Section navigation
ACanonical DefinitionsBConformance ChecklistCRecord Surface Map TemplateDCustody Surface Map TemplateEConfiguration Exposure MatrixFFeedback Routing TableGAudit Evidence ChecklistHConformance Statement TemplateIIndependent Assessor GuidanceJConformance Model CrosswalkKARCS-to-NIST SP 800-53 CrosswalkLVerification and Attestation ProtocolMLegal and Discovery FrameworkNConduit and Custody ModelOIndustry Framework Comparison

Annex B: Conformance Checklist

This checklist supports operator self-assessment against ARCS requirements. It is informative. For normative conformance requirements, see Section 16.

ARCS-LIF: Record Lifecycle Controls

  • LIF-01: Default retention posture defined for each record category
  • LIF-02: Preservation triggers defined
  • LIF-03: Preservation scope defined
  • LIF-04: Deletion suspended upon preservation trigger
  • LIF-05: User-visible deletion distinguished from backend retention
  • LIF-06: Multi-vendor preservation procedure defined
  • LIF-07: Exit from preservation posture defined
  • LIF-08: Lifecycle disclosure available for audit, procurement, and legal evaluation
  • LIF-09: Non-creation controls defined where applicable

ARCS-CUS: Custody Surface Controls

  • CUS-01: Custody surface defined across all layers
  • CUS-02: Custodians identified
  • CUS-03: Record locations mapped
  • CUS-04: Multi-vendor propagation defined
  • CUS-05: Vendor retention disclosed
  • CUS-06: Custody surface defined during preservation
  • CUS-07: Derived artifact custody governed
  • CUS-08: Backup and archive custody governed
  • CUS-09: Custody surface disclosure available

ARCS-TAX: Record Taxonomy Controls

  • TAX-01: All required record categories defined
  • TAX-02: Deliberative records classified
  • TAX-03: Exported outputs classified
  • TAX-04: Telemetry classified
  • TAX-05: System logs classified
  • TAX-06: Safety and review records classified
  • TAX-07: Derived artifacts classified
  • TAX-08: Metadata classified
  • TAX-09: Lifecycle rules defined per category
  • TAX-10: Taxonomy documentation available

ARCS-OPB: Operator Boundary Controls

  • OPB-01: Operator boundary defined
  • OPB-02: In-scope systems listed
  • OPB-03: Vendor inclusion rule defined
  • OPB-04: Out-of-scope systems documented
  • OPB-05: Boundary change procedure defined

ARCS-PUB: Publish Boundary Controls

  • PUB-01: Publish boundary defined
  • PUB-02: Exported output classification defined
  • PUB-03: Post-publish retention rules documented
  • PUB-04: Preservation at publish boundary defined
  • PUB-05: API propagation governed
  • PUB-06: Publish events and recipients documented

ARCS-NCR: Non-Creation Controls (if claimed)

  • NCR-01: Non-creation declaration documented
  • NCR-02: Memory-only processing documented
  • NCR-03: Non-retention declaration documented
  • NCR-04: Preservation posture interaction defined
  • NCR-05: Non-creation documentation available

ARCS-PV: Preservation and Legal Hold Controls

  • PV-01: Preservation trigger defined
  • PV-02: Legal hold process defined
  • PV-03: Preservation overrides deletion
  • PV-04: Preservation responsibility identified
  • PV-05: Multi-vendor preservation defined
  • PV-06: Exit from preservation posture defined

ARCS-VER: Verification and Audit Controls

  • VER-01: Documentation current
  • VER-02: Internal verification completed
  • VER-03: Vendor verification obtained
  • VER-04: Preservation verification completed
  • VER-05: Documentation available for audit
  • VER-06: Attestation available