Appendices
Control Quick Reference
This reference lists all 48 Continuum/AI controls with their identifier, title, and minimum certification profile.
Governance (GOV)
| ID | Title | Profile |
|---|---|---|
| GOV-01 | Acceptable Use Policy | Essential |
| GOV-02 | Ownership Assignment | Essential |
| GOV-03 | Agent Inventory | Standard |
| GOV-04 | Human Oversight Policy | Standard |
| GOV-05 | Risk Assessment Cadence | Elevated |
Identity (IDN)
| ID | Title | Profile |
|---|---|---|
| IDN-01 | Agent Identity | Standard |
| IDN-02 | Server Authentication | Standard |
| IDN-03 | Credential Management | Elevated |
| IDN-04 | Credential Rotation | Critical |
Authorization (AZN)
| ID | Title | Profile |
|---|---|---|
| AZN-01 | Least Privilege | Essential |
| AZN-02 | Resource Scope Limitation | Standard |
| AZN-03 | Temporal Constraints | Standard |
| AZN-04 | Action Filtering | Elevated |
| AZN-05 | Delegation Constraints | Elevated |
Data Protection (DAT)
| ID | Title | Profile |
|---|---|---|
| DAT-01 | Data Classification | Essential |
| DAT-02 | Access Restrictions by Classification | Essential |
| DAT-03 | Encryption in Transit | Standard |
| DAT-04 | Encryption at Rest | Elevated |
| DAT-05 | Output Sanitization | Elevated |
| DAT-06 | Retention Limits | Critical |
Input Validation (VAL)
| ID | Title | Profile |
|---|---|---|
| VAL-01 | Input Sanitization | Essential |
| VAL-02 | Injection Detection | Essential |
| VAL-03 | Source Verification | Standard |
| VAL-04 | Content Boundary Enforcement | Elevated |
| VAL-05 | Adversarial Testing | Critical |
Execution Security (EXE)
| ID | Title | Profile |
|---|---|---|
| EXE-01 | Process Isolation | Essential |
| EXE-02 | Resource Limits | Standard |
| EXE-03 | Network Segmentation | Standard |
| EXE-04 | Filesystem Restrictions | Elevated |
| EXE-05 | Code Execution Controls | Critical |
Observability (OBS)
| ID | Title | Profile |
|---|---|---|
| OBS-01 | Action Logging | Essential |
| OBS-02 | Session Correlation | Standard |
| OBS-03 | Immutable Audit Trail | Elevated |
| OBS-04 | Anomaly Detection | Elevated |
| OBS-05 | Confluence Monitoring | Elevated |
| OBS-06 | Retention Compliance | Critical |
Intervention (INT)
| ID | Title | Profile |
|---|---|---|
| INT-01 | Pause Capability | Standard |
| INT-02 | Approval Workflows | Elevated |
| INT-03 | Automated Containment | Elevated |
| INT-04 | Escalation Procedures | Critical |
Resilience (RES)
| ID | Title | Profile |
|---|---|---|
| RES-01 | Incident Classification | Standard |
| RES-02 | Containment Procedures | Elevated |
| RES-03 | Forensic Preservation | Elevated |
| RES-04 | Recovery Procedures | Critical |
Supply Chain (SUP)
| ID | Title | Profile |
|---|---|---|
| SUP-01 | Dependency Inventory | Standard |
| SUP-02 | Dependency Assessment | Elevated |
| SUP-03 | Prompt Supply Chain | Elevated |
| SUP-04 | Integration Monitoring | Critical |