Section navigation
1Scope2Normative References3Terms and Definitions4Applicability5Control Family Structure6ARCS-LIF: Record Lifecycle7ARCS-CUS: Custody Surface8ARCS-TAX: Record Taxonomy9ARCS-OPB: Operator Boundary10ARCS-PUB: Publish Boundary11ARCS-NCR: Non-Creation12ARCS-PV: Preservation13ARCS-VER: Verification14ARCS-AGT: Agent Runtime15ARCS-DEL: Delegation and Memory16Conformance17Limitations and Non-Claims18Relationship to Other Frameworks19Versioning and Amendment Control

ARCS · Section 5

Control Family Structure

ARCS controls are organized into ten control families. Each family addresses a distinct governance domain for interaction records. Controls within each family are identified by a three-letter family code and a two-digit sequence number (e.g., LIF-01, AGT-07). ARCS v1.0 contains 92 controls across 10 control families.

ARCS uses a two-layer family structure. In the Standard, each family is defined as a governance domain with a distinct scope and boundary. In the Controls catalog, each family is expressed through its constituent control statements and related operational detail.

Code Family Domain Controls
ARCS-LIF Record Lifecycle Creation, retention, deletion, vendor deletion verifiability, and lifecycle state transitions 13
ARCS-CUS Custody Surface Custody identification, multi-vendor propagation, authorization-gap custody, vendor governance declarations 12
ARCS-TAX Record Taxonomy Record categories, classification, and category-based lifecycle rules 11
ARCS-OPB Operator Boundary Operator scope, vendor inclusion, responsibility boundary 5
ARCS-PUB Publish Boundary Export, third-party sharing, API propagation 6
ARCS-NCR Non-Creation Posture Non-creation declarations, memory-only processing, publish boundary verification 6
ARCS-PV Preservation and Legal Hold Preservation triggers, hold process, multi-vendor preservation communication 7
ARCS-VER Verification and Audit Lifecycle audit, custody audit, vendor compliance, cross-vendor traceability, attestation 7
ARCS-AGT Agent Runtime Agent runtime artifacts, tool call governance, intermediate record controls, security-relevant content, lifecycle boundaries 13
ARCS-DEL Delegation and Memory Governed persistence, delegation chains, autonomous execution records, emergent execution documentation 12

Each control family has a defined applicability scope. An operator satisfies the applicable families for its deployment and documents non-applicability for others.

The base families (ARCS-LIF through ARCS-VER) apply to all deployments subject to ARCS. ARCS-NCR applies only where non-creation or non-retention is claimed.

ARCS-AGT applies to any deployment in which an automated system operates across multiple steps, invokes external tools, or maintains state across steps within a session.

ARCS-DEL applies to any deployment in which an agent maintains state across sessions, operates with delegated authority, or executes autonomous action sequences without synchronous human review.