Skip to content

Glossary

Definitions of terms you’ll encounter across Governance Studio.

TermDefinition
OrganizationThe top-level account in Governance Studio. All projects, members, and policies belong to an organization.
ProjectA distinct scope of work — a product, initiative, system, or agent — that your team wants to bring into compliance.
PolicyA structured set of compliance requirements. Policies may represent regulations, RMFs, or internal SOPs.
Applied policyA policy that has been applied to a project, activating the policy’s controls and enabling your team to start tracking compliance.
Policy LibraryThe collection of all policies available to apply to your project. The Policy Library is scoped to your organization.
ControlA discrete mandate within a policy.
TermDefinition
DeclarationA statement describing how a control has been implemented.
ReviewA statement describing whether a control’s implementation is satisfactory.
AttachmentA file submitted to support a declaration or review.
Control statusA snapshot of a control’s current state. A control’s status updates based on the last action taken on that control.
CredentialAn attestation that a project has met a specific policy.
ReportA point-in-time record of a project’s compliance status toward a specific policy.
Integrity actionAn action that is cryptographically signed and hashed at the moment you take it, making it permanent.
TermDefinition
IndicatorAn automated evaluation that determines whether a system, environment, or function matches machine-readable criteria you define.
EventData your systems send to an indicator’s ingestion endpoint to be evaluated.
Ingestion endpointThe endpoint an indicator connects to.
Extraction RuleA rule that tells the indicator where to look in an event (using a JSONPath) and what value to expect there (using Success Criteria).
JSONPathAn expression used to select a value from incoming event data.
Success CriteriaThe conditions that determine whether an evaluation results in Success or Failure.
Evaluation statusThe result of an indicator’s most recent evaluation (or lack thereof): Awaiting Evaluation, Success, Failure, or Evaluation Error.
Declaration TemplateThe template used to define the declaration an indicator submits to the controls it’s applied to when an evaluation results in Failure.
TermDefinition
CIDA CID (Content Identifier) is a unique fingerprint derived from a piece of content.
DIDA DID (Decentralized Identifier) is a unique identifier for a user, organization, or even system, used to sign actions such as declarations and reviews.
UUIDA UUID (Universally Unique Identifier) is a standard identifier used to distinguish records such as projects and evaluations.
Governance ManifestA machine-readable file (manifest.json), included in a report’s .zip, that lists the CIDs and DIDs of every declaration, review, and attachment so the report can be independently verified.
VerifiedA record is verified when its cryptographic proof is confirmed intact — its content matches its original CID and its signature traces back to the signer’s DID.
CertifiedThe status a project displays once it has an active credential for a policy.
Lineage ManifestA cryptographically verifiable record of how a dataset, model, or other asset is produced. This file can be viewed as a Lineage Graph in Governance Studio.