DoD 5015.02-STD — Electronic Records Management Software Applications Design Criteria
DoD 5015.02-STD — Electronic Records Management Software Applications Design Criteria — 60% covered.
5 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: DoD 5015.02-STD sets the design criteria for Records Management Application (RMA) software — declaring records, categorisation by record category / file plan, access controls, audit, and disposition/transfer. KYE Protocol™ is NOT an RMA — Iron Mountain InSight DXP plus a records system is. KYE Protocol™ governs ACTION authority at the boundary where a managed record drives a consequential AI action. The RMA design criteria (record declaration, file plan, disposition) map out-of-scope; the access-control decision and audit-of-the-action-decision overlay maps enforced. · License: DoD 5015.02-STD is a US Department of Defense standard published in the public domain; KYE registry cites its criteria structure for mapping purposes.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Access-control decision at the action boundary (authority overlay) | 2 | 2 | 0 | 0 | 0 | 100% |
| Audit of the action decision (authority overlay) | 1 | 1 | 0 | 0 | 0 | 100% |
| Record declaration & categorisation / file plan (RMA criteria) | 1 | 0 | 0 | 0 | 0 | 0% |
| Disposition & transfer (RMA criteria) | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
dod-5015-2.access-control-action-decision |
Access-control at the action boundary: refuse a consequential AI action on a managed record without the required authority | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
dod-5015-2.named-authority-binding |
Named-authority binding: every consequential action on a managed record is attributable to a named principal | enforced | audit_events: kye.purpose.request.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/36-GOVERNEDUI.md |
dod-5015-2.action-decision-audit |
Audit of the action decision: an immutable governance audit entry for every consequential action on a managed record | enforced | audit_events: kye.evidence.pack.v1, kye.replay.proof.v1engines: internal, internalrule_packs: kye:rule-pack:chain-of-authority-insightconstitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |
dod-5015-2.record-declaration-file-plan |
Record declaration & categorisation / file plan (RMA criteria — owned by the records system, not KYE™) | out-of-scope | constitution_refs: constitution/15-MCP-AND-SDK.md |
dod-5015-2.disposition-transfer |
Disposition & transfer (RMA criteria — owned by the records system / Iron Mountain, not KYE™) | out-of-scope | constitution_refs: constitution/30-AUDIT-WORM-RETENTION.md |