Section navigation
ScopeNormative ReferencesTerms and DefinitionsApplicabilityControl Family StructureARCS-LIF: Record LifecycleARCS-CUS: Custody SurfaceARCS-TAX: Record TaxonomyARCS-OPB: Operator BoundaryARCS-PUB: Publish BoundaryARCS-NCR: Non-CreationARCS-PV: PreservationARCS-VER: VerificationARCS-AGT: Agent RuntimeARCS-DEL: Delegation and MemoryConformanceLimitations and Non-ClaimsRelationship to Other FrameworksVersioning and Amendment Control
ARCS · Section 2
Normative References
The key words SHALL, SHALL NOT, MUST, MUST NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this standard are to be interpreted as described in IETF RFC 2119 and BCP 14.
This standard may be used with, but does not replace, the following frameworks. ARCS defines a distinct governance domain for interaction records that no current framework addresses.
| Framework | What It Governs | ARCS Relationship |
|---|---|---|
| NIST SP 800-53 | Security controls for information systems | ARCS extends to lifecycle and custody of interaction records |
| NIST AI RMF | AI risk, bias, safety, transparency | ARCS governs records created by AI systems |
| ISO 27001 | Information security management | ARCS complements by addressing record lifecycle |
| ISO 42001 | AI management systems | ARCS provides record-level governance that organizational controls do not reach |
| GDPR / CCPA | Personal data protection | ARCS addresses custody and preservation obligations independently of data classification |
| EU AI Act | High-risk AI logging obligations | EU AI Act requires log creation; ARCS governs what happens to those logs after creation |
| SOC 2 | Service organization controls | ARCS custody and lifecycle controls may inform SOC 2 evidence |
| MCP / A2A | Agent-to-tool and agent-to-agent protocols | MCP defines how context flows; ARCS governs records created as a result |