KYE Protocol™ — 14 horizontal frameworks + 4 sectoral frameworks, each mapped to KYE Protocol™ runtime controls via the KYE Compliance Mapping Rail™. Pick your framework below; see the bound KYE™ controls and the official source.
AICPA's audit framework for service organisations: security, availability, confidentiality, processing integrity, privacy.
KYE™ bindings: access reviews → /v1/graph/authority-path; audit evidence → signed evidence packs; change management → KYE™ audit chain; incident evidence → KYE™ Self-Audit™ runs.
Information Security Management System. Annex A controls cover access, asset/entity inventory, privileged access, logging, supplier and incident management.
KYE™ bindings: entity inventory → KYE™ entity registry; privileged access → capability + state model; logging → KYE™ audit chain; supplier management → KYE™ delegation chain across trust domains.
First international standard for AI management: inventory, responsibility mapping, risk/impact, lifecycle controls, oversight logs.
KYE™ bindings: AI inventory → KYE™ entity (agent, model) registry; responsibility → delegation chain; oversight logs → KYE™ audit chain + Decision Map™.
EU regulation on AI systems & agents. Title III high-risk obligations: risk classification, data governance, technical documentation, human oversight, post-market monitoring.
KYE™ bindings (10 controls): kye-euaiact-1.0 profile binds entity accountability, AI system registry, capability + risk classification, human-oversight gates, runtime authority decision logs, technical-documentation evidence pack, corrective action trail, role mapping, high-risk workflow profile, post-market monitoring hooks.
US framework: Govern / Map / Measure / Manage AI risk lifecycle.
KYE™ bindings: Govern → delegation chain + role mapping; Map → capability registry; Measure → signal bus + telemetry; Manage → cascade revocation + recovery profile.
Payment-card industry data security standard. Covers credential state, payment-capability gating, wallet authority, audit logs.
KYE™ bindings: credential state → KYE™ state model; payment-capability gating → kye-payments-1.0; wallet authority → capability + delegation; audit → KYE™ audit chain + signed proof bundle.
Strong customer authentication, third-party access (TPP), open banking, agent-action liability under PSD3.
KYE™ bindings: SCA evidence → credential state; TPP delegation → KYE™ delegation chain (TPP → PSP → user); per-action authority → POST /v1/runtime/authorize; audit → signed proof bundle.
EU regulation on ICT third-party authority, operational resilience, incident response, auditability for financial entities.
KYE™ bindings: third-party authority → KYE™ delegation chain + trust-domain federation; incident evidence → KYE™ audit chain + Blast Radius Map™; operational resilience → recovery + break-glass profiles.
EU directive: cybersecurity governance, incident traceability, supply-chain controls, access authority for essential and important entities.
KYE™ bindings: incident traceability → KYE™ audit chain; supply-chain → capability registry + attestation; access authority → KYE™ delegation + scope.
Role mapping (controller / processor / sub-processor), lawful authority trail, data access, automated decision governance, audit.
KYE™ bindings: role mapping → entity types + delegation; lawful authority → consent credential + scope; right-to-erasure → lifecycle tombstoned + redaction obligations.
Healthcare entity access, minimum-necessary principle, emergency / break-glass, audit trails for PHI.
KYE™ bindings: minimum-necessary → capability scope; consent → credential entity; break-glass → recovery profile + signed time-boxed flow; audit → KYE™ audit chain with PHI redaction obligation.
US federal zero-trust reference: identity, device, network, application, data telemetry signals continuously inform every decision.
KYE™ bindings: continuous evaluation → KYE™ state model; per-request decision → embedded PDP; signal-driven invalidation → KYE™ signal bus + cascade.
Govern / Identify / Protect / Detect / Respond / Recover. The headline US cybersecurity reference.
KYE™ bindings: Govern → trademark + governance docs; Identify → entity registry; Protect → KYE™ authorize + state; Detect → signal bus; Respond → cascade revocation; Recover → recovery + break-glass profiles.
Standardised authorisation programme for cloud services used by US federal agencies. Builds on NIST 800-53 + 800-207.
KYE™ bindings: Continuous monitoring → KYE™ Self-Audit™ Cloud; access boundary → trust-domain federation; evidence pack → KYE™ evidence-pack generator with public-key verification.
EU regulation on crypto-asset issuers, service providers, white papers, conduct, and operational resilience.
KYE™ bindings: custody chain → kye-custody-1.0 + signer-of-signers delegation; recovery → recovery profile; audit → signed evidence pack.
Federal Financial Institutions Examination Council guidance on authentication, third-party risk, BCP, AML.
KYE™ bindings: authentication evidence → credential state; third-party risk → trust-domain federation; AML → capability scope + obligation.
Standards series for industrial automation & control systems. Used in energy, water, manufacturing, transport.
KYE™ bindings: operator / vendor / maintenance authority → KYE™ delegation + scope; emergency authority → break-glass profile; safety-critical actions → kye-energy-1.0 / kye-critical-infra-1.0 overlays.
Strict consent + redaction rules for substance-use treatment records. Healthcare overlay.
KYE™ bindings: consent credential + redaction obligation; kye-healthcare-clinical-1.0 v1.1 overlay (Q3 2026).
These are referenced on the relevant sector pages with their respective KYE™ profile bindings. Full per-control mapping ships in private/specs/compliance/control-mappings.md.
Per-sector framework mapping → sectors.html · full normative spec → whitepaper.html#compliance · certification programme → compliance.html