C12 Layer 3 - Observability & Forensics

Signed Actions and Non-Repudiation

ES256-signed action records for high-impact tool calls. The signing key is bound to the agent identity (C01) at the moment of action.

Why

  • You must be able to prove which agent performed a critical action, with what authorization.
  • This is accountability and legal defensibility.

What

  • Digital signatures applied to: high-impact tool invocations
  • approval and override decisions
  • inter-agent messages (C14)

How

  • derive per-agent signing keys from workload identity where possible
  • sign payload hashes, not raw payloads (reduces sensitive leakage)
  • store signature metadata for future verification across rotations

Evidence

  • signature coverage rate (% high-impact actions signed)
  • verification failures and root-cause
  • dispute resolution proof paths

Failure modes

  • signing without secure key management
  • signatures not checked by recipients
  • unsigned emergency/admin paths

NIST AI RMF alignment

C12 maps to MANAGE and MEASURE. See the framework paper for the specific subcontrol mappings.

ISO/IEC alignment

C12 maps to ISO/IEC 27001. Typical evidence: see the Evidence section above.

Contents
On this page
Why What How Evidence Failure modes NIST AI RMF ISO/IEC Related controls
All controls
Layer 1 - Identity & Integrity
C01 Workload Identity C02 Confidential Execution C03 Artifact Integrity C04 Agent Lifecycle C17 Agent Discovery
Layer 2 - Runtime Enforcement
C05 Tool Gateway C06 Circuit Breakers C07 Resource Governance C08 Injection Defense C09 Invariant Enforcement C18 Data Quality Gates
Layer 3 - Observability & Forensics
C10 Deterministic Replay C11 Audit Ledger C12 Signed Actions C13 Semantic Tracing C19 Behaviour Monitoring
Layer 4 - Orchestration & Ecosystem
C14 Multi-Agent Protocols C15 Orchestration Plane C16 Adversarial Validation