Artifact Integrity and Supply Chain Controls

Why

• Agents are software. Software is compromised through supply chain drift: unpinned dependencies
• unsigned images
• prompt/policy bundle drift If you cannot prove what ran, you cannot trust outcomes or reproduce incidents.

What

• Signed and verified artifacts for: container images
• policy bundles
• prompt bundles
• tool schemas/contracts with a verifiable chain from source → build → deploy → runtime verification.

How

• sign builds; store attestations (SBOM + provenance)
• enforce deploy-time verification (admission control / binary authorization patterns)
• gateway checks bundle hashes on each run and emits evidence
• keep ABOM as the authoritative manifest of “what is allowed”

Evidence

• signature verification logs and policy bundle hashes
• ABOM versions used per run
• SBOM/provenance reports tied to release tags

Failure modes

• unsigned images or “latest” tags
• policy bundles changed without version increment
• tool schemas evolve without compatibility tests
• inability to correlate a run to a specific build hash

NIST AI RMF alignment

C03 maps to GOVERN and MANAGE. See the framework paper for the specific subcontrol mappings.

ISO/IEC alignment

C03 maps to ISO/IEC 27001 and SLSA (informative). Typical evidence: see the Evidence section above.

Related controls

See the full control catalog for boundary and tier mappings. Cross-links to neighbouring controls follow the layer grouping shown in the sidebar.