Compliance posture
AIMS operations
Enterprise workspace
Signal queue
Notifications
In-platform manual
Platform guide
Understand why each module exists, what should go into it, what should come out, and how it connects to the rest of the management system.
Live role manual
Open the operating manual for this role
The current role manual loads here, with the most relevant section highlighted for the module you are using.
In-context glossary
What is this?
Understand what this module is for, when to use it, and what the key domain terms mean here.
Current module
Key terms in this module
Workspace glossary
Common terms across AIMS
Internal control preview
Control preview
Inspect the control, its linked requirements, and its operating proof without leaving the matrix.
Secure rotation required
Change this password before the workspace opens
This account is still on a bootstrap or temporary password. Set a new one now so the workspace can open the right governance lane.
Executive control room
Dashboard
Run the AI governance program from one command surface built for posture, pressure, and next decisions.
Governance posture
AI posture score
Role home
Start with the work for this role
Permission detail Open only when you need the permission matrix behind this role.
What changed this week
Decision trail without the noise
Shadow AI command
What should leadership do next on Shadow AI?
Use this lane to read live containment, promote-or-close decisions, and evidence pressure before opening the deeper discovery workspace.
First minute
What needs attention now
Shadow AI Discovery
Where people are trying AI outside the approved estate
Risk pulse
Where risk is concentrated
Framework command
Posture by standard
Provider telemetry
Providers that need attention
Priority risks
Escalation queue
Accountability lane
Owners, due dates, and SLA at risk
Open operational depth Open deeper counters, evidence, provider, agent, and incident lanes only when the headline is not enough.
Operational depth
Supporting counters, queues, and technical lanes
Agent governance
Agent autonomy and control
Control coverage
Framework drill-down
Incident queue
Investigation command
Evidence rhythm
Evidence pending or aging
Board narrative
Reporting
Keep exports, charts, and governance story in one dedicated executive module.
Executive reporting studio
Board-ready AI governance narrative
Board signal
Committee posture
Buyer diligence pack Use this when a buyer, partner, or diligence reviewer needs Shadow AI, evidence freshness, and real operating follow-through up front.
Operational register exports Download CSV snapshots for risk, controls, and integrations.
Executive focus
Choose the audience and the next decision
Start with the audience that answers today's question. Use search only when you already know what you need.
Reporting start
Open the right reporting lane first
Start with the lane that answers the question in front of you.
Role compass
Which question matters first?
Open the first question instead of scanning every reporting lane.
Standards landscape
How the active standards are holding
Shadow AI command
What should leadership do next on Shadow AI?
Use this lane to read live containment, promote-or-close decisions, and evidence pressure without leaving the reporting room.
Buyer diligence
What should a buyer believe first?
Use this lane to show that Shadow AI is contained, evidence is fresh enough, and operating follow-through can withstand diligence, not only internal governance review.
Escalation view
What can still escalate
Regulatory overlay
Where regulatory pressure is building
Audit readiness
Can we defend this under audit?
Use this lane to judge whether applicability, requirement traceability, and evidence are strong enough for audit or certification.
Standards review
What is mandatory, optional, or still weak
Use this lane to separate hard requirements from optional guidance and connected references.
Assurance history
Are findings actually being closed?
Use this when an auditor asks whether findings are being closed or simply accumulating.
Workflow automation
What still needs follow-through
Use this lane to see reminders, queued deliveries, and the work still waiting on owners.
Operational and reference depth Open this only when runtime, threat, or reference detail matters more than the headline.
Provider runtime
Runtime policy and estimated spend
Agent command
Autonomy and override posture
Reference overlay
Management, threat, and security pressure
Distinguish operational management guidance from threat techniques and application-security patterns before deciding what to do next.
Exports and shared surfaces Open the deliverables, external packs, and trust surfaces only when you are ready to publish or share.
External packs
Buyer, committee, audit, and regulator packs
Start here when someone outside the team needs a portable pack first. Open framework-specific exports only when the request becomes more detailed.
Open framework-specific export library Use this only when someone asks for a pack tied to one framework, audience, or file format.
Standards exports
Word, PDF, and PowerPoint packs per framework
Generate committee-ready briefs, executive packs, and technical dossiers for every framework currently in scope.
Trust portal
Publish an external trust view
Publish a read-only trust page with posture, approved policy, and shared evidence.
Access token
Publish and rotate access
Public content
External reader preview
Performance, coverage, and connector metrics Open the deeper scorecards only when you need delivery, coverage, or connector detail beyond the main story.
Risk matrix
Severity by likelihood
Coverage
Framework coverage
Control posture
Implementation breakdown
Delivery health
Action aging
Evidence freshness
Collection recency
Connector health
Enterprise integrations
Management-system launch
Program
Set the operating baseline, assign ownership, and keep the policy story ready for leadership.
Program start
Start here in program for this role
Start with readiness or policy when you are reviewing. Open setup only when the baseline actually needs to change.
Program setup
Readiness map
Capture ownership, scope, and launch shape only when the baseline actually needs to move.
Open setup workspace Use this when owner, scope, standards, or launch horizon need to change.
Readiness map
Launch posture
Policy authoring
Leadership policy record
Keep the purpose, scope, commitments, and exceptions in one policy record ready for leadership, audit, or operations.
Open policy authoring workspace Use this when policy wording, scope, commitments, or exceptions need to change.
Policy preview
Leadership and operating pack
Lifecycle
Version history and sign-off
Comparison
What changed and who acknowledged it
Discovery and shadow AI
Discovery
Turn passive signals into triaged shadow AI cases and launch AIIA from real evidence.
Passive signal intake
Shadow AI register
Triage the signals already observed, then promote the ones that need formal AIIA into the systems workflow.
How Discovery feeds AIMS
Import signals here, then send each record to the right register
Discovery is the inbox for observed AI usage. Systems, Providers, and Vendors remain the source of truth once a signal becomes governed work.
Discovery start
Start here in discovery for this role
Use the register first if you are reviewing the queue. Open intake or bulk import only when you are ready to add or change a signal.
Signal journey
Detect
Bring observations from Defender, DNS, proxy, OAuth, EDR, GitHub, or manual intake into one queue.
Signal journey
Classify
Decide whether the signal is observe, warn, block, exception, or approved business use.
Signal journey
Promote
Move material Shadow AI into governed AIIA Systems with owner, approvals, controls, and dossier.
Signal journey
Evidence
Attach proof, close confirmed blocks, and keep an audit-ready history of the decision.
Signal intake
Register DNS, proxy, OAuth, GitHub, EDR, or manual findings without touching endpoints.
Open intake workspace Capture or edit a signal only when you are ready to add or change one.
Keep the register in view for review work. Open this intake workspace when you need to register a new signal, route a decision, or adjust enforcement data.
Shadow AI register
Signal intake
Bulk intake Import connector exports without live API access.
Paste CSV, TSV, or one signal per line from Defender, Entra, GitHub, proxy, or other tooling and turn it into triage-ready shadow AI findings.
AI provider catalog Keep passive discovery separate from system approval work, but let both stay connected.
Applications & models
AI systems
Register approved applications and models, keep linked agents visible, and move each governed system through intake, review, and approval without losing the operating register.
Systems start
Start here in systems for this role
Start with portfolio or decisions when you are reviewing. Open the dossier only when one system actually needs to move.
System portfolio
Select an AI system
Focused system
System workspace
Inventory
AI systems register
Use the focused workspace above when one system needs a decision. Use the register below when comparing the whole estate.
Intake dossier
Create or update one system dossier
Open intake workspace Open this only when one system needs a new dossier, an update, or approval prep.
Capture the business case, oversight, and deployment detail reviewers need before they decide.
Readiness
Selected system briefing
Review gates
Approval queue
See which systems are waiting on governance, analyst, or executive movement and jump straight into the one that matters.
Model providers
Providers
Keep approved model-provider lanes, live runtime pressure, and provider accountability visible before one provider issue needs a decision.
Provider start
Start here in providers for this role
How provider oversight works Record approved lanes first, watch live pressure second, and escalate only the provider issues that actually need a decision.
Register
Open the approved lane before importing activity
Define the approved provider, linked system, and guardrails first so imported or live runtime events land in the right operating lane.
Observe
Watch pressure, drift, and spend before changing policy
Use telemetry and imported rows to see runtime behavior, region drift, or spend pressure before editing provider defaults.
Escalate
Escalate only what needs a governance call
Move only provider issues that need owner follow-through, risk treatment, or runtime restriction. Leave routine activity in the telemetry lane.
Provider profile
Register one approved runtime lane
Open provider workspace Change one approved lane only when defaults, guardrails, or connection posture need attention.
Use demo mode for validation now, CSV import for exported runtime evidence, and live mode later when your approved gateway or app instrumentation is ready.
Bulk runtime import
Bring in provider usage without live access
Open import workspace Bring in runtime evidence only when the approved lane and linked system are already clear.
Paste CSV, TSV, or one runtime event per line from app telemetry, exported logs, notebooks, or gateway traces.
Approved lanes Approved lanes, connection health, and the review baseline for runtime providers.
Runtime evidence Observed activity, spend, and actor context behind approved provider lanes.
Decision queue Provider issues still waiting on owner, review, or promotion into risk.
Autonomous workers
Agents
Register autonomous and supervised workers, link each one to the governing system when it becomes material, and keep tools, memory, and approval boundaries visible.
Agent start
Start here in agents for this role
Command view
Agent operating posture
Autonomy lanes
Execution concentration
Watchlist
Agents that need follow-through
Evidence next moves
Recommended evidence
Agent register
Autonomy, tools, memory, and approvals
Most agents belong to a System. Create or link the governing System first so approvals, evals, risks, and evidence land in the right workspace.
Open agent workspace Open the agent dossier only when one operating profile, boundary, or approval path is ready to change.
Focused workspace
Selected agent command
Registry
Governed agents
AI vendors using your data
Vendors
Keep external AI supplier reviews, renewal pressure, and third-party accountability visible over time.
Vendor start
Start here in vendors for this role
How supplier oversight works Register the relationship, review what changed, and escalate only the supplier issues that alter exposure or trust.
Register
Open the supplier record before the next review
Use the supplier register to capture the relationship, linked AI scope, and inherent posture before the next diligence cycle.
Reevaluate
Use reviews to explain what changed
Record what changed in diligence, data handling, or contract posture so the next reviewer inherits context, not just a score.
Escalate
Escalate only what changes trust or exposure
If a supplier issue changes resilience, data handling, or trust, move it into risk or incidents instead of hiding it inside notes.
Assessment kits
Assessment kits and imports
Open assessment import workspace Use the kits and import rows only when the review defaults and linked system context are already clear.
Download the Word playbook, work from the Excel or CSV template, and import the normalized assessment rows back into the vendor registry.
Vendor intake
Third-party AI register
Open vendor workspace Capture or change one supplier record only when you are ready to update ownership, score, or diligence posture.
Reevaluation
Reviews and renewal cadence
Open review workspace Document one review only when you are ready to capture timing, outcome, and follow-through for a specific supplier.
Registry
Supplier portfolio
Review queue
Review history
Validation and assurance
Evals and red teaming
Track evaluation runs, adversarial campaigns, and findings that need promotion into enterprise risk or incident paths.
Evaluation start
Start here in evaluations for this role
Quick guide
How to use evaluations well
Plan
Register the run before the findings
Create the evaluation run first so score, coverage, owner, and campaign context are clear before you capture individual findings.
Explain
Write findings for action, not only for evidence
Use the finding summary to make the exploit path, detection gap, and next action obvious to risk, security, and committee readers.
Promote
Escalate only what changes operating posture
Promote findings into actions, risks, or incidents when they change production posture, not just because a test produced noise.
Command view
Evaluation command view
Technique pressure
Attack and failure concentration
Watchlist
Runs and findings that need follow-through
Evidence next moves
Recommended evidence
Campaign export studio
Red-team campaign report
Queue a campaign-specific export for committee, technical review, or a board-ready deck without blocking the workspace.
Evaluation registry
Evaluation run
Open run workspace Open run authoring only when one campaign, suite, or score record is ready to change.
Red team registry
Finding intake
Open finding workspace Open finding authoring only when one adversarial result is ready to be recorded, updated, or escalated.
Evaluation runs
Registry
Red team findings
Findings that need risk, incident, or retest action
Governance
Controls and standards
Use this space to review coverage, keep the control baseline tidy, and decide what needs attention next.
Controls start
Start here in controls for this role
Start with posture. Open maintenance, applicability, or guidance only when you already know the next move.
Applied scheme
Choose ISO 42001, ISO 23894, EU AI Act, OWASP, or other schemes that should filter Controls, Reporting, and the Platform Guide.
Controls
Internal control library
Keep control ownership, wording, and evidence expectations clean here.
Guided mode
Guided next moves
Use this when you want the fastest path to the next control improvement.
Guided mode
Guided next moves
Pick one framework and work the next step that most improves coverage.
Master requirement catalog Browse every loaded requirement, grouped by standard and linked to your control baseline.
Applicability register
Annex A statement of applicability
Use this register to explain what applies, what does not, and what still needs proof.
Operational reference packs
Reference packs
Use management and risk frameworks to decide what must be governed, threat references to model abuse paths, and security references to harden implementation work.
Management and risk frameworks
Use ISO 42001, ISO 23894, and NIST to decide what to govern, measure, and treat.
These packs translate management-system and risk guidance into playbooks, profiles, and crosswalks the team can actually operate.
ISO 42001 Annex B Implementation guidance for controls.
ISO 42001 Annex C Objectives, risk sources, and committee-facing context.
ISO 42001 Annex D Adaptation profiles for different operating contexts.
NIST AI RMF playbooks Playbooks you can use to operationalize the active frameworks.
NIST operating and GenAI profiles Profiles you can reuse when the assurance stance or GenAI operating model needs to be made explicit.
NIST crosswalk register Crosswalk mappings and traceability across frameworks already in scope.
Threat and attack references
Use MITRE ATLAS to model how AI systems can be discovered, abused, evaded, or exploited.
This family is for threat modeling, red teaming, and investigation depth. It explains how an attacker or abusive user might actually break the lane.
MITRE ATLAS threat techniques Attack behaviors, abuse paths, and red-team lenses for AI systems.
Application and implementation security references
Use OWASP GenAI and NVIDIA Guardrails to prevent insecure app, prompt, tool, and output handling patterns.
This family is for application security and implementation hardening. It turns common GenAI failure modes into concrete patterns to prevent and test.
OWASP GenAI and NVIDIA security patterns Reusable app, prompt, and guardrail patterns that connect assurance theory with implementation work.
Compliance
Requirement matrix
See what is covered, weak, or still waiting on proof.
Framework requirement
The framework sets the bar
This is the outside expectation you are trying to meet.
Internal controls
Your control is the response
This is how your organization chose to answer the requirement.
Evidence
Evidence proves it is real
This is the proof that the control is current, operating, and not just documented.
Risk operations
Risk decisions and follow-through
Assess exposure, formalize residual decisions, and keep remediation moving without jumping between screens.
Risk start
Start here in risk for this role
Start with the register or action queue when you are reviewing pressure. Open the authoring workspace only when you are ready to change one risk.
Quick guide
How to work this register
Register
Open a risk when exposure needs a named owner
Use the risk register for material exposure that needs treatment, review cadence, and a visible decision path.
Decide
Use residual acceptance only after treatment is clear
Move into the residual decision step when the exception, compensating controls, and executive approval path are ready.
Follow through
Actions close work, incidents track real events
Use actions for remediation tasks and incidents only when something actually happened in production or testing.
Reference guidance
What guidance applies right now
Reference guidance is derived from NIST playbooks and cross-standard security patterns.
Risk
Open risks
Review the register and action queue first. Open the authoring workspace only when you are creating, updating, or accepting one risk.
Open risk workspace Use this when you are opening a new risk, updating treatment, or formalizing residual acceptance.
CAPA
Actions to complete
Review owner, due date, and SLA pressure first. Open the action workspace only when you are assigning or changing one remediation task.
Open action workspace Use this when you are assigning a new action or changing one remediation task.
Response operations
Incidents and investigations
Track AI incidents, document the investigation path, and preserve lessons learned as first-class governance evidence.
Incident start
Start here in incidents for this role
Start with the live investigation lane or register when you are reviewing pressure. Open the authoring workspace only when you are ready to log or change one case.
Investigation lenses
Reference patterns for active incidents
Investigation guidance is derived from matched ATLAS, OWASP, NVIDIA, and NIST reference packs.
Incident register
AI incident register
Review the live case lane first. Open the authoring workspace only when you are logging a new case or updating one investigation record.
Open incident workspace Use this when you are logging a case, updating the timeline baseline, or changing the investigation record.
Investigation
Timeline and lessons learned
Open timeline workspace Use this when one investigation event, containment note, or lesson learned is ready to be recorded.
Assurance
Evidence register
Keep the proof layer calm and searchable so audits do not get buried under operational noise.
Evidence start
Start here in evidence for this role
Start with the register or vault when you are reviewing proof. Open the evidence workspace only when you are ready to add or update one record.
Evidence
Evidence intake
Keep review work in the register and vault. Open the workspace only when you are adding a new record, uploading a managed file, or changing one proof record.
Open evidence workspace Use this when you are adding a proof record, uploading a file, or editing one evidence item.
Vault
Evidence vault
Open vault workspace Inspect managed files, hashes, and version lineage only when proof detail is needed.
Register
Evidence register
Identity & workspace
Integrations
Connect identity, workspace evidence, discovery intake, and workflow delivery without losing control of ownership, scope, or runtime posture.
Integrations start
Start here in integrations for this role
Start with connector posture or delivery pressure. Open setup only when one route actually needs to change.
How connector workflows work Bring signals in, route work out, and open connector setup only when a route needs to change.
Bring signals in
Configure connectors for identity, discovery, and evidence
Use connector setup when you need SSO, sync, discovery feeds, or evidence previews from an external platform.
Send work out
Use workflow delivery for tickets and messages
Route actions, incidents, and notifications into Jira, ServiceNow, Slack, or Teams after the connector is trusted.
Start simple
Use demo or CSV before live credentials
Validate the flow first, then switch to live mode only when scopes, redirect URIs, and ownership are clear.
Integrations
Configure connectors
Open connector workspace Use this when scopes, connection mode, or automation behavior need to change.
Discovery ingest
Live cursors per integration
Watch each adapter-backed cursor, see which ones are stale or failing, and force a manual ingest without leaving the integrations surface.
Workflow delivery
Send work into customer tools
Route actions, incidents, and governance alerts into the tools the customer already runs every day.
Open delivery workspace Use this when one action, incident, or alert is ready to be routed into customer tooling.
Platform control
Platform control center
Decide who can act, what the workspace exposes, and which defaults govern every module before the rest of the platform moves.
Admin start
Start here in admin for this role
Admin center
What needs attention now
Users
Role-based access
Open user workspace Use this when you are creating one user or changing one named account.
Open access posture Use this when privileged access, MFA gaps, or last sign-in need a quick check first.
Open detailed access register Use this only when you need the complete table after the posture check.
Audit
Recent activity
Open latest audit change Use this when you need the newest actor and affected record before opening the full trail.
Open detailed audit trail Use this only when row-level evidence review is actually needed.
Organization
Workspace identity
Open settings workspace Use this when ownership, branding, or enterprise identity defaults need to change.
Commercial
Package and entitlements
Open package baseline Use this when plan, owner, or renewal posture needs to change.
Open package pressure Use this when current limits or override pressure need review.
Usage
Current package pressure
Open entitlements Use this when included capabilities or add-on posture need review.
Entitlements
Included capabilities
Security
Access policy
Open MFA management Use this when enrolment, reset, or disable flow needs operator review.
Open SCIM provisioning Use this when directory tokens or provisioning access need to change.
SCIM
Provisioning tokens
Generate a bearer token for Entra ID, Google Workspace, or another SCIM client to provision users into this workspace.
Notifications
Jobs and reminders
Open settings workspace Use this when reminder cadence, digest recipients, or alert defaults need to change.
Open current alerts Use this when open notifications need triage or follow-through.
Open queue
Current alerts
Open scan history Use this when job evidence or scan timing needs review.
Job history
Recent scans
Workflow
Cadence and approvals
Open review rhythm Use this when risk, control, or evidence cadence needs to change.
Operations
Storage, backups, and observability
Open runtime foundation Use this when storage, backup, metrics, or runtime security needs deeper review.
Evidence vault
Managed storage posture
Backups
Recovery target
Open runtime posture Use this when observability, secret posture, or metrics need deeper operator review.
Security
Secrets and session posture
Deploy identity
Backend and bundle trace
Observability
Health and metrics
Open queue and jobs Use this when retries, failed jobs, or artifacts need operator review.
Worker queue
Queue pressure and recent jobs
Open vendor execution Use this when live vendor route readiness or setup needs a decision.
Vendor routes
Connection posture
Next move
Connection workspace
Open connection workspace Open this only when tenant credentials or live push settings actually need a change.
Open warnings and rotation Use this when warnings, rotation schedule, or evidence of secret hygiene needs review.
Configuration review
Warnings
Secret rotation
Rotation register
Keep a formal record of who rotates each production secret, how often it should be reviewed, and what evidence confirms the last rotation.
Open operations workspace Use this when backup, rotation, or runtime operating defaults need to change.
Taxonomy
Shared classifications
Open taxonomy workspace Use this when shared severity, likelihood, or evidence classifications need to change.
AI Firewall
Edge enforcement control room
Review AI Firewall fleet health, local blocking policy, runtime decisions, and evidence without opening workspace administration.
Operators can review fleet health, load templates, tune local policy, and publish AI FW changes here. Device enrollment and revocation remain restricted administrative actions.
AI FW
AI FW Fleet
Policy starters
Choose a baseline before touching rules
Most operators should start from a ready baseline, review the copy, and publish with notes. Full JSON stays available only when policy engineering needs it.
Blocking route plan
Keep AI FW local, then choose follow-through controls
Step 1 is always local enforcement. Step 2 is optional: add a verified external control only when you want the same block to continue in Cloudflare, MDCA, or Zscaler.
Local AI FW enforcement stays primary. Add Cloudflare or other live controls only when the connector is already ready.