09

Register 09 · Compliance controls.

Sixty-nine marks · cite-anchors for every regulatory regime Planisphere maps to · postmark idiom · single distinctive brass glyph per control · universal classifier · pSEO surface · 69 marks · one of the 17 registers on the Backstaff.

This register is one face of the Backstaff evidence system — the held instrument that holds the Astrolabe measurement engine, maps compliance controls, and engraves every evidence record into a register of record. The full reference library lives at /corpus; the alphabetical view at /corpus/glossary; the operator view at /corpus/switchboard.

Buyer path

Turn this source into a workflow review.

The library is the source layer. For a live deployment, bring Planisphere the workflow, systems, owners, and compliance question; we map the graph, run the harness, and return evidence your internal or external compliance team can inspect.

01 ·

Marks.

69 source marks in this register.
NIST AI RMF#01 · compliance

NIST AI 100-1 · Govern · Map · Measure · Manage

Reference · Brief

OMB M-25-21/22#02 · compliance

federal AI risk-management + acquisition

Reference · Brief

DoW RAI S&IP#03 · compliance

Responsible · Equitable · Traceable · Reliable · Governable

Reference · Brief

EO 14179#04 · compliance

Removing Barriers to American Leadership in AI (Jan 2025)

Reference · Brief

ISO/IEC 42001#05 · compliance

international AI management system standard

Reference · Brief

FIPS 140-3#06 · compliance

crypto module validation · 4 security levels

Reference · Brief

SHA-256 / FIPS 180-4#07 · compliance

hash algorithm · per-file pinning primitive

Reference · Brief

SLSA v1.0#08 · compliance

supply-chain levels for software artifacts

Reference · Brief

SBOM#09 · compliance

software bill of materials · NTIA + CISA

Reference · Brief

SCITT#10 · compliance

supply-chain integrity, transparency, trust · IETF

Reference · Brief

C-SCRM#11 · compliance

supply-chain risk · NIST SP 800-161r1

Reference · Brief

NIST SP 800-53 Rev. 5#12 · compliance

controls baseline · 20 families · AI overlays

Reference · Brief

CMMC#13 · compliance

Cybersecurity Maturity Model · L1 · L2 · L3

Reference · Brief

SSDF SP 800-218#14 · compliance

Secure Software Development Framework

Reference · Brief

ATO#15 · compliance

Authorization to Operate · program-office citation

Reference · Brief

DoW IL2 / IL4#16 · compliance

DoD Impact Levels · classified delivery

Reference · Brief

DFARS 252.204-7012#17 · compliance

CUI handling · 72-hour breach reporting

Reference · Brief

HIPAA#18 · compliance

health privacy · patient data confidentiality

Reference · Brief

HHS §1557#19 · compliance

ACA non-discrimination in patient-care AI

Reference · Brief

FDA PCCP / SaMD#20 · compliance

Predetermined Change Control · medical AI

Reference · Brief

FRE 702#21 · compliance

expert testimony · reliability gatekeeping

Reference · Brief

ABA Model Rules#22 · compliance

Rule 1.1 · 1.6 · 3.3 · 5.1–5.3 · Op 512

Reference · Brief

FERPA#23 · compliance

education records · student-data privacy

Reference · Brief

Title VI#24 · compliance

Civil Rights · disparate-impact disclosure

Reference · Brief

NIST AI RMF · GOVERN#25 · compliance

Govern function · 6 categories · 19 subcategories · cross-cutting risk culture

Reference · Brief

NIST AI RMF · MAP#26 · compliance

Map function · context & risk framing · 16 subcategories

Reference · Brief

NIST AI RMF · MEASURE#27 · compliance

Measure function · TEVV · 19 subcategories · the audit-triad home

Reference · Brief

NIST AI RMF · MANAGE#28 · compliance

Manage function · risk treatment & prioritization · 10 subcategories

Reference · Brief

Generative-AI risk profile · companion to the AI RMF

Reference · Brief

OMB M-25-21#30 · compliance

Federal AI use · Chief AI Officer · high-impact minimum practices (issued 2025-04-03)

Reference · Brief

OMB M-25-22#31 · compliance

Federal AI acquisition · anti-lock-in · performance/risk monitoring clauses

Reference · Brief

High-Impact AI#32 · compliance

M-25-21 risk class · 7 minimum practices · the pre-deployment testing obligation

Reference · Brief

SP 800-218 PS practices · the SLSA-attested subgroup

Reference · Brief

ISO/IEC 42001 · Annex A#34 · compliance

9 control topics · ~42 AIMS controls · the auditable surface

Reference · Brief

NIST 800-53 · AU#35 · compliance

Audit & Accountability control family · maps to the evidence record

Reference · Brief

NIST 800-53 · CA#36 · compliance

Assess/Authorize/Monitor family · maps to the re-run cadence

Reference · Brief

FedRAMP#37 · compliance

Federal cloud authorization · Low/Mod/High + 20x machine-readable KSIs

Reference · Brief

DoW IL5 / IL6#38 · compliance

Impact Levels 5-6 · NSS + Classified-to-Secret · air-gapped delivery

Reference · Brief

RMF (SP 800-37)#39 · compliance

Risk Management Framework · the 7-step ATO lifecycle the package follows

Reference · Brief

ITAR#40 · compliance

USML technical-data control · deemed-export boundary for model artifacts

Reference · Brief

EAR#41 · compliance

Dual-use export control (EAR99 / CCL) · AI-diffusion chip + weight controls

Reference · Brief

SCIF / Air-Gap Posture#42 · compliance

Offline / SCIF deployment · evidence check with no network egress

Reference · Brief

CMS#43 · compliance

Medicare/Medicaid coverage · algorithm cannot be the sole basis to deny care

Reference · Brief

ONC HTI-1#44 · compliance

predictive-DSI transparency · 31 source attributes · FAVES

Reference · Brief

DSI Source Attributes#45 · compliance

the 31 predictive-DSI source attributes as an evidence checklist

Reference · Brief

FDA PCCP#46 · compliance

Predetermined Change Control Plan · drift-bounded model updates

Reference · Brief

FDA SaMD 510(k)/De Novo#47 · compliance

clearance pathway for AI/ML device software functions

Reference · Brief

GMLP#48 · compliance

Good Machine Learning Practice · 10 lifecycle principles

Reference · Brief

HIPAA Security Rule#49 · compliance

ePHI safeguards · 2025 NPRM cyber-modernization (PROPOSED)

Reference · Brief

FSMB AI / state boards#50 · compliance

physician-responsibility · standard-of-care · state medical-board AI policy

Reference · Brief

FRE 707 (proposed)#51 · compliance

machine-generated evidence · Rule-702-grade reliability for AI output (PROPOSED)

Reference · Brief

ABA Formal Op. 512#52 · compliance

generative-AI duties · competence · confidentiality · candor · supervision

Reference · Brief

AI Citation Sanctions#53 · compliance

hallucinated-authority sanctions wave · Rule 11 / 9011 · candor-to-tribunal

Reference · Brief

State Bar AI Opinions#54 · compliance

CA · FL · TX · NY · PA · NC bar gen-AI ethics guidance roundup

Reference · Brief

Section 504#55 · compliance

disability nondiscrimination · FAPE · AI in accommodation determinations

Reference · Brief

IDEA#56 · compliance

special-ed · IEP integrity · AI in eligibility & service determinations

Reference · Brief

COPPA#57 · compliance

under-13 data · 2025 amended Rule · ed-tech consent & retention

Reference · Brief

OCR AI Guidance#58 · compliance

ED Office for Civil Rights · discriminatory-AI nondiscrimination resource

Reference · Brief

SOPIPA#59 · compliance

student-data-privacy model law · 20+ state adoptions · no-profiling

Reference · Brief

Proctoring Fairness#60 · compliance

automated proctoring/grading · §504 disparate-impact across cohorts

Reference · Brief

NYC Local Law 144#61 · compliance

AEDT bias-audit mandate — the literal third-party audit Planisphere performs

Reference · Brief

Colorado AI Act#62 · compliance

SB 24-205 → SB 26-189 lineage · high-risk notice/transparency (eff 2027-01-01)

Reference · Brief

Texas TRAIGA#63 · compliance

HB 149 intent-based AI governance (eff 2026-01-01)

Reference · Brief

Utah AI Policy Act#64 · compliance

SB 149 / SB 226 disclosure-on-request for generative AI

Reference · Brief

Illinois HB 3773#65 · compliance

IHRA AI-employment non-discrimination + notice (eff 2026-01-01)

Reference · Brief

SB 942 + AB 2013 + SB 53 + CCPA ADMT — the CA frontier/transparency stack

Reference · Brief

EU AI Act#67 · compliance

risk-tiered conformity assessment + post-market monitoring (phased 2025-2027)

Reference · Brief

EU GPAI Code of Practice#68 · compliance

voluntary interim evidence bridge for general-purpose AI models

Reference · Brief

UK Pro-Innovation AI#69 · compliance

principles-based, sector-led · AI Bill anticipated 2026

Reference · Brief