Evidence Scope
- What exactly was tested?
- Which model, data, sensor, policy, and component versions were in scope?
- What was excluded?
- What evidence supports the release verdict?
Federal AI Evidence Surface
AI RMF-Aligned Evidence Infrastructure
Sovrient packages AI delivery evidence into independently re-judgeable release bundles for federal AI acquisition and critical infrastructure review.
Sovrient makes sure evidence claims cannot mean more than their artifacts permit.
Not AI RMF compliance
Not NIST certification
Not FedRAMP authorization
AI RMF Playbook Twin
AI RMF Crosswalk
A qualified reviewer can inspect the bundle, verify the evidence chain, apply the same policy pack, and reach the same release, hold, or fail verdict without trusting the original vendor narrative.
The narrow claim is evidence packaging. Sovrient does not replace agency CAIO authority, legal review, acquisition planning, organizational risk acceptance, or certification by any standards body.
Terms Used
- NERV Release Evidence Bundle
- A bounded package of release evidence, policy criteria, manifests, receipts, and verdict state. On this page, NERV refers to this evidence-bundle pattern.
- PCBA
- Persona Consortium Based Analysis: Sovrient's structured adversarial review method for testing claims across reviewer roles.
- SSEJ
- Saw, Selected, Excluded, Justified: the minimum governance reconstruction record for a reviewable decision.
- AIBOM
- AI bill of materials: an inventory of AI, data, model, component, and lineage elements relevant to the scoped release.
- AUTH-REF
- Authority-bound reference register. Authority-bound means source bytes are bound and checked; it does not mean authority-substituting.
- Anatop
- A derived, agent-readable standards twin or reference surface. It helps reviewers navigate authoritative material without replacing that authority.
- TEVV
- Testing, evaluation, validation, and verification artifacts tied to a release boundary.
- Fail-Closed Gate
- A release control that blocks promotion when required evidence is missing, stale, malformed, or mismatched.
Buyer Questions
Reviewability
- What happens when evidence is stale, incomplete, or outside the operating envelope?
- Can a reviewer reproduce the release, hold, or fail judgment without trusting a vendor summary?
- Which policy pack produced the verdict?
- What successor evidence supersedes this package?
What Sovrient Provides
| Evidence family | Buyer question answered |
|---|---|
| Policy pack | What rules or acceptance criteria were applied? |
| Scope and authority boundary | What does this evidence claim, and what does it not claim? |
| SSEJ record | What was seen, selected, excluded, and justified? |
| AIBOM-style inventory | Which AI, data, and component lineage was in scope? |
| Evidence graph | How do source artifacts connect to the verdict? |
| Regulatory claim-control record | Which pursuit, teaming, or delivery claim is supported, partial, blocked, stale, or still review-gated? |
| TEVV report | What testing, evaluation, validation, and verification was run? |
| Deterministic replay receipt | Can the result be recomputed or re-judged? |
| Fail-closed gate result | What happens when evidence is missing or mismatched? |
| Release verdict / hold state | Is the package release-ready, held, or failed under the policy pack? |
| Anchor receipt / successor manifest | How is the release evidence timestamped, versioned, and superseded? |
AI RMF Crosswalk
| AI RMF function | Sovrient evidence emphasis |
|---|---|
| Govern | Policy packs, authority boundaries, SSEJ records, residual-risk decisions, governance registers. |
| Map | Evidence graphs, component lineage, source catalogs, intended-use boundaries, excluded-input records. |
| Measure | TEVV outputs, deterministic replay receipts, monitoring records, drift receipts, fail-closed gates. |
| Manage | Release verdicts, hold states, incident records, risk-treatment records, anchor receipts, successor manifests. |
AI RMF is voluntary in form; federal AI acquisition evidence is becoming contractually load-bearing in practice. Sovrient packages that evidence so it can be independently reviewed and re-judged.
M-25-21 High-Impact AI Diligence Mapping
| M-25-21 diligence area | NERV coverage |
|---|---|
| Pre-deployment testing | TEVV bundle and deterministic test receipts. Native. |
| AI impact assessment | Impact-assessment artifact node, authority boundary, and residual-risk decision record. Adapter. |
| Ongoing performance and adverse-impact monitoring | Append-only monitoring chain, drift receipts, and incident records. Native. |
| Human training and assessment | Training records can be ingested and hash-bound; Sovrient does not provide training authority. Out of scope except records ingestion. |
| Human oversight, intervention, and accountability | Override, escalation, appeal, and hold-state nodes can be packaged where buyer policy supplies them. Adapter. |
| Consistent remedies or appeals | Incident and appeal records can be bound into the evidence graph; remedy authority remains with the agency or program owner. Adapter. |
| End-user and public feedback | Consultation and feedback records can be ingested; Sovrient does not replace the agency consultation process. Out of scope except records ingestion. |
For M-25-21 or M-25-22 diligence, request a short technical review anchored to the public evidence surfaces.
Public Reference Artifacts
Standards Twin
Derived Sovrient standards twin with source hashes, 72 AI RMF Playbook outcomes, JSON-LD, evidence crosswalk, and validation report. It is not an official NIST artifact.
AUTH-REF Register
Authority-bound anatop reference register. Doctrine: authority-bound does not mean authority-substituting.
NIST CI Profile Comment
Sovrient's draft comment recommending evidence packages and independent re-judgment as Critical Infrastructure Profile patterns.
Anchor Status
Open anchor registry ยท Operational status
The current NERV anchor-track baseline has a confirmed RFC 3161 timestamp over the published reference manifest. OpenTimestamps has upgraded to a Bitcoin block attestation; sovereign-node verification status is tracked on the operational status page.
Fit Boundary
Fit
- AI delivery evidence that can be reviewed independently.
- Public or controlled artifacts for acquisition diligence.
- Boundary-aware evidence packages for high-stakes AI use.
- Source-bound regulatory claim control for capture, teaming, and delivery evidence where claims need explicit support and non-claim boundaries.
- Machine-readable discovery for automated reviewers and procurement agents.
- Fail-closed review when evidence is stale, incomplete, or mismatched.
Not Fit
- Legal opinion.
- NIST or third-party certification.
- FedRAMP authorization claim.
- Set-aside eligibility determination, workshare certification, ATO readiness claim, or CMMC assessment.
- Substitute for agency risk acceptance.
- Generic GRC workflow management without evidence-chain requirements.