-
Notifications
You must be signed in to change notification settings - Fork 0
Audit Evidence Framework
The Audit Evidence Framework is the backbone of the CMMC AI Compliance Platform, ensuring that every compliance claim is backed by verifiable, machine-readable artifacts.
- Identification: Agents identify technical requirements within a CMMC control.
- Harvesting: MCP-enabled agents pull relevant logs, configurations, or screenshots from the target environment.
-
Validation: The platform validates the evidence against the
evidence_schema.jsonto ensure all required fields are present. - Mapping: Evidence is cryptographically linked to a specific control and assessment record.
- Storage: Artifacts are stored in a secure, audit-ready repository with immutable versioning.
The evidence_schema.json defines a unified format for all compliance artifacts.
{
"evidence_id": "EV-2026-001",
"control_id": "AC.L1-3.1.1",
"type": "log_snippet",
"source": "AWS_CloudWatch",
"timestamp": "2026-03-27T10:00:00Z",
"data": {
"log_group": "/aws/lambda/access_control",
"content": "..."
},
"metadata": {
"integrity_hash": "sha256-...",
"collector_agent": "harvest_agent_01"
}
}The platform provides specialized tools for agents to submit evidence metadata.
-
upload_evidence: Attaches metadata and a reference to an external artifact. -
get_evidence_for_control: Retrieves all linked evidence for a specific CMMC control. -
validate_evidence_package: Runs a check to ensure the evidence package meets auditor requirements.
The Evidence Orchestrator uses a mapping engine to automatically associate technical outputs with CMMC controls. For example, a "Pass" result from an automated IAM configuration check is automatically mapped to IA.L1-3.5.1 (Identification & Authentication).
When an auditor requests proof of compliance, the platform can generate a Narrative SSP that includes:
- The control description.
- The organization's implementation statement.
- Embedded links to specific evidence artifacts that prove the implementation.
All evidence artifacts are hashed upon collection. Any subsequent modification to the evidence or its metadata will trigger a "Tamper Alert" on the compliance dashboard, ensuring the integrity of the audit trail.