Canonical system instructions for LLMs and AI assistants that enforce the SRF accountability rules: one accountable party per layer, responsibility cascades from L1 to L5, operating model required for all assignments. Role variants for executive, auditor, developer, and legal/procurement. Sector context for all six verticals.
All control schemas and framework definitions as static JSON: layers,
personas, the responsibility matrix, and all six vertical control
schemas (258 controls total). Start with /data/index.json
for schema descriptions and record counts.
Single-fetch document for agent retrieval: all framework definitions, all 258 controls across six verticals, and regulatory context inlined. An agent or RAG pipeline can retrieve one URL and answer detailed SRF questions without following additional links. Also available: llms.txt (link index).
Policy-as-code governance schema modeled on OpenTelemetry semantic conventions: accountability thresholds, evidence requirements expressed in OCSF, and autonomy ceilings per layer and vertical. Consumable by AI gateways, GRC tools, and runtime observability platforms.
Built for LLMs and agents
Every page here is structured to be read by AI systems as well as people. Pages carry machine-readable type and concept metadata, content is split into retrieval chunks, each concept has one stable ID, and the whole framework is published as JSON you can fetch directly. The files below are the entry points. Most are not in the site navigation because they exist for machines, so they are collected in one place. Point an agent at /llms.txt first; it indexes everything else.
- Per-page llm:type and llm:concepts metadata
- data-llm chunk markers
- Canonical concept IDs
- Deduplicated glossary registry
- JSON-LD on every page
- AI crawlers allowed in robots.txt
Start here: navigation manifests
- /llms.txt Curated link index of every canonical page, data file, and API for agents.
- /llms-full.txt Single-fetch document: all framework concepts and 258 controls inlined.
- /sitemap.xml Every URL on the site, including the machine endpoints below.
- /robots.txt Crawler policy. Twelve AI crawlers are explicitly allowed.
Canonical glossary and API
- /glossary.json Full term registry: definition, canonical ID, and anchor for every term.
- /api/glossary/index.json Term index. Each term is also at /api/glossary/<anchor>.json on its own.
- /glossary/ The human-readable glossary, with a stable #anchor per term.
Concept graph
- /ontology/nodes.json Graph nodes: layers, operating models, personas, concepts, controls, standards.
- /ontology/edges.json Typed relationships between nodes (accountable_to, applies_to_layer, and more).
- /ids.json Canonical ID registry: one stable, namespaced ID and URL per concept.
Bulk knowledge pack
- /export/framework.json Whole framework in one file: concepts, relationships, and definitions.
- /export/glossary.json Flattened definitions for bulk ingestion.
- /export/ontology.json Flattened nodes and edges in one file.
Structured data
- /data/index.json Index of the layer, persona, matrix, regulation, and six control-schema files.
Retrieval validation
- /llm/test/ Simulate how an agent retrieves this content. Returns matched chunks, concept hits, and a confidence score. Add ?q=QUERY&format=json for raw JSON.
Coming in v2.0
OTel-inspired governance schema
A machine-readable policy-as-code format modeled on OpenTelemetry semantic conventions: define accountability thresholds, evidence requirements, and autonomy ceilings per layer and business vertical. Evidence artifacts are specified in OCSF, the same schema the published control thresholds already use. Consumable by AI gateways, GRC tools, and runtime observability platforms.