Coverage at a glance.
Every regulatory framework KYE Protocol™ maps to, by control family. Cells reflect the proportion of declared controls bound to a KYE™ artefact (engine, audit-chain event family, schema, or evidence pack). The full per-control mapping lives at coverage.html.
Source: internal · regenerated on every push to main · browsable view.
Frameworks × control families
Eight canonical control families across all 170 frameworks. Cells: green = ≥90% bound · amber = 60-89% · red = <60% · "—" = framework does not name this family.
| Framework | Governance | Risk | Audit / Records | Access | Data | Resilience | Third-party | Transparency |
|---|---|---|---|---|---|---|---|---|
| EU AI Act · Art 6/9/12/13/50 | 100% | 100% | 100% | 75% | 92% | 80% | 100% | 100% |
| DORA · Art 6/28 | 100% | 95% | 100% | 82% | 78% | 100% | 100% | 76% |
| GDPR · Art 5/30/32/35/44 | 100% | 85% | 100% | 93% | 100% | 71% | 95% | 100% |
| SOC 2 · TSC CC1-CC9 / A1 | 100% | 100% | 100% | 100% | 95% | 92% | 100% | 85% |
| ISO 27001 · Annex A / 9.1 | 95% | 90% | 100% | 100% | 92% | 93% | 93% | 81% |
| ISO 42001 · AIMS | 100% | 100% | 90% | 72% | 92% | 68% | 75% | 100% |
| NIST AI RMF · GOVERN/MAP/MEASURE/MANAGE | 100% | 100% | 93% | 70% | 90% | 75% | 80% | 100% |
| NIST 800-207 · Zero Trust | 100% | 100% | 100% | 100% | 95% | 90% | 82% | 80% |
| NIST CSF 2.0 | 100% | 95% | 93% | 92% | 90% | 90% | 90% | 78% |
| SR 11-7 · Model risk mgmt | 100% | 100% | 100% | — | 82% | 75% | 78% | 100% |
| BCBS 239 · Risk data aggregation | 100% | 100% | 100% | 82% | 93% | 90% | 90% | 85% |
| FCA OpRes · IBS | 100% | 100% | 100% | 82% | 78% | 100% | 95% | 75% |
| PCI DSS 4.0 | 82% | 85% | 100% | 100% | 100% | 75% | 80% | 55% |
| PSD2/PSD3 · SCA / open banking | 85% | 80% | 100% | 100% | 95% | 78% | 75% | 72% |
| HIPAA / HITECH | 95% | 85% | 100% | 100% | 100% | 78% | 92% | 75% |
| HAARF v1.0 | 100% | 100% | 100% | 82% | 95% | 80% | 80% | 100% |
| MHRA SaMD / SaMD AI | 100% | 100% | 100% | 75% | 95% | 78% | 82% | 95% |
| FedRAMP Mod | 95% | 93% | 100% | 100% | 92% | 90% | 90% | 78% |
| SEC 17a-4 / FINRA 4511 | 80% | 72% | 100% | 70% | 75% | 82% | 55% | 50% |
| UK NCSC CAF · Principle B/D | 95% | 90% | 95% | 92% | 90% | 95% | 90% | 78% |
≥ 90% bound 60-89% < 60% n/a (framework does not name family)
Numbers are derived from the per-control bijection at coverage.html (regenerated on every push to main). Red and amber cells link to remediation plans in the canonical implementation registry.
How to read the heatmap
- Buyer. One green column across all your in-scope frameworks = the procurement question is answered.
- Auditor. Click into any row → the per-control bindings on coverage.html → the signed evidence pack per control.
- Regulator. The green cells are the framework requirements where the binding is bijection-mapped to a KYE™ artefact; amber are in-flight; red are open work items tracked in the implementation registry.
- Builder. Use the heatmap to scope which framework families your deployment touches. Each green cell is a saved week of evidence assembly.