OASF is not another framework document. It is a structured, domain-based governance architecture that defines the control boundaries your organisation needs — and drives what Aegis enforces at runtime. Aligned directly to EU AI Act and NIST AI RMF.
Each domain addresses a distinct governance dimension — from how AI data is classified and handled, to how models are approved and monitored, to how incidents are detected and responded to. Click any domain to explore its controls.
Defines how data is classified, handled, protected, and controlled throughout AI interactions. Establishes the data minimisation, purpose limitation, and protection rules that Aegis Guard enforces at runtime — ensuring sensitive data never reaches unapproved AI models.
Aegis enforcement
OASF-DG controls drive the Aegis Guard inspection rules — defining which data classifications trigger redaction, blocking, or elevated routing at runtime.
Defines data sensitivity tiers for AI contexts — from public to restricted. Specifies which data categories may be processed by which AI model types.
Controls governing the use of personal data in AI prompts, training, and outputs. Enforces GDPR data minimisation and purpose limitation at the point of AI interaction.
Prohibits processing of GDPR Art. 9 special category data (health, biometric, ethnic origin) through unapproved AI systems. Defines approved exceptions and controls.
Controls governing data transferred to AI providers outside the EU/EEA. Defines approved transfer mechanisms and routing restrictions for sensitive data classifications.
Defines how AI models are evaluated, approved, catalogued, monitored, and retired. Establishes the approved model registry that Aegis Routing uses to select and enforce model access — ensuring employees only interact with vetted, approved AI models.
Aegis enforcement
OASF-MG controls populate the Aegis Routing catalogue — defining which models are approved for which data classifications and business contexts.
Defines the evaluation and approval process for AI models before enterprise deployment. Includes security review, bias assessment, explainability evaluation, and regulatory compliance check.
Maintains the authoritative registry of approved AI models, providers, and permitted use cases. Defines model-to-data-classification matching rules and access boundaries.
Ongoing monitoring of deployed AI models for drift, bias, performance degradation, and adversarial manipulation. Defines escalation thresholds and response procedures.
Controls for identifying and managing unapproved AI tool usage across the enterprise. Defines discovery methods, risk classification, and remediation procedures for shadow AI.
Defines how identity is verified, access is authorised, and roles are enforced for AI interactions. Every AI interaction must be identity-bound — ensuring the audit trail can reconstruct who accessed what, when, and why.
Aegis enforcement
OASF-AI controls drive Aegis Gateway identity binding — SSO integration, MFA enforcement, and role-aware access to approved AI models.
Requires all AI interactions to be bound to a verified enterprise identity. Prohibits anonymous or shared-account AI access. Enforces SSO integration with enterprise IAM.
Defines role-based access controls for AI model usage. Business roles determine which models, data classifications, and AI capabilities are accessible — enforced at the governance layer.
Enhanced controls for privileged access to AI systems — model administrators, governance officers, and audit reviewers. Defines approval workflows and just-in-time access procedures.
Defines the technical security controls protecting AI systems from adversarial attack, manipulation, and misuse. Covers prompt injection defence, adversarial robustness, and AI-specific threat modelling — the security controls that SIEM tools and traditional DLP were not built for.
Aegis enforcement
OASF-OS controls drive Aegis Guard prompt inspection — detecting injection attacks, jailbreak attempts, and policy evasion before they reach the model.
Controls for detecting and blocking prompt injection attacks — attempts to override AI governance controls through malicious instructions embedded in prompts or input data.
Monitoring and detection controls for adversarial inputs designed to manipulate model outputs, extract training data, or cause model misbehaviour in production environments.
Structured threat modelling for AI systems — identifying attack surfaces, threat actors, and attack vectors specific to AI deployments in regulated enterprise environments.
Security controls for AI model supply chains — vetting model providers, validating model integrity, and managing third-party AI component risk.
Defines the logging, reporting, and evidence generation requirements that make AI governance demonstrable to regulators, boards, and auditors. Every AI interaction must be reconstructable — who, what data, which model, what policy applied, what was the outcome.
Aegis enforcement
OASF-AC controls define the Aegis Audit log schema — every field, every classification, every policy decision that must be captured and retained.
Mandatory logging requirements for all AI interactions — timestamp, user identity, data classifications detected, policies applied, model used, and policy outcome. Tamper-evident log integrity required.
Defines the governance reporting cadence, report formats, and metrics required for board, executive, and regulatory reporting. Includes AI risk score, policy compliance rate, and incident summary.
Controls for generating, maintaining, and producing regulatory evidence — GDPR processing records, EU AI Act conformity documentation, NIS2 security measure evidence, and audit trail exports.
Defines how AI-specific security incidents are detected, classified, contained, investigated, and reported. Traditional incident response playbooks were not designed for AI misuse, model manipulation, or governance failures — this domain fills that gap.
Aegis enforcement
OASF-IR controls define Aegis alerting thresholds — when policy violations, anomalous patterns, or credential incidents trigger automated escalation.
Defines the AI-specific incident taxonomy — data leakage, model manipulation, governance bypass, credential compromise, adversarial attack, and compliance breach. Maps to GDPR 72-hour notification and NIS2 reporting requirements.
Structured response procedures for each AI incident category — containment steps, investigation requirements, notification obligations, and governance escalation paths.
Mandatory post-incident review process for AI security events — root cause analysis, control gap identification, OASF framework update requirements, and regulatory notification documentation.
Every OASF control is mapped to the regulatory frameworks your organisation is already accountable to. OASF is not a new language to learn — it is a practical implementation of the standards you already know.
Most governance frameworks produce documents. OASF produces operational controls. Every domain, every control, every policy ID in the framework becomes a runtime enforcement rule in Aegis — making governance measurable, auditable, and demonstrable.
Identifies risk and governance gaps — defines what OASF needs to address
Defines the control architecture — becomes the policy engine for Aegis
Enforces OASF controls at runtime — generates audit evidence back into governance
OASF defines the governance architecture that Aegis enforces at runtime — typically established through an OASAT assessment that identifies your governance gaps and the controls your organisation needs.