Section navigation
ScopeNormative ReferencesTerms and DefinitionsApplicabilityControl Family StructureARCS-LIF: Record LifecycleARCS-CUS: Custody SurfaceARCS-TAX: Record TaxonomyARCS-OPB: Operator BoundaryARCS-PUB: Publish BoundaryARCS-NCR: Non-CreationARCS-PV: PreservationARCS-VER: VerificationARCS-AGT: Agent RuntimeARCS-DEL: Delegation and MemoryConformanceLimitations and Non-ClaimsRelationship to Other FrameworksVersioning and Amendment Control
ARCS · Section 18
Relationship to Other Frameworks
ARCS is complementary to existing security, privacy, and records management frameworks. It addresses a distinct governance layer: the lifecycle and custody of interaction records created during automated system use.
| Framework | What It Governs | ARCS Relationship |
|---|---|---|
| NIST SP 800-53 | Security and privacy controls for information systems | ARCS extends to lifecycle and custody of interaction records, which 800-53 does not address. Maps to AU-3, MP-6, SI-7, AC-3. |
| NIST AI RMF | AI risk, bias, safety, transparency | ARCS governs records created by AI systems. AI RMF governs system behavior and outputs. |
| ISO 42001 | AI management systems | ARCS provides record-level governance that organizational controls do not reach. |
| EU AI Act | High-risk AI logging obligations | EU AI Act requires log creation. ARCS governs what happens to those logs after creation. |
| SOC 2 | Service organization controls | ARCS custody and lifecycle controls may inform SOC 2 evidence. |
| MCP / A2A | Agent-to-tool and agent-to-agent protocols | MCP defines how context flows. ARCS governs what happens to records after they flow. |
ARCS does not duplicate, replace, or supersede any of these frameworks. An organization may be fully compliant with every framework listed here and still have no governance posture for interaction records. ARCS addresses that gap.