-audit-swc.json" }, { "id": "smpte-st-2110-media", "title": "SMPTE ST 2110", "category": "Creative, Content & Media IP", "bluf": "Compliance with the SMPTE ST 2110 suite of standards for professional media over managed IP networks mandates a stringent set of technical and operational configurations. Foundational specifications dictate that all network devices and endpoints must adhere to precise timing protocols, necessitating", "endpoint": "/api/v1/nodes/smpte-st-2110-media.json" }, { "id": "soa-code-conduct", "title": "SOA Code of Conduct", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the Society of Actuaries (SOA) Code of Conduct necessitates a multifaceted verification process. An actuary must be qualified for an assignment and demonstrate complete adherence to all applicable Actuarial Standards of Practice (ASOPs). Full transparency is mandatory; any potential ", "endpoint": "/api/v1/nodes/soa-code-conduct.json" }, { "id": "soc-1-type-2-finance", "title": "SOC 1 Type II (Finance)", "category": "Workplace", "bluf": "A Service Organization Control (SOC) 1 Type II attestation provides assurance regarding the operational effectiveness of controls relevant to user entities' internal control over financial reporting (ICFR) over a specified examination period. Governing attestation standards mandate the establishment", "endpoint": "/api/v1/nodes/soc-1-type-2-finance.json" }, { "id": "soc2-availability-criteria", "title": "SOC 2 (Availability)", "category": "Cloud & SaaS", "bluf": "Compliance with governing availability principles is demonstrated through a comprehensive framework of controls and procedural enforcement. The entity maintains robust system performance monitoring capabilities, configured to generate alerts when CPU usage exceeds an 85 percent threshold or when mem", "endpoint": "/api/v1/nodes/soc2-availability-criteria.json" }, { "id": "soc2-confidentiality-crit", "title": "SOC 2 (Confidentiality)", "category": "Cloud & SaaS", "bluf": "System and Organization Controls (SOC) 2 criteria for Confidentiality mandate the protection of information designated as confidential to meet organizational objectives. Compliance necessitates a comprehensive control framework addressing the complete data lifecycle, from creation to final dispositi", "endpoint": "/api/v1/nodes/soc2-confidentiality-crit.json" }, { "id": "soc2-privacy-criteria", "title": "SOC 2 (Privacy Criteria)", "category": "Cloud & SaaS", "bluf": "The SOC 2 Trust Services Criteria (TSC) for Privacy is the specialized audit framework for assessing how personal information is collected, used, retained, disclosed, and disposed of to meet the system's objectives. Based on the Generally Accepted Privacy Principles (GAPP), it provides a high-assura", "endpoint": "/api/v1/nodes/soc2-privacy-criteria.json" }, { "id": "soc2-processing-integrity", "title": "SOC 2 (Processing Integrity)", "category": "Cloud & SaaS", "bluf": "Compliance with SOC 2 Processing Integrity criteria necessitates system processing that is complete, valid, accurate, timely, and authorized. This configuration enforces these principles through a comprehensive suite of controls derived from established trust services standards. To affirm data corre", "endpoint": "/api/v1/nodes/soc2-processing-integrity.json" }, { "id": "soc2-security-criterion", "title": "SOC 2 Trust Services Criteria for AI Environments", "category": "Operations & CX", "bluf": "SOC 2 (System and Organization Controls) Trust Services Criteria (TSC) for AI environments require rigorous mapping of security, availability, processing integrity, confidentiality, and privacy to the entire Machine Learning lifecycle.", "endpoint": "/api/v1/nodes/soc2-security-criterion.json" }, { "id": "sovereign-final-audit", "title": "100-Node Sovereignty Audit", "category": "AI Governance & Law", "bluf": "The Bidda Sovereign Audit Protocol defines the ongoing integrity verification process for the 100-node intelligence registry. It specifies the procedures for batch hash verification, canonical source URL validation, registry-to-file synchronization checks, SDK compatibility testing, and the issuance", "endpoint": "/api/v1/nodes/sovereign-final-audit.json" }, { "id": "sox-it-controls", "title": "SOX IT Controls — Sarbanes-Oxley IT Compliance", "category": "Banking & Global Finance", "bluf": "The Sarbanes-Oxley Act of 2002 (SOX) — enacted in response to Enron, WorldCom, and other financial scandals — imposes mandatory internal controls over financial reporting (ICFR) requirements on all US public companies (SEC registrants) and foreign private issuers listed on US exchanges. Section 302 ", "endpoint": "/api/v1/nodes/sox-it-controls.json" }, { "id": "sqf-edition-9-safety", "title": "SQF Edition 9 (Safe Quality Food)", "category": "Food & Hospitality", "bluf": "Compliance with Safe Quality Food (SQF) Edition 9 necessitates a robust, fully documented food safety management system, underpinned by senior management commitment as evidenced by a signed policy statement. The foundational Food Safety Plan requires a comprehensive review at a maximum interval of 1", "endpoint": "/api/v1/nodes/sqf-edition-9-safety.json" }, { "id": "sr-11-7-model-risk-management", "title": "Guidance on Model Risk Management", "category": "Banking & Global Finance", "bluf": "This supervisory guidance, issued by the Federal Reserve and the Office of the Comptroller of the Currency (OCC), is intended for use by all banking organizations supervised by the Federal Reserve. It should be applied as appropriate, taking into account each organization’s size, nature, complexity,", "endpoint": "/api/v1/nodes/sr-11-7-model-risk-management.json" }, { "id": "sra-code-conduct-uk", "title": "SRA Code of Conduct (UK)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the Solicitors Regulation Authority (SRA) Code of Conduct for Firms mandates a comprehensive operational framework to uphold the rule of law and the proper administration of justice. Firms must act with integrity, which necessitates that `clientFundsSystemicallySegregated` from offic", "endpoint": "/api/v1/nodes/sra-code-conduct-uk.json" }, { "id": "state-ramp-authorization", "title": "StateRAMP Authorization", "category": "Cloud & SaaS", "bluf": "The cloud service offering's compliance posture demonstrates substantial progress toward full StateRAMP Authorization but currently fails to meet the final requirement for listing on the Authorized Product List. As a Cloud Service Provider specifically targeting state and local government entities, ", "endpoint": "/api/v1/nodes/state-ramp-authorization.json" }, { "id": "supervisory-guidance-model-risk-management", "title": "SUPERVISORY GUIDANCE ON MODEL RISK MANAGEMENT", "category": "Banking & Global Finance", "bluf": "This guidance describes the key aspects of effective model risk management for banks, which rely heavily on quantitative analysis and models in most aspects of financial decision making. It applies to national banks, bank holding companies, state member banks, and all other institutions for which th", "endpoint": "/api/v1/nodes/supervisory-guidance-model-risk-management.json" }, { "id": "supply-chain-bullwhip", "title": "Bullwhip Effect Mitigation", "category": "Logistics & Supply Chain", "bluf": "The Bullwhip Effect (Lee, Padmanabhan & Whang, 1997 — Sloan Management Review) describes the amplification of demand variability as orders propagate upstream in a supply chain — small fluctuations in retail demand become large oscillations in manufacturer and raw material orders. The four primary ca", "endpoint": "/api/v1/nodes/supply-chain-bullwhip.json" }, { "id": "supply-chain-incoterms", "title": "Incoterms 2020 Risk Allocation Matrix", "category": "Logistics & Supply Chain", "bluf": "Standardized international trade terms defining the responsibilities, costs, and transfer of risk between sellers and buyers for the distribution of goods.", "endpoint": "/api/v1/nodes/supply-chain-incoterms.json" }, { "id": "supply-chain-risk-triage", "title": "Supply Chain Risk Triage Protocol", "category": "Logistics & Supply Chain", "bluf": "The Supply Chain Risk Triage Protocol mandates an immediate escalation and review process upon detection of specific high-risk conditions within the procurement and component lifecycle. This automated governance mechanism is triggered by a confluence of factors indicating severe potential disruption", "endpoint": "/api/v1/nodes/supply-chain-risk-triage.json" }, { "id": "supply-chain-twin-fidelity", "title": "Supply Chain Digital Twin Audit", "category": "Logistics & Supply Chain", "bluf": "Compliance with supply chain digital twin operations mandates stringent adherence to data integrity, security protocols, and model fidelity benchmarks as established by governing industry standards. The audit function verifies that all data sources maintain mandatory authentication, pursuant to the ", "endpoint": "/api/v1/nodes/supply-chain-twin-fidelity.json" }, { "id": "support-hallucination-check", "title": "Support Hallucination Detection", "category": "Operations & CX", "bluf": "LLM hallucination in customer support contexts — where AI agents generate plausible but factually incorrect answers about products, policies, pricing, or procedures — creates direct legal liability, customer trust erosion, and regulatory exposure under FTC advertising truthfulness standards and GDPR", "endpoint": "/api/v1/nodes/support-hallucination-check.json" }, { "id": "support-sentiment-escalation", "title": "Sentiment-Based Escalation", "category": "Operations & CX", "bluf": "Sentiment-based escalation is an AI support workflow control that monitors customer emotional state throughout an interaction and triggers escalation to a human agent when negative sentiment, frustration indicators, or distress signals exceed defined thresholds. Failure to escalate at the right mome", "endpoint": "/api/v1/nodes/support-sentiment-escalation.json" }, { "id": "swift-csp-quality", "title": "SWIFT CSP (Quality)", "category": "Banking & Global Finance", "bluf": "The SWIFT Customer Security Programme (CSP) is the mandatory security framework for all SWIFT users. It consists of the Customer Security Controls Framework (CSCF) with 32 controls (25 mandatory, 7 advisory) designed to secure the local infrastructure of SWIFT users and combat cyber-fraud in the glo", "endpoint": "/api/v1/nodes/swift-csp-quality.json" }, { "id": "tapa-tsr-2023", "title": "TAPA Trucking Security (TSR)", "category": "Logistics & Supply Chain", "bluf": "The TAPA Trucking Security Requirements (TSR) is the leading global security standard for the transportation of high-value assets by road. It defines three levels of security (Level 1, 2, and 3) for vehicles and trailers, focusing on theft prevention, asset tracking, and driver security protocols.", "endpoint": "/api/v1/nodes/tapa-tsr-2023.json" }, { "id": "tcfd-climate-disclosure", "title": "TCFD Climate Disclosure", "category": "Sustainability & ESG", "bluf": "The Task Force on Climate-related Financial Disclosures (TCFD) provides a framework for companies to disclose climate-related risks and opportunities. It is built on four thematic areas: Governance, Strategy, Risk Management, and Metrics & Targets, ensuring transparent communication to investors abo", "endpoint": "/api/v1/nodes/tcfd-climate-disclosure.json" }, { "id": "tcfd-climate-related-financial-disclosures", "title": "Recommendations of the Task Force on Climate-related Financial Disclosures", "category": "Sustainability & ESG", "bluf": "The Task Force on Climate-related Financial Disclosures report establishes recommendations for disclosing clear, comparable and consistent information about the risks and opportunities presented by climate change. Widespread adoption of these recommendations aims to ensure that the effects of climat", "endpoint": "/api/v1/nodes/tcfd-climate-related-financial-disclosures.json" }, { "id": "tcfd-climate-risk", "title": "TCFD Climate Disclosure", "category": "Sustainability & ESG", "bluf": "The Task Force on Climate-related Financial Disclosures (TCFD) framework, published in 2017 and now consolidated into IFRS S2 (effective January 2024), defines the global standard for corporate disclosure of climate-related financial risks and opportunities. TCFD organizes disclosures across four pi", "endpoint": "/api/v1/nodes/tcfd-climate-risk.json" }, { "id": "tcfd-status-report-2022", "title": "Task Force on Climate-related Financial Disclosures: 2022 Status Report", "category": "Operations & CX", "bluf": "This fifth annual status report from the Task Force on Climate-related Financial Disclosures (TCFD) reflects on the implementation of its recommendations since their release in 2017. The TCFD framework provides a structure for companies and other organizations to develop more effective climate-relat", "endpoint": "/api/v1/nodes/tcfd-status-report-2022.json" }, { "id": "tiktok-ads-policy-std", "title": "TikTok Ads (Policies)", "category": "Sales, Marketing & PR", "bluf": "BIDDA's TikTok Ads (Policies) node programmatically assesses advertising creatives and their associated landing pages against a comprehensive set of platform integrity standards to mitigate non-compliance risk. The evaluation strictly prohibits content promoting illegal products or services, weapons", "endpoint": "/api/v1/nodes/tiktok-ads-policy-std.json" }, { "id": "tisaq-auto-cyber", "title": "TISAX (Automotive Cyber)", "category": "Cloud & SaaS", "bluf": "TISAX (Trusted Information Security Assessment Exchange) is the definitive maturity-based security standard for the global automotive industry. Based on the VDA Information Security Assessment (ISA), it provides a unified mechanism for the mutual recognition of the security assessments among the aut", "endpoint": "/api/v1/nodes/tisaq-auto-cyber.json" }, { "id": "tnfd-nature-disclosure", "title": "TNFD Nature Disclosure", "category": "Sustainability & ESG", "bluf": "Corporate reporting indicates substantive alignment with the procedural components of the nature-related disclosure framework, though significant deficiencies persist regarding quantitative financial analysis. The entity meets foundational governance requirements, providing a comprehensive disclosur", "endpoint": "/api/v1/nodes/tnfd-nature-disclosure.json" }, { "id": "tourism-disaster-resilience", "title": "Tourism Disaster Resilience", "category": "Food & Hospitality", "bluf": "Compliance with tourism disaster resilience protocols mandates a comprehensive and actively managed framework for mitigating operational disruptions. A documented risk assessment is a foundational requirement, subject to review and update at least every 12 months. Organizations must maintain a curre", "endpoint": "/api/v1/nodes/tourism-disaster-resilience.json" }, { "id": "tri-agency-task-force-diagnostics", "title": "CHARTER Tri-Agency Task Force for Emergency Diagnostics", "category": "Food & Hospitality", "bluf": "The Tri-Agency Task Force for Emergency Diagnostics (TTFED), with members from Centers for Disease Control and Prevention (CDC), Food and Drug Administration (FDA), and Centers for Medicare and Medicaid Services (CMS), is established to develop a process to collaborate on future emergency diagnostic", "endpoint": "/api/v1/nodes/tri-agency-task-force-diagnostics.json" }, { "id": "tri-agency-task-force-emergency-diagnostics", "title": "CHARTER Tri-Agency Task Force for Emergency Diagnostics", "category": "Food & Hospitality", "bluf": "The Tri-Agency Task Force for Emergency Diagnostics (TTFED), with members from Centers for Disease Control and Prevention (CDC), Food and Drug Administration (FDA), and Centers for Medicare and Medicaid Services (CMS), is established to develop a process to collaborate on future emergency diagnostic", "endpoint": "/api/v1/nodes/tri-agency-task-force-emergency-diagnostics.json" }, { "id": "trusted-iot-device-onboarding", "title": "Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management: Enhancing Internet Protocol-Based IoT Device and Network Security", "category": "Cybersecurity", "bluf": "This practice guide from the National Cybersecurity Center of Excellence (NCCoE) demonstrates various mechanisms for trusted network-layer onboarding of IoT devices in Internet Protocol-based environments. Establishing trust between a network and an Internet of Things (IoT) device prior to providing", "endpoint": "/api/v1/nodes/trusted-iot-device-onboarding.json" }, { "id": "uk-bribery-act-2010", "title": "UK Bribery Act 2010", "category": "Legal & IP Sovereignty", "bluf": "The UK Bribery Act 2010 is one of the strictest anti-corruption laws in the world. It prohibits bribing, being bribed, and bribing foreign officials. Critically, it introduces a strict liability offense for commercial organizations that fail to prevent bribery (Section 7), with a defense available i", "endpoint": "/api/v1/nodes/uk-bribery-act-2010.json" }, { "id": "uk-strategic-export-control", "title": "UK Strategic Export Control", "category": "Aviation, Defense & Quantum", "bluf": "The UK Strategic Export Control regime (Export Control Act 2002) is the primary regulation for the export of military and dual-use technology from the United Kingdom. It is managed by the Export Control Joint Unit (ECJU) and utilizes the Consolidated List to determine licensing requirements for inte", "endpoint": "/api/v1/nodes/uk-strategic-export-control.json" }, { "id": "un-global-digital-compact", "title": "UN Global Digital Compact (Data Governance)", "category": "AI Governance & Law", "bluf": "Enterprises must align their governance frameworks with principles articulated in the United Nations Global Digital Compact under Objective 4, which champions a people-centric approach to data emphasizing trust, accountability, and protection of fundamental human rights. Compliance requires implemen", "endpoint": "/api/v1/nodes/un-global-digital-compact.json" }, { "id": "un-guiding-principles-business-hr", "title": "UN Guiding Principles (BHR)", "category": "Legal & IP Sovereignty", "bluf": "The United Nations Guiding Principles on Business and Human Rights (UNGP or 'Ruggie Principles') are the authoritative global standard for preventing and addressing the risk of adverse human rights impacts linked to business activity. Built on the 'Protect, Respect, and Remedy' framework, they provi", "endpoint": "/api/v1/nodes/un-guiding-principles-business-hr.json" }, { "id": "un-pri-investment", "title": "UN Principles for Responsible Invest", "category": "Sustainability & ESG", "bluf": "Adherence to the United Nations-supported Principles for Responsible Investment framework delineates an investment manager's commitment to integrating environmental, social, and governance (ESG) considerations into investment analysis and decision-making processes. Compliance verification commences ", "endpoint": "/api/v1/nodes/un-pri-investment.json" }, { "id": "un-sdg-alignment", "title": "UN SDG Strategic Alignment", "category": "Sustainability & ESG", "bluf": "The UN Sustainable Development Goals (SDGs) are a set of 17 interconnected global goals adopted by all 193 UN member states in 2015 as part of the 2030 Agenda for Sustainable Development. Each goal contains specific targets (169 total) measured by 231 unique indicators. For organizations, SDG alignm", "endpoint": "/api/v1/nodes/un-sdg-alignment.json" }, { "id": "un-sdg-corporate-mapping", "title": "UN SDG Corporate Mapping", "category": "Legal & IP Sovereignty", "bluf": "The UN SDG Corporate Mapping framework aligns corporate activities and ESG reporting with the 17 United Nations Sustainable Development Goals (SDGs). it focuses on SDGs 8 (Decent Work), 12 (Responsible Consumption & Production), and 16 (Peace, Justice and Strong Institutions) as the primary pillars ", "endpoint": "/api/v1/nodes/un-sdg-corporate-mapping.json" }, { "id": "uncitral-model-law-arbitration", "title": "UNCITRAL Model Law (Arbitration)", "category": "Legal & IP Sovereignty", "bluf": "The UNCITRAL Model Law on International Commercial Arbitration (1985, amended 2006) is the global standard for the legislative framework of international arbitration. It is designed to assist States in reforming and modernizing their laws on arbitral procedure so as to take into account the particul", "endpoint": "/api/v1/nodes/uncitral-model-law-arbitration.json" }, { "id": "unesco-ai-ethics-work", "title": "UNESCO (AI Ethics - Work)", "category": "Workplace", "bluf": "Adherence to UNESCO's ethical recommendations for artificial intelligence in the workplace requires a proactive, human-rights-based governance framework. Organizations must systematically evaluate and mitigate AI's impact on labor through a mandatory labor impact assessment, which is subject to a re", "endpoint": "/api/v1/nodes/unesco-ai-ethics-work.json" }, { "id": "unesco-cultural-diversity", "title": "UNESCO Cultural Diversity", "category": "Creative, Content & Media IP", "bluf": "Adherence to the UNESCO framework for cultural diversity mandates a multifaceted compliance posture for all digital platforms. This requires the establishment and public disclosure of a formal cultural diversity policy alongside verifiable mechanisms for fair remuneration that benefit local creators", "endpoint": "/api/v1/nodes/unesco-cultural-diversity.json" }, { "id": "unesco-ethics-ai", "title": "UNESCO Ethics of AI", "category": "AI Governance & Law", "bluf": "Compliance with the UNESCO Recommendation on the Ethics of Artificial Intelligence demands a comprehensive governance framework ensuring AI systems uphold human rights, dignity, and environmental sustainability. The foundational principles mandate that `humanOversightRequired` is perpetually maintai", "endpoint": "/api/v1/nodes/unesco-ethics-ai.json" }, { "id": "us-ca-sb53-frontier-ai", "title": "California SB 53 (Transparency in Frontier AI Act)", "category": "AI Governance & Law", "bluf": "The nation's first comprehensive safety and transparency requirement for frontier AI developers, mandating catastrophic risk frameworks, 15-day incident reporting, and whistleblower protections for models trained above 10^26 FLOPs.", "endpoint": "/api/v1/nodes/us-ca-sb53-frontier-ai.json" }, { "id": "us-co-sb205-high-risk-ai", "title": "Colorado AI Act (SB 205) - High-Risk Systems", "category": "AI Governance & Law", "bluf": "US state-level regulatory requirements for developers and deployers of high-risk AI systems making consequential decisions, mandating algorithmic discrimination audits and consumer opt-out rights.", "endpoint": "/api/v1/nodes/us-co-sb205-high-risk-ai.json" }, { "id": "ustoa-tour-integrity", "title": "USTOA Tour Operator Integrity", "category": "Food & Hospitality", "bluf": "USTOA Tour Operator Integrity compliance validates an operator’s adherence to stringent standards for financial stability, consumer protection, and ethical conduct. Verification requires active USTOA membership and confirmed participation within the USTOA $1 Million Travellers Assistance Program. Th", "endpoint": "/api/v1/nodes/ustoa-tour-integrity.json" }, { "id": "validating-integrity-of-computing-devices", "title": "NIST SPECIAL PUBLICATION 1800-34 Validating the Integrity of Computing Devices", "category": "Cybersecurity", "bluf": "The supply chains of information and communications technologies are increasingly at risk of compromise from counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. This practice guide demonstrates how organizations can verify that the internal c", "endpoint": "/api/v1/nodes/validating-integrity-of-computing-devices.json" }, { "id": "verra-vcs-verification", "title": "Verra VCS Carbon Verification", "category": "Sustainability & ESG", "bluf": "Verra VCS project verification mandates strict adherence to a comprehensive set of protocols, as stipulated within core VCS Program governance documents, to ensure the integrity of issued Verified Carbon Units (VCUs). Foundational compliance requires that a project possesses a complete description d", "endpoint": "/api/v1/nodes/verra-vcs-verification.json" }, { "id": "w3c-ads-topics-api", "title": "W3C Topics API", "category": "Sales, Marketing & PR", "bluf": "The W3C Topics API establishes a privacy-centric framework for interest-based advertising by replacing persistent cross-site tracking mechanisms. Its implementation is mandated within a secure context and expressly prohibits persistent cross-site identifiers. User interests are algorithmically infer", "endpoint": "/api/v1/nodes/w3c-ads-topics-api.json" }, { "id": "w3c-attribution-reporting", "title": "W3C Attribution (Ad-Tech)", "category": "Sales, Marketing & PR", "bluf": "Adherence to the W3C's Attribution Reporting API framework necessitates a stringent, privacy-preserving approach for measuring ad conversions without relying on cross-site tracking mechanisms. This compliance posture, informed by specifications like the W3C's Conversion Measurement Proposal and Priv", "endpoint": "/api/v1/nodes/w3c-attribution-reporting.json" }, { "id": "w3c-private-aggregation", "title": "W3C Private Aggregation", "category": "Sales, Marketing & PR", "bluf": "Adherence to the W3C Private Aggregation API standard mandates a strict set of privacy-preserving controls for processing cross-site data into summary reports. Conformance requires mandatory integration with either the Shared Storage or Protected Audience APIs, ensuring data is properly gated before", "endpoint": "/api/v1/nodes/w3c-private-aggregation.json" }, { "id": "warehouse-wms-optimization", "title": "Warehouse Management (WMS) Logic", "category": "Logistics & Supply Chain", "bluf": "Warehouse Management (WMS) logic must be configured to enforce stringent controls over inventory, operational processes, and system integrity, aligning with governing supply chain regulations and industry best practices. The system mandates First-In, First-Out (FIFO) handling for perishables and Fir", "endpoint": "/api/v1/nodes/warehouse-wms-optimization.json" }, { "id": "wco-safe-framework-standards", "title": "SAFE Framework of Standards", "category": "Logistics & Supply Chain", "bluf": "The SAFE Framework of Standards to Secure and Facilitate Global Trade, adopted by World Customs Organization (WCO) Members, establishes principles and standards as a minimal threshold for Customs administrations. It aims to secure the movement of global trade in a way that facilitates, rather than i", "endpoint": "/api/v1/nodes/wco-safe-framework-standards.json" }, { "id": "wco-safe-framework", "title": "WCO SAFE Framework", "category": "Logistics & Supply Chain", "bluf": "The SAFE Framework of Standards to Secure and Facilitate Global Trade (SAFE Framework) provides a global standard for supply chain security and trade facilitation, built on three pillars: Customs-to-Customs, Customs-to-Business, and Customs-to-other-Government-Agencies. It is the foundation for the ", "endpoint": "/api/v1/nodes/wco-safe-framework.json" }, { "id": "weee-electronic-waste", "title": "WEEE: Electronic Waste Recovery", "category": "Sustainability & ESG", "bluf": "An entity’s adherence to the Waste Electrical and Electronic Equipment Directive is substantially confirmed, though a critical deficiency exists regarding cross-border commerce obligations. The producer is correctly registered within the relevant EU member state for products falling under WEEE categ", "endpoint": "/api/v1/nodes/weee-electronic-waste.json" }, { "id": "wipo-copyright-treaty", "title": "WIPO Copyright Treaty", "category": "Creative, Content & Media IP", "bluf": "Organizational alignment with the WIPO Copyright Treaty is achieved through a comprehensive framework addressing digital works, technological safeguards, and rights management integrity. The governing policy affirms that computer programs are protected as literary works, and that the structure of da", "endpoint": "/api/v1/nodes/wipo-copyright-treaty.json" }, { "id": "wipo-domain-dispute-udrp", "title": "WIPO Domain (UDRP)", "category": "Creative, Content & Media IP", "bluf": "This compliance assessment evaluates disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP), which mandates a complainant satisfy a conjunctive three-part test for a successful domain transfer or cancellation. The initial element requires verifying that the `complainant_has_valid_tr", "endpoint": "/api/v1/nodes/wipo-domain-dispute-udrp.json" }, { "id": "wipo-hague-design-system", "title": "WIPO Hague System (Designs)", "category": "Legal & IP Sovereignty", "bluf": "The Hague System (administered by WIPO) allows for the international registration of industrial designs through a single application. It covers up to 100 industrial design-active countries, providing a cost-effective and simplified process for designers to protect their visual innovation across mult", "endpoint": "/api/v1/nodes/wipo-hague-design-system.json" }, { "id": "wipo-industrial-designs", "title": "WIPO Industrial Designs", "category": "Creative, Content & Media IP", "bluf": "Compliance with international regulations for industrial designs requires strict adherence to procedural and data formatting standards established under governing treaties and administrative instructions. Each application must provide a valid product indication and present creator identification to ", "endpoint": "/api/v1/nodes/wipo-industrial-designs.json" }, { "id": "wipo-madrid-trademark-system", "title": "WIPO Madrid System (Trademarks)", "category": "Legal & IP Sovereignty", "bluf": "The Madrid System (administered by WIPO) is a centrally-managed international trademark registration system. It allows trademark owners to protect their brand in up to 130 countries through a single application, in one language, and by paying a single set of fees, simplifying the process of obtainin", "endpoint": "/api/v1/nodes/wipo-madrid-trademark-system.json" }, { "id": "wipo-patent-cooperation-pct", "title": "WIPO Patent (PCT)", "category": "Creative, Content & Media IP", "bluf": "This international patent application's compliance posture indicates successful completion of initial filing requirements pursuant to the governing legal framework. The application has secured an international filing date, confirmed by its status as Article 11 compliant with a valid receiving office", "endpoint": "/api/v1/nodes/wipo-patent-cooperation-pct.json" }, { "id": "wipo-pct-international-patent", "title": "WIPO PCT (International Patents)", "category": "Legal & IP Sovereignty", "bluf": "The Patent Cooperation Treaty (PCT) is an international treaty administered by WIPO. It provides a unified procedure for filing patent applications to protect inventions in each of its contracting states. A single 'international' patent application has the same effect as national applications filed ", "endpoint": "/api/v1/nodes/wipo-pct-international-patent.json" }, { "id": "wipo-pct-patent-rules", "title": "WIPO PCT (Patent Rules)", "category": "Legal & IP Sovereignty", "bluf": "Compliance with the Patent Cooperation Treaty (PCT) framework mandates strict adherence to procedural and formal requirements for securing an international filing date and facilitating subsequent national phase entry. Governing regulations stipulate that any applicant must be a resident or national ", "endpoint": "/api/v1/nodes/wipo-pct-patent-rules.json" }, { "id": "wipo-performances-phonograms", "title": "WIPO WPPT (Performances)", "category": "Creative, Content & Media IP", "bluf": "Compliance with the WIPO Performances and Phonograms Treaty necessitates stringent verification of fundamental rights and obligations concerning performers and phonogram producers. The framework confirms that performers' moral rights are upheld, requiring clear performer attribution and the existenc", "endpoint": "/api/v1/nodes/wipo-performances-phonograms.json" }, { "id": "wipo-trade-secret-stds", "title": "WIPO Trade Secrets", "category": "Creative, Content & Media IP", "bluf": "An organizational asset qualifies for robust protection as a trade secret under governing international intellectual property conventions. The information satisfies the fundamental criteria for secrecy, as it is confirmed that the material is not publicly disclosed and is not readily ascertainable b", "endpoint": "/api/v1/nodes/wipo-trade-secret-stds.json" }, { "id": "wipo-trademark-stds", "title": "WIPO Trademark Stds", "category": "Creative, Content & Media IP", "bluf": "Compliance with World Intellectual Property Organization trademark standards mandates strict adherence to data formatting and content protocols for international filings. All transactional data must be structured as valid ST.66 XML, for which `is_st66_xml_valid` is a primary validation checkpoint, w", "endpoint": "/api/v1/nodes/wipo-trademark-stds.json" }, { "id": "wipo-traditional-knowledge", "title": "WIPO Traditional Knowledge", "category": "Creative, Content & Media IP", "bluf": "A `usage_compliance_score` of `0` reflects a complete failure to meet established international norms for the use of traditional knowledge, as articulated within frameworks deliberated by the World Intellectual Property Organization. The subject matter mandates obtaining prior informed consent, a co", "endpoint": "/api/v1/nodes/wipo-traditional-knowledge.json" }, { "id": "wolfsberg-corresp-bank", "title": "Wolfsberg Principles (KYC)", "category": "Banking & Global Finance", "bluf": "The Wolfsberg Anti-Money Laundering (AML) Principles for Correspondent Banking (2022) provide a global standard for the risk-based identification and assessment of correspondent banking clients. it is designed to prevent the misuse of the international financial system by ensuring that banks impleme", "endpoint": "/api/v1/nodes/wolfsberg-corresp-bank.json" }, { "id": "za-king-v-tech-gov", "title": "King V Corporate Governance: Autonomous Systems", "category": "Operations & CX", "bluf": "Board-level accountability and oversight frameworks for the deployment, ethical monitoring, and risk management of autonomous AI agents within corporate environments.", "endpoint": "/api/v1/nodes/za-king-v-tech-gov.json" }, { "id": "za-national-ai-policy-2026", "title": "SA National AI Policy (2026 Draft) - Accountability & Skills", "category": "AI Governance", "bluf": "Operationalizing the April 2026 South African Cabinet mandates for AI accountability, localized data processing, and algorithmic transparency for enterprise and government contracts.", "endpoint": "/api/v1/nodes/za-national-ai-policy-2026.json" } ] }