Compliance Dashboard

The GOVERN Compliance Dashboard gives SOC analysts and compliance officers a real-time view of the organization’s AI governance posture across all active frameworks. This page covers how to read the compliance view, use the evidence chain for audit responses, track policy violations, and configure scheduled reports.

Framework Compliance Status at a Glance

The Compliance Overview panel at the top of the compliance view shows a score card for each active framework.

Reading the Score Card

Each framework tile shows:

Element	Description
Overall score	0–100% — the percentage of mandatory controls currently satisfied
Controls passing / total	e.g. “42/47 controls passing”
Critical gaps	Count of failing controls with HIGH or CRITICAL severity
Last assessed	Timestamp of the most recent assessment contributing to this score
Trend arrow	Week-over-week change: ↑ improving, ↓ declining, → stable
Certification status	For frameworks with formal certification targets (ISO 42001, FedRAMP)

Supported Frameworks

Framework	Abbreviation	Control Count
NIST SP 800-53 Rev 5	800-53	20 control families
NIST AI Risk Management Framework	AI RMF	4 functions, 72 subcategories
EU AI Act	EU-AIA	Risk-tier based
ISO 42001	ISO-42001	38 controls
Executive Order 14110	EO-14110	Section 4 requirements
DoD AI Ethics Principles	DoD-AIE	5 principles, 40 practices
OWASP ML Security Top 10	OWASP-ML	10 vulnerability classes

Drilling Into a Framework

Click any framework tile to open the Framework Detail view, which shows:

Full control list with pass/fail status per control
Which AI systems contribute to each control’s status
The evidence artifact satisfying each passing control
The finding linked to each failing control
The remediation status for failing controls

Evidence Chain for Audit Responses

When an auditor asks “how do you know system X is compliant with control Y?”, the GOVERN evidence chain provides a formal, traceable answer.

What the Evidence Chain Is

For every passing control in every framework, GOVERN maintains a chain of evidence:

Control Requirement
  └─ Policy Rule (in Policy Engine)
       └─ Assessment Finding (or passing evaluation)
            └─ Evidence Artifact (document, Probe telemetry, or API response)
                 └─ RDL Proof Trace (formal logical proof)
                      └─ Timestamp + Assessment ID (immutable record)

The RDL proof trace is the key artifact. Unlike a human reviewer’s judgment, an RDL proof trace is a formal mathematical result — it shows exactly which evidence satisfied exactly which logical conditions in the governance rule.

Accessing the Evidence Chain

Via Dashboard: Compliance → [Framework] → [Control] → “View Evidence”

Via API:

curl "https://api.govern.archetypal.ai/v1/compliance/evidence?framework=nist_800_53&control=RA-3&system_id=sys_01HXXXXXXXXXXX" \
  -H "Authorization: Bearer gvn_live_xxxxxxxxxxxx"

Response:

{
  "control": "RA-3",
  "title": "Risk Assessment",
  "status": "PASSING",
  "last_evaluated": "2026-04-10T08:00:00Z",
  "evidence_chain": [
    {
      "artifact_id": "art_01HXXXXXXXXXXX",
      "type": "document",
      "filename": "risk_assessment_2026_q1.pdf",
      "submitted_at": "2026-04-01T14:22:00Z"
    },
    {
      "assessment_id": "asmnt_01HXXXXXXXXXXX",
      "verdict": "PASS",
      "score": 0.94,
      "evaluated_at": "2026-04-10T08:00:00Z"
    },
    {
      "proof_trace_id": "proof_01HXXXXXXXXXXX",
      "rdl_rule": "RA-3.risk_assessment.documented_methodology",
      "result": "SATISFIED",
      "proof_url": "https://govern.archetypal.ai/proofs/proof_01HXXXXXXXXXXX"
    }
  ]
}

Exporting for Auditors

Generate a full evidence package for any framework — formatted for direct submission to auditors or inclusion in an ATO package:

Via Dashboard: Compliance → [Framework] → “Export Evidence Package” → select date range and format (PDF / JSON / Excel)

Via API:

curl -X POST "https://api.govern.archetypal.ai/v1/compliance/reports" \
  -H "Authorization: Bearer gvn_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "nist_800_53",
    "system_ids": ["sys_01HXXXXXXXXXXX"],
    "include_evidence_chain": true,
    "include_proof_traces": true,
    "format": "pdf",
    "date_range": {
      "from": "2026-01-01",
      "to": "2026-04-12"
    }
  }'

The exported package includes: framework overview, control-by-control status, evidence artifacts, RDL proof traces, finding history with remediation records, and policy audit trail.

Real-Time Policy Violation Tracking

The Active Violations panel shows all currently open policy violations in real time — updated as Probe telemetry flows in.

Violation Feed

The violation feed shows:

Column	Description
Timestamp	When the violation occurred
System	Which AI system triggered the violation
Policy	Which policy rule was violated
Enforcement	Block (request was stopped) or Warn (request was allowed)
Severity	MEDIUM / HIGH / CRITICAL
Status	Open / Acknowledged / Resolved

Filtering Violations

Use the filter bar to narrow the violation feed:

By framework — show only violations that map to a specific compliance framework
By system — focus on one AI system
By enforcement mode — Block-mode violations indicate real-time governance stops; Warn-mode violations indicate potential issues allowed through
By severity — CRITICAL and HIGH violations should be triaged first
By status — open violations need attention; acknowledged violations are being worked

Violation Detail

Click any violation to open the detail view:

Full input/output context (redacted per your data policy configuration)
Which RDL rule triggered and why
Framework controls affected — which compliance controls this violation puts at risk
Remediation recommendation — specific steps to prevent recurrence
Linked finding — the Findings record in the Remediation Tracker

Acknowledging Violations

Acknowledging a violation marks it as known and under investigation. It does not resolve it — it removes it from the “unreviewed” queue.

Via Dashboard: Click violation → “Acknowledge” → enter a note

Via API:

curl -X POST "https://api.govern.archetypal.ai/v1/alerts/vio_01HXXXXXXXXXXX/acknowledge" \
  -H "Authorization: Bearer gvn_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"note": "Under investigation — reviewing with ML team"}'

Policy Violation Trend

The Violation Trend chart (Compliance → Policy Violations → Trend) shows:

Violation volume by day/week/month
Breakdown by policy, system, and severity
Block vs Warn enforcement split
Week-over-week comparison

Use the trend view to identify:

Systems with persistently high violation rates (may indicate a misconfigured policy or a drifting system)
Sudden spikes (may indicate a model update, configuration change, or attack)
Downward trends (governance improvements working)

Scheduled Compliance Reporting

Configure automated compliance reports to run on a schedule and deliver to your team, auditors, or your GRC platform.

Creating a Scheduled Report

Via Dashboard: Compliance → Reports → “New Scheduled Report”

Via API:

curl -X POST "https://api.govern.archetypal.ai/v1/compliance/schedules" \
  -H "Authorization: Bearer gvn_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Weekly NIST AI RMF Summary",
    "framework": "nist_ai_rmf",
    "schedule": "0 9 * * 1",
    "recipients": [
      "compliance-team@company.com",
      "ciso@company.com"
    ],
    "format": "pdf",
    "include_evidence_chain": false,
    "include_violations": true,
    "include_remediation_status": true,
    "systems": "all"
  }'

Schedule Options

Schedule	Cron	Use Case
Daily summary	`0 8 * * *`	SOC morning briefing
Weekly review	`0 9 * * 1`	Team review meeting
Monthly executive	`0 9 1 * *`	Board/executive reporting
Quarterly audit	`0 9 1 1,4,7,10 *`	Quarterly compliance filing
Pre-ATO sweep	One-time or on-demand	Federal ATO package generation

Report Content Options

Option	Description
`include_evidence_chain`	Include full RDL proof traces per control
`include_violations`	Include policy violation log for the period
`include_remediation_status`	Include open/resolved finding counts
`include_trend`	Include compliance score trend over the period
`include_benchmark`	Compare score against industry benchmark (Professional+ tier)
`executive_summary`	One-page summary suitable for non-technical readers

Delivery Options

Reports can be delivered via:

Email — PDF attachment or HTML inline
Webhook — JSON payload with report download URL
SIEM — structured JSON pushed to your SIEM ingest endpoint
GRC platform — ServiceNow, Archer, or custom integration via webhook

On-Demand Reports

Run a report immediately without waiting for the scheduled trigger:

Via Dashboard: Compliance → Reports → select schedule → “Run Now”

Via API:

curl -X POST "https://api.govern.archetypal.ai/v1/compliance/schedules/sched_01HXXXXXXXXXXX/run" \
  -H "Authorization: Bearer gvn_live_xxxxxxxxxxxx"

Compliance Dashboard Quick Reference

Task	Dashboard Path
Framework overview	Compliance → Overview
Control-level drill-down	Compliance → [Framework] → [Control]
Evidence chain for auditor	Compliance → [Framework] → [Control] → “View Evidence”
Export audit package	Compliance → [Framework] → “Export Evidence Package”
Active violations	Compliance → Policy Violations → Active
Violation trend	Compliance → Policy Violations → Trend
Scheduled reports	Compliance → Reports
Run report now	Compliance → Reports → [Schedule] → “Run Now”