ARCS/Crosswalks/ARCS / AIUC-1 Crosswalk
ARCS / AIUC-1 Governance Crosswalk
Source-element links point to official public source materials where stable public URLs are available. For standards or criteria that do not expose freely accessible clause-level text, links point to the official product, browsing, or reference page. The mapping remains informative.
Source-element links point to publicly available AIUC materials where a stable official URL exists. AIUC does not guarantee stable deep anchors for every control identifier; identifiers remain readable labels and the crosswalk stays informative.
Overview
AIUC-1 is an AI agent assurance standard published by the AI Underwriting Collaborative, addressing security, safety, reliability, and accountability for AI agent runtime behavior. The Q2 2026 update added 14 requirements and 23 controls, primarily addressing MCP and A2A protocol security, third-party risk management, and agent identity governance.
ARCS is a separate lifecycle-governance standard for the records AI systems create during operation. This crosswalk identifies bounded points at which AIUC-1 runtime controls create record-bearing conditions with custody, retention, verification, preservation, or production implications governed by ARCS.
Interpretive status
This instrument is an informative crosswalk. It does not restate AIUC-1 requirements, does not modify ARCS control text, and does not establish a claim of equivalence or certification between the two instruments.
ARCS relevance
AIUC-1 operates within the access-control layer: data classification, access restriction, storage security, output review, usage disclosure, and activity auditing. ARCS operates in the custody layer beneath it: record existence, retention lifecycle, vendor persistence, multi-vendor propagation, legal compulsion, and controlled non-creation.
Framework scope
Table A maps each AIUC-1 family to ARCS control families at the theme level. Fit labels indicate the strength of ARCS relevance to the stated requirement within ARCS's narrower record-governance scope. The table is interpretive and thematic; it does not restate AIUC-1 control text and is not a clause-by-clause equivalence map. AIUC-1 families without an ARCS counterpart (Safety, Society) are addressed in the Outside Scope section.
| Family | Category / Theme | ARCS Families | Alignment |
|---|---|---|---|
| Family A | Agent identity and evidentiary attribution | Strong | |
| Family A | Access management and permission audit records | Strong | |
| Family A | Accountability policy and AI governance posture | Moderate | |
| Family B | MCP server access and runtime containment records | Strong | |
| Family B | Authentication, transport, and signed message records | Strong | |
| Family D | MCP server logging and tool-call governance | Strong | |
| Family D | Data handling, privacy controls, and lifecycle governance of logs | Strong | |
| Family D | Preservation of logging and monitoring records under hold | Strong | |
| Family E | Vendor due diligence and third-party access monitoring | Strong | |
| Family E | Vendor-side record persistence after operator deletion | Strong |
Selected mappings
Selected AIUC-1 controls for which ARCS has a clear and bounded relationship. Controls addressing output safety, harm prevention, fairness, societal impact, and other domains outside ARCS scope are omitted.
Family A: Accountability
AIUC-1 Family A addresses agent governance, identity, access management, and permissions. ARCS contributes where accountability artifacts become records: cryptographic identity attestations, permission change logs, access audit records, and accountability-policy documents themselves are subject to lifecycle, custody, classification, and preservation governance that AIUC-1 does not enter.
| Control | AIUC-1 Requirement | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| A003.3 | Cryptographic Agent Identity. Requires unique, cryptographically verifiable agent identities for attribution and audit trail purposes | ARCS-VER (VER-01), ARCS-CUS (CUS-01), ARCS-TAX (TAX-02), ARCS-PV (PV-01) | Strong | Cryptographic identity strengthens evidentiary status of records associated with verified agents. ARCS governs the lifecycle of the attestation artifacts themselves, including preservation triggers when litigation hold is invoked. |
| A003.4 | Agent Access and Permissions Management. Requires permission-ready architecture for agent access governance, including just-in-time permissions | ARCS-AGT (AGT-01), ARCS-LIF (LIF-01), ARCS-DEL (DEL-01) | Strong | Permission audit trails are discoverable records. ARCS addresses retention posture, custody, and lifecycle governance of permission change logs, access revocation records, and just-in-time grant records. |
Family B: Security
AIUC-1 Family B addresses infrastructure security, transport security, authentication, and containment. ARCS contributes where security controls generate persistent records. Authenticated connections, signed messages, sandboxed execution, and approved vendor interactions all create records that persist beyond the security event and require lifecycle governance.
| Control | AIUC-1 Requirement | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| B006.1 / B006.3 | MCP Server Access and Runtime Containment. Restricts agent connections to approved MCP servers and requires runtime sandboxing for MCP server execution environments | ARCS-CUS (CUS-04, CUS-12), ARCS-OPB (OPB-03) | Strong | An approved, sandboxed MCP server may retain interaction records indefinitely under vendor default retention. ARCS addresses vendor-side persistence disclosure, vendor governance declarations, and vendor inclusion rules for approved server vendors. |
| B008.2 / B008.3 / B008.4 | Authentication, Transport, and Message Integrity. Extends authentication to model APIs, MCP, and A2A channels; requires encrypted transport; requires cryptographic message signing and schema validation | ARCS-CUS (CUS-01, CUS-04), ARCS-LIF (LIF-01) | Strong | Authenticated, encrypted, signed connections generate persistent records on both sides of the connection. Transport security governs the channel. ARCS governs the records that flow through the channel and persist after the channel closes. |
Family D: Data and Privacy
AIUC-1 Family D addresses data handling, tool governance, logging, and privacy controls. This family is the single largest attachment point for ARCS, because instrumentation and logging requirements directly create records that require lifecycle governance. ARCS addresses retention, custody, classification, and preservation of the logs that AIUC-1 specifies should exist.
| Control | AIUC-1 Requirement | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| D003.1 | Tool Call Governance. Requires tool authorization and input/output validation extended to MCP server tool calls | ARCS-AGT (AGT-03, AGT-05), ARCS-TAX (TAX-02) | Strong | Tool call authorization and validation logs are records. ARCS governs tool call record classification, intermediate record controls, and lifecycle of records generated during tool call execution. |
| D003.3 | MCP Server Logging. Requires logging of MCP server-level metadata including tool name and input parameters | ARCS-LIF (LIF-03), ARCS-CUS (CUS-04, CUS-07), ARCS-TAX (TAX-02) | Strong | Instrumentation captures MCP tool-call logs. Without ARCS retention schedule disclosure, vendor-side persistence disclosure, multi-vendor surface mapping, and record taxonomy classification, those logs accumulate in an ungoverned state. |
Family E: Reliability
AIUC-1 Family E addresses uptime, third-party management, and vendor oversight. ARCS contributes where vendor due diligence and access monitoring do not address whether vendor-retained records survive operator deletion. ARCS governs the vendor-side record persistence posture that reliability controls do not reach.
| Control | AIUC-1 Requirement | ARCS Controls | Fit | Note |
|---|---|---|---|---|
| E006 / E009 | Vendor Due Diligence and Third-Party Access Monitoring. Requires data handling, PII controls, security, and compliance evaluation for upstream providers. Mandatory third-party access monitoring | ARCS-CUS (CUS-04, CUS-12), ARCS-OPB (OPB-03), ARCS-VER (VER-01), ARCS-LIF (LIF-12) | Strong | Vendor due diligence does not address whether vendor-retained records survive operator deletion. Access monitoring does not address the custody posture of the monitoring records themselves. ARCS addresses vendor deletion verifiability, vendor governance declarations, and vendor inclusion rules. |
Complementary coverage
An organization implementing both frameworks achieves coverage across both the access-control layer and the custody layer. AIUC-1 reduces the probability that an agent malfunctions, is exploited, or produces harmful output. ARCS governs what happens to the records that execution creates, regardless of whether the execution was successful.
An organization that achieves full AIUC-1 certification and passes every Q2 control still generates discoverable records with no lifecycle governance unless ARCS controls, or equivalent measures, are also in place. The agent connects only to approved MCP servers, those servers run in sandboxed environments, all channels use encrypted transport with authenticated callers, tool calls are authorized and validated, and comprehensive logs are captured. The records generated during that correctly-operating execution accumulate in vendor systems and remain compellable under legal process, with no AIUC-1 control governing their retention, custody, preservation, or production posture.
Conversely, an organization that achieves ARCS conformance has lifecycle governance over its interaction records but no assurance that its agents operate safely, securely, or within acceptable behavioral boundaries. Both frameworks are necessary for comprehensive AI governance. Neither is sufficient alone.
Outside scope
ARCS does not attempt to cover several AIUC-1 governance domains that remain within the access-control layer. AIUC-1 addresses output safety and content filtering (Family C), runtime sandboxing and exploitation prevention (Family B), and societal impact, fairness, and transparency (Family F). ARCS does not govern agent output quality, runtime security architecture, or societal impact of AI systems.
The omission is structural rather than accidental. AIUC-1 governs the operational environment in which records are created. ARCS governs what happens to those records afterward. ARCS also governs several record-lifecycle domains outside AIUC-1 coverage:
Record retention and deletion lifecycle
ARCS-LIF (LIF-01 to LIF-13)
AIUC-1 specifies what to log (D003.3) but does not address how long to keep it, when to delete it, or how to verify that deletion propagates across vendor systems. An organization conformant with AIUC-1 logging captures the records; ARCS governs whether those records persist for 30 days, 7 years, or indefinitely, and whether deletion at the application layer corresponds to deletion at the infrastructure layer.
Custody surface and multi-vendor propagation
ARCS-CUS (CUS-01 to CUS-12)
AIUC-1 addresses which vendors to approve (E006) but does not address where records reside after approval. When a tool call invokes an approved MCP server and the server forwards data to downstream processors, ARCS governs the custody chain disclosure, multi-vendor propagation mapping, and authorization-gap custody that extends beyond the initially approved vendor.
Preservation and legal hold
ARCS-PV (PV-01 to PV-07)
AIUC-1 does not address legal process requirements for retained records. When a preservation notice, subpoena, or regulatory inquiry arrives, ARCS governs preservation triggers, hold process, and multi-vendor preservation communication. AIUC-1 security controls remain in effect but do not determine preservation scope or communication obligations.
Non-creation posture
ARCS-NCR (NCR-01 to NCR-06)
AIUC-1 does not address the option of not creating records. ARCS recognizes non-creation as a distinct governance posture: memory-only processing, ephemeral modes, and declared non-retention. This posture is unavailable within the AIUC-1 framework, which assumes records exist and focuses on securing their creation and monitoring.
Delegation and memory persistence
ARCS-DEL (DEL-01 to DEL-12)
AIUC-1 addresses agent permissions (A003.4) but does not govern the lifecycle of records generated during delegated execution. When one agent delegates to another, cross-session memory persists, or autonomous execution produces intermediate records, ARCS governs the persistence, custody, and lifecycle of those artifacts.
AIUC-1 updates quarterly. Each quarterly update may add controls that create new record classes, new instrumentation requirements, or new audit trail obligations. This crosswalk should be reviewed against each AIUC-1 quarterly update to identify new controls with custody-layer implications.