Glossary

This glossary defines key terms used throughout the Continuum/AI standard.

Terms

Agent: A software system that interprets objectives expressed in natural language or structured formats and autonomously determines and executes actions to achieve those objectives.

Certification Profile: One of four levels (Essential, Standard, Elevated, Critical) defining control requirements based on data sensitivity and potential impact.

Confluence: A condition in which multiple capabilities, each individually acceptable, combine to create an elevated risk that warrants additional controls.

Control: A specific security requirement that organizations must implement to achieve certification. Each control includes identifier, requirement, rationale, evidence, and profile.

Control Plane: An architectural component that centralizes authentication, authorization, routing, and observability for agent-to-tool communications.

Delegation: The transfer of authority from a user to an agent, enabling the agent to act on the user's behalf within defined constraints.

Deterministic Visibility: The property of a system in which every action taken by an agent is logged with sufficient detail to enable complete reconstruction of behavior.

Domain: One of ten categories organizing related controls: GOV, IDN, AZN, DAT, VAL, EXE, OBS, INT, RES, SUP.

Evidence: Artifacts required to demonstrate compliance with a control, including policy documents, configuration exports, log samples, and audit reports.

Exfiltration Confluence: The combination of data access, external content processing, and external transmission capabilities that enables data exfiltration.

Persistence Confluence: The combination of write access, credential access, and scheduling capabilities that enables persistent backdoor installation.

Scope: The defined boundaries of a certification including environment, agent inventory, data classification, and integration points.

Session: A bounded execution context within which an agent maintains state and operates under a consistent set of permissions.

Tool: An interface that enables an agent to perform actions beyond text generation, including API calls, file operations, database queries, and external communications.