Governance Framework
The top-level operating model — governance functions, agent lifecycle, risk classification, and enterprise integration.
The Agentic Governance Framework is the top-level operating model that everything else sits under. It defines five governance functions, an agent lifecycle, risk classification, and enterprise integration points.
Five Governance Functions
Adapted from NIST AI RMF for the agentic context:
| Function | Purpose | AGF Mapping |
|---|---|---|
| Discover | Identify agentic systems, their capabilities, and their risk profile | Risk classification, agent inventory |
| Assess | Evaluate risks, threats, and governance requirements | Threat modeling, standards mapping |
| Govern | Establish policies, controls, and oversight mechanisms | Ring 2 (Governance), Policy as Code (#9) |
| Monitor | Observe system behavior, detect anomalies, measure compliance | Ring 3 + Observability, Event-Driven (#10) |
| Evolve | Improve governance based on operational experience | Self-Improving Cycles (#3), Trust Ladders (#11) |
Agent Lifecycle
From deployment to retirement, with governance at every stage:
- Design & Development — threat modeling, ring activation decisions, primitive selection
- Evaluation & Assurance (#18) — pre-deployment testing, regression suites, adversarial evaluation
- Deployment — initial trust level, governance configuration, monitoring baseline
- Operation — runtime governance (Rings 0-2), continuous monitoring (Ring 3)
- Evolution — trust calibration, configuration updates, capability expansion
- Retirement — graceful decommission, evidence preservation, trust revocation
Risk Classification
Determines which rings activate and how intensely:
| Risk Level | Ring Activation | Governance Intensity |
|---|---|---|
| Low | Ring 0 + minimal Ring 1 | Near-zero overhead |
| Medium | Ring 0 + Ring 1 + adaptive Ring 2 | 1.5–3x Ring 0 alone |
| High | All four rings, mandatory gates | 3–5x Ring 0 alone |
| Critical | All rings + enhanced Security Intelligence | 5x+ Ring 0 alone |
Enterprise Integration
AGF is designed to complement, not replace, existing enterprise systems:
- IAM — agent identity integrates with organizational identity (SPIFFE, OAuth, OIDC)
- SIEM/SOAR — agentic events flow to existing security monitoring
- GRC platforms — governance evidence maps to control frameworks
- CI/CD — Evaluation & Assurance (#18) integrates with deployment pipelines
- Observability — OpenTelemetry compatibility ensures standard tooling
Maturity Model
Organizations grow governance capability over time:
- Non-existent — agents deployed but no formal governance; no inventory, no classification, no governance artifacts. Most organizations with agents in production today.
- Foundation — agent inventory maintained; risk-tier classification; Ring 0 + Ring 1 operational for high-risk agents; event capture; policy rules for critical domains.
- Governed — full Ring 0 + Ring 1 + Ring 2 operational; Agentic Observability at correlation level; Trust Ladders calibrating; audit packages on demand.
- Adaptive — Ring 3 (Learning) operational; self-improving cycles; predictive quality and security monitoring; governance overhead decreasing as the system matures.
- Optimized — full framework across all agent types; continuous assurance; governance as competitive advantage; cross-organizational intelligence.
AGF's L1–L5 is a program-level scale. It is complementary to CSA ATF's per-deployment autonomy scale (Intern → Junior → Senior → Principal), which describes individual agent deployments within an organization. A program at L3 may run agents at varying ATF tiers.
For the complete governance framework specification, see the canonical source.
Governance Decision Record (GDR)
AGF's canonical audit artifact at gate boundaries — a single record format that serializes any Gate Resolution or Domain Outcome into an auditable artifact.
Decision Intelligence
Governed decision-making systems with structured persistence, belief revision, and multi-agent governance pipelines.