Definitions of terms you’ll encounter across Governance Studio.
| Term | Definition |
|---|
| Organization | The top-level account in Governance Studio. All projects, members, and policies belong to an organization. |
| Project | A distinct scope of work — a product, initiative, system, or agent — that your team wants to bring into compliance. |
| Policy | A structured set of compliance requirements. Policies may represent regulations, RMFs, or internal SOPs. |
| Applied policy | A policy that has been applied to a project, activating the policy’s controls and enabling your team to start tracking compliance. |
| Policy Library | The collection of all policies available to apply to your project. The Policy Library is scoped to your organization. |
| Control | A discrete mandate within a policy. |
| Term | Definition |
|---|
| Declaration | A statement describing how a control has been implemented. |
| Review | A statement describing whether a control’s implementation is satisfactory. |
| Attachment | A file submitted to support a declaration or review. |
| Control status | A snapshot of a control’s current state. A control’s status updates based on the last action taken on that control. |
| Credential | An attestation that a project has met a specific policy. |
| Report | A point-in-time record of a project’s compliance status toward a specific policy. |
| Integrity action | An action that is cryptographically signed and hashed at the moment you take it, making it permanent. |
| Term | Definition |
|---|
| Indicator | An automated evaluation that determines whether a system, environment, or function matches machine-readable criteria you define. |
| Event | Data your systems send to an indicator’s ingestion endpoint to be evaluated. |
| Ingestion endpoint | The endpoint an indicator connects to. |
| Extraction Rule | A rule that tells the indicator where to look in an event (using a JSONPath) and what value to expect there (using Success Criteria). |
| JSONPath | An expression used to select a value from incoming event data. |
| Success Criteria | The conditions that determine whether an evaluation results in Success or Failure. |
| Evaluation status | The result of an indicator’s most recent evaluation (or lack thereof): Awaiting Evaluation, Success, Failure, or Evaluation Error. |
| Declaration Template | The template used to define the declaration an indicator submits to the controls it’s applied to when an evaluation results in Failure. |
| Term | Definition |
|---|
| CID | A CID (Content Identifier) is a unique fingerprint derived from a piece of content. |
| DID | A DID (Decentralized Identifier) is a unique identifier for a user, organization, or even system, used to sign actions such as declarations and reviews. |
| UUID | A UUID (Universally Unique Identifier) is a standard identifier used to distinguish records such as projects and evaluations. |
| Governance Manifest | A machine-readable file (manifest.json), included in a report’s .zip, that lists the CIDs and DIDs of every declaration, review, and attachment so the report can be independently verified. |
| Verified | A record is verified when its cryptographic proof is confirmed intact — its content matches its original CID and its signature traces back to the signer’s DID. |
| Certified | The status a project displays once it has an active credential for a policy. |
| Lineage Manifest | A cryptographically verifiable record of how a dataset, model, or other asset is produced. This file can be viewed as a Lineage Graph in Governance Studio. |