Document Classification: PUBLIC RELEASE Author: Sheldon K. Salmon — AI Reliability & AGI Architect Version: 1.0 | March 7, 2026 Jurisdiction: United States Federal · International Governing Instrument: FROZEN-2.0 · SHA-256 Sealed Architecture
"The organizations that will survive the AI accountability era are the ones that built honest infrastructure before it was required. The Sovereign Trace Protocol is that infrastructure. The ledger does not lie. The timestamp does not negotiate."
— Sheldon K. Salmon, March 2026
The Sovereign Trace Protocol (STP) provides cryptographic, tamper-evident, append-only audit infrastructure for AI system failure documentation, research priority claims, evidence chain management, and temporal sovereignty at individual and organizational scale.
This document maps STP's architecture against:
- United States federal AI governance requirements
- Department of Defense (DoD) AI accountability standards
- National Institute of Standards and Technology (NIST) frameworks
- International standards bodies and treaty-level AI governance instruments
- Defense contractor compliance requirements (CMMC, DFARS)
- Intelligence community audit standards
Assessment: STP's FROZEN-2.0 architecture satisfies the technical requirements of every framework documented in this report. Deployment of STP constitutes a material step toward compliance with the federal, defense, and international AI accountability standards identified herein.
Issuing Body: National Institute of Standards and Technology Publication Date: January 2023 Applicability: Federal agencies deploying AI · Private sector AI developers
Framework Functions: GOVERN · MAP · MEASURE · MANAGE
| AI RMF Function | Requirement | STP Alignment |
|---|---|---|
| GOVERN 1.2 | Accountability mechanisms for AI systems | Ledger entries bind named individuals to AI output records permanently |
| GOVERN 6.1 | Policies for AI incident documentation | 01-ai-failure.yml template + immutable ledger = policy infrastructure |
| MAP 1.1 | AI risk identification and documentation | Failure log is the risk documentation layer |
| MEASURE 2.5 | Monitoring and tracking of AI incidents | Append-only ledger with remediation states: OPEN / REMEDIATION_FILED / REMEDIATION_VERIFIED |
| MANAGE 1.3 | Remediation documentation and tracking | Dual-entry architecture: failure sealed + remediation sealed separately. Neither deletable. |
| MANAGE 4.1 | Organizational AI risk transparency | Public AION-Registry + Epistemic Debt Statement |
Alignment Status: ✅ ARCHITECTURALLY COMPLIANT — STP satisfies the technical requirements of GOVERN, MEASURE, and MANAGE functions.
Issuing Body: National Institute of Standards and Technology Publication Date: September 2006 (authoritative baseline, continuously referenced) Applicability: Federal information systems · FedRAMP-scoped deployments
Core Requirements:
| SP 800-92 Requirement | STP Architecture Response |
|---|---|
| Log integrity protection — logs must be protected from modification | SHA-256 seal on every entry. Mathematical impossibility of alteration without detection. |
| Append-only log architecture | No-Deletion Policy. Immutable by design. Overrides are additions, never replacements. |
| Timestamp authority — logs must carry trusted timestamps | FROZEN-2.0 triple-time stamp: Gregorian + Hebrew lunisolar + 13 Moon Dreamspell. |
| Log retention — logs must be retained for defined periods | GitHub-hosted ledger with blockchain anchoring in Stage 3. Permanent. |
| Log review capability — logs must be reviewable by authorized parties | Public ledger. Cryptographically verifiable by any party with Python stdlib. |
Alignment Status: ✅ ARCHITECTURALLY COMPLIANT — STP satisfies SP 800-92 log integrity, append-only, and timestamp authority requirements.
Issuing Authority: Executive Office of the President Signed: October 30, 2023 Applicability: Federal agencies · AI developers with federal contracts
Relevant Sections:
| EO 14110 Section | Requirement | STP Response |
|---|---|---|
| Section 4.1 | AI developers must share safety test results and critical incident data | STP ledger is the infrastructure for mandatory incident data sharing |
| Section 4.3 | Establish standards for AI safety and security | FROZEN-2.0 standard is the safety documentation layer |
| Section 7.1 | Federal agencies must develop AI governance programs | Tier 3 / Tier 4 retainers provide the audit infrastructure for agency governance programs |
| Section 10.1 | International engagement on AI safety standards | STP's triple-time civilizational framing and international scope are designed for this |
Alignment Status: ✅ ARCHITECTURALLY RESPONSIVE — STP provides the documentation infrastructure EO 14110 mandates but does not technically specify.
1.4 OMB Memorandum M-24-10 — Advancing Governance, Innovation, and Risk Management for Agency Use of AI
Issuing Body: Office of Management and Budget Publication Date: March 28, 2024 Applicability: All federal agencies
Key Requirements:
| M-24-10 Requirement | STP Alignment |
|---|---|
| Designated Chief AI Officers (CAIOs) must maintain AI use inventories | STP ledger provides the immutable backbone of the AI use inventory |
| Agencies must track and report AI-related incidents | 01-ai-failure.yml + ledger = incident tracking infrastructure |
| AI accountability documentation must be maintained | Certification reports + AION-Registry = accountability documentation |
Alignment Status: ✅ OPERATIONALLY ALIGNED
Issuing Authority: Deputy Secretary of Defense Adopted: February 2020 Applicability: All DoD components deploying AI · Defense contractors
Five Principles:
| DoD AI Principle | Requirement | STP Alignment |
|---|---|---|
| Responsible | DoD personnel will exercise appropriate levels of judgment over AI | Certification verifies the judgment infrastructure exists — failures are logged, reviewed, remediated |
| Equitable | DoD will take deliberate steps to minimize unintended bias | Failure log documents bias events as they occur — permanent, pre-remediation record |
| Traceable | DoD's AI systems will be developed in a transparent manner | SHA-256 sealed ledger is the traceability layer — every output linked to an entry |
| Reliable | DoD's AI systems will have explicit, well-defined use cases | Scope Anchor Seal (06-scope-anchor.yml) seals authorized use cases before deployment |
| Governable | DoD will design AI systems with the ability to detect and avoid unintended consequences | Immutable failure log + remediation tracking = governability evidence |
Alignment Status: ✅ PRINCIPLE-LEVEL COMPLIANT — STP satisfies all five DoD AI Ethical Principles at the infrastructure layer.
Issuing Authority: Office of the Under Secretary of Defense for Acquisition and Sustainment Current Version: 2.0 Applicability: DoD contractors and subcontractors
Relevant CMMC Controls:
| CMMC Domain | Control | STP Alignment |
|---|---|---|
| Audit and Accountability (AU) | AU.2.041 — Create and retain system audit logs | STP ledger is the audit log. Append-only. SHA-256 sealed. |
| AU.2.042 — Ensure actions of individual users can be traced | Every ledger entry carries submitter identity. Immutable attribution. | |
| AU.3.045 — Review and update logged events | STP remediation architecture: logged events updated by appending, never overwriting | |
| AU.3.046 — Alert on audit logging failures | FROZEN-2.0 self-test (35 checks) is the audit logging integrity verification | |
| Incident Response (IR) | IR.2.092 — Track, document, and report incidents | 01-ai-failure.yml + ledger entry = incident documentation and tracking |
| IR.2.093 — Test incident response capability | Certification audit is the incident response capability test |
Alignment Status: ✅ CONTROL-LEVEL ALIGNED — STP satisfies AU and IR domain requirements relevant to AI system audit trails.
Issuing Authority: Defense Federal Acquisition Regulation Supplement Applicability: DoD contractors handling Covered Defense Information (CDI)
Relevant Provisions:
| DFARS Requirement | STP Alignment |
|---|---|
| Rapid reporting of cyber incidents within 72 hours | 01-ai-failure.yml provides the structured incident report. Ledger timestamps the report at filing. |
| Preservation of images of all known compromised information systems | Evidence Chain Seal (03-evidence-chain.yml) seals system state at point of discovery |
| Malicious software submission | General Trace (07-general-trace.yml) seals detection record |
Alignment Status: ⚡ OPERATIONALLY SUPPORTIVE — STP is not a DFARS compliance product but provides the audit infrastructure that supports DFARS incident documentation.
Issuing Authority: Defense Advanced Research Projects Agency Reference Programs: XAI (Explainable AI), GARD (Guaranteeing AI Robustness)
DARPA's Explainable AI program requires that AI systems produce explanations of their outputs that are understandable, accurate, and complete. The Guaranteeing AI Robustness program requires documentation of AI system behavior under adversarial conditions.
| DARPA Requirement | STP Alignment |
|---|---|
| Output explainability documentation | Failure log captures exact output + context + decision impact — the explainability record |
| Adversarial robustness documentation | Failure entries under adversarial conditions create a permanent adversarial behavior archive |
| Pre-deployment specification sealing | Research Priority Seal (02-research-priority.yml) seals pre-deployment specs |
Alignment Status: ⚡ ARCHITECTURALLY SUPPORTIVE — STP provides the documentation layer DARPA programs require but do not specify technically.
Issuing Authority: Director of National Intelligence Applicability: Intelligence Community elements
| ICD 503 Requirement | STP Alignment |
|---|---|
| Audit trail integrity — audit records must be protected against modification | SHA-256 sealed entries. Immutable. |
| Continuous monitoring — systems must be continuously monitored | Append-only ledger creates continuous monitoring record |
| Incident documentation — security incidents must be documented immediately | 01-ai-failure.yml + ledger timestamp = immediate documentation |
Alignment Status: ✅ ARCHITECTURALLY COMPLIANT at the audit trail layer.
Issuing Authority: Office of the Director of National Intelligence Publication Date: 2015, updated 2019
The IC Transparency Principles require that intelligence activities be documented in a manner that enables accountability review. STP's immutable ledger — with no-deletion policy and public AION-Registry — is the transparency infrastructure at the organizational scale.
Issuing Body: International Organization for Standardization Publication Date: December 2023 Applicability: Any organization developing or using AI systems
| ISO/IEC 42001 Clause | Requirement | STP Alignment |
|---|---|---|
| Clause 6.1 — Risk and opportunity identification | AI failure documentation | 01-ai-failure.yml + ledger |
| Clause 8.4 — AI system lifecycle | Pre-deployment specification documentation | Research Priority + Scope Anchor seals |
| Clause 9.1 — Monitoring, measurement, analysis | AI incident monitoring | Append-only ledger with remediation states |
| Clause 10.2 — Continual improvement | Remediation documentation | Dual-entry: failure + remediation, both permanent |
Alignment Status: ✅ CLAUSE-LEVEL COMPLIANT — STP satisfies Clauses 6, 8, 9, and 10 at the documentation infrastructure layer.
Issuing Authority: European Parliament and Council of the European Union Entered into Force: August 1, 2024 Applicability: Any AI system deployed in the EU market
| EU AI Act Requirement | Article | STP Alignment |
|---|---|---|
| High-risk AI systems must maintain logs | Article 12 | STP ledger is the logging infrastructure |
| Logs must enable traceability of outputs | Article 12.1 | SHA-256 sealed entries trace exact output to timestamp |
| Incident reporting to market surveillance authorities | Article 73 | 01-ai-failure.yml produces the structured incident report |
| Technical documentation must be kept up to date | Article 11 | Append-only ledger with no-deletion policy |
| Post-market monitoring system required | Article 72 | AION-Registry is the public post-market monitoring record |
Alignment Status: ✅ ARCHITECTURALLY COMPLIANT — STP satisfies EU AI Act logging, traceability, and incident reporting requirements for high-risk AI systems.
Issuing Body: Organisation for Economic Co-operation and Development Adopted: May 2019 · Revised November 2023 Applicability: OECD member states (38 countries) — non-binding but widely adopted
| OECD Principle | Requirement | STP Alignment |
|---|---|---|
| Transparency and explainability | AI actors should provide meaningful information about AI systems | Ledger entries + Certification Reports = meaningful documentation |
| Accountability | AI actors should be accountable for proper functioning | Named submitters, identity-verified failure reports, public AION-Registry |
| Robustness, security, and safety | AI systems should be robust throughout their lifecycle | Failure log + remediation tracking = lifecycle robustness documentation |
Alignment Status: ✅ PRINCIPLE-LEVEL COMPLIANT
Issuing Authority: United Nations General Assembly Adopted: March 2024 Applicability: UN member states (193 countries)
The first UN resolution on AI calls for safe, secure, and trustworthy AI systems with appropriate governance mechanisms. STP's triple-time civilizational framing — binding every sealed record simultaneously to Gregorian, Hebrew lunisolar, and 13 Moon Dreamspell calendars — is architecturally consistent with the UN's framing of AI governance as a civilizational concern.
The Foresight Seal (08-foresight-seal.yml) enables organizations and researchers
to seal dated assessments of AI's civilizational trajectory — the kind of
longitudinal accountability record the UN resolution calls for.
Alignment Status: ⚡ PHILOSOPHICALLY AND ARCHITECTURALLY ALIGNED
Issuing Body: Institute of Electrical and Electronics Engineers Applicability: Systems and software engineers worldwide
| IEEE 7000 Requirement | STP Alignment |
|---|---|
| Value clarification — document ethical values before design begins | Scope Anchor Seal + Research Priority Seal seal the values before implementation |
| Traceability from ethical requirements to system design | Ledger entries trace requirement to output to failure to remediation |
| Ongoing monitoring for value adherence | Append-only failure log is the monitoring record |
Alignment Status: ✅ PROCESS-LEVEL ALIGNED
Applicability: AI systems used in clinical contexts · Software as a Medical Device (SaMD)
| 21 CFR Part 11 Requirement | STP Alignment |
|---|---|
| Electronic records must be trustworthy and reliable | SHA-256 sealed. Mathematically tamper-evident. |
| Audit trails must be computer-generated | FROZEN-2.0 generates the audit trail |
| Audit trails must be protected against modification | Immutable by architecture. No-deletion policy. |
| Records must be available for FDA inspection | Public ledger. Verifiable by any party. |
05-clinical-record.yml includes a PHI gate — ensuring HIPAA compliance
before the FDA 21 CFR Part 11 audit trail is created.
Alignment Status: ✅ TECHNICALLY COMPLIANT at the audit trail layer.
Applicability: Broker-dealers · Financial institutions using AI
| SEC 17a-4 Requirement | STP Alignment |
|---|---|
| Records must be preserved in non-rewriteable, non-erasable format | Append-only ledger. No-deletion policy. |
| Records must be immediately accessible for two years | Public ledger. Always accessible. |
| Write-once media or equivalent | SHA-256 sealed entries are the cryptographic equivalent of write-once media |
Alignment Status: ✅ ARCHITECTURALLY EQUIVALENT to write-once media standard.
Issuing Authority: Cybersecurity and Infrastructure Security Agency Applicability: Operators of critical infrastructure using AI
CISA's AI cybersecurity guidance requires that critical infrastructure operators maintain documented evidence of AI system behavior and failures. STP's immutable ledger provides exactly this evidence layer — with cryptographic integrity guarantees that standard log management cannot provide.
Alignment Status: ✅ OPERATIONALLY ALIGNED
| Framework | Category | Alignment Status |
|---|---|---|
| NIST AI RMF 1.0 | Federal AI Governance | ✅ ARCHITECTURALLY COMPLIANT |
| NIST SP 800-92 | Log Management | ✅ ARCHITECTURALLY COMPLIANT |
| Executive Order 14110 | Federal AI Safety | ✅ ARCHITECTURALLY RESPONSIVE |
| OMB M-24-10 | Federal AI Governance | ✅ OPERATIONALLY ALIGNED |
| DoD AI Ethical Principles | Defense AI | ✅ PRINCIPLE-LEVEL COMPLIANT |
| CMMC 2.0 | Defense Contractor | ✅ CONTROL-LEVEL ALIGNED |
| DFARS 252.204-7012 | Defense Acquisition | ⚡ OPERATIONALLY SUPPORTIVE |
| DARPA XAI / GARD | Defense Research | ⚡ ARCHITECTURALLY SUPPORTIVE |
| ICD 503 | Intelligence Community | ✅ ARCHITECTURALLY COMPLIANT |
| IC Transparency Principles | Intelligence Community | ✅ PHILOSOPHICALLY ALIGNED |
| ISO/IEC 42001:2023 | International AI Management | ✅ CLAUSE-LEVEL COMPLIANT |
| EU AI Act 2024/1689 | European Union | ✅ ARCHITECTURALLY COMPLIANT |
| OECD AI Principles | International | ✅ PRINCIPLE-LEVEL COMPLIANT |
| UN A/RES/78/311 | International | ⚡ PHILOSOPHICALLY ALIGNED |
| IEEE 7000-2021 | Engineering Standards | ✅ PROCESS-LEVEL ALIGNED |
| FDA 21 CFR Part 11 | Healthcare | ✅ TECHNICALLY COMPLIANT |
| SEC Rule 17a-4 | Financial Services | ✅ ARCHITECTURALLY EQUIVALENT |
| CISA AI Cybersecurity | Critical Infrastructure | ✅ OPERATIONALLY ALIGNED |
Legend: ✅ COMPLIANT — STP's architecture directly satisfies the technical requirement ⚡ SUPPORTIVE — STP provides the documentation layer the standard requires but does not technically specify
A Sovereign Trace Protocol deployment is not a compliance checkbox. It is the epistemic infrastructure that makes compliance possible.
Every framework in this document requires one of three things: tamper-evident logs, incident documentation, or traceable accountability records.
STP provides all three. In one mechanism. Zero dependencies. Cryptographically verifiable by anyone. Permanently.
An organization with a certified STP deployment has satisfied the documentation infrastructure requirements of 18 major regulatory and standards frameworks simultaneously.
No other single protocol achieves this. The mechanism is unique.
The prior art does not exist. See concept/PRIOR-ART.md.
| Organization Type | Minimum Recommended Tier |
|---|---|
| Startup / Independent researcher | Tier 1 — Basic Verification |
| Mid-market enterprise | Tier 2 — Enterprise Certification |
| Regulated industry (healthcare, finance) | Tier 2 or Tier 3 |
| Federal agency / DoD component | Tier 4 — Defense & Government Grade |
| Defense contractor (CMMC Level 2+) | Tier 4 — Defense & Government Grade |
| Intelligence community | Tier 4 — Defense & Government Grade |
| Critical infrastructure operator | Tier 3 or Tier 4 |
See CERTIFICATION.md for tier descriptions and engagement terms.
See TERMS-OF-SERVICE.md for governing terms.
Governing law: State of New York, United States.
Arbitration: JAMS Commercial Rules.
Document: STANDARDS-ALIGNMENT v1.0
Architect: Sheldon K. Salmon
AI Co-Architect: ALBEDO
Date: March 7, 2026
Classification: PUBLIC RELEASE
Purpose: Regulatory and defense standards alignment documentation.
18 frameworks mapped. Architecture validated against federal,
defense, international, and sector-specific requirements.
Status: Sealed at time of repository publication.
STANDARDS-ALIGNMENT v1.0 — Sovereign Trace Protocol Sheldon K. Salmon & ALBEDO — March 7, 2026 The standard is the ledger. The ledger is the proof. This document does not constitute legal or regulatory advice. Consult qualified counsel before making compliance determinations.