a2aws2Agentic Workspace Security Standard

Control Families

AWS2-LOG: Logs, Receipts, And Traceability

Working draft

This page renders the current aws2 working draft. It is not a released standard, certification program, compliance framework, legal analysis, endorsement, or public conformance claim.

Objective:

The scoped agentic workspace system should create durable, reviewable, and appropriately redacted records that allow authorized reviewers to reconstruct agent actions, policy outcomes, approvals, denials, source changes, and evidence-relevant events without unnecessarily retaining raw secrets or confidential payloads.

Primary layer: evidence and audit.

Typical owner: evidence or audit.

Applicability:

Applies when agents can take actions, invoke tools, request approvals, access sensitive resources, change workspace state, or produce evidence relevant to candidate controls, incident review, disclosure review, validation, or external mapping.

Level 1 Candidate Requirements

AWS2-LOG-L1-001: The scoped agentic workspace system MUST identify which runtime, workspace, tool, connector, approval, source-change, and validation events are logged or otherwise recorded, and MUST identify events that are intentionally not logged because logging would create unnecessary sensitive-data exposure.

AWS2-LOG-L1-002: The scoped agentic workspace system MUST define a minimum receipt format for high-impact action events, including timestamp, actor or system identity, runtime or workflow identifier, action class, resource scope, policy outcome, approval state, stable event identifier, and redaction-safe reference where available.

AWS2-LOG-L1-003: The scoped agentic workspace system MUST identify log or receipt locations that should not contain secrets, credentials, or unnecessary confidential payloads, and MUST define redaction expectations for sensitive prompts, tool outputs, retrieved content, screenshots, and derived summaries where applicable.

Level 2 Candidate Requirements

AWS2-LOG-L2-001: The scoped agentic workspace system MUST retain reviewable records for high-impact action requests, approvals, denials, policy triggers, tool invocations, and material source or boundary changes for an approved retention period, including disclosure, incident, sensitive-data access, and validation events where applicable.

AWS2-LOG-L2-002: The scoped agentic workspace system MUST ensure that records needed for review are attributable to a runtime, user, role, service account, workflow, agent identity, tool or connector, source version, policy version, or approval identity where applicable.

AWS2-LOG-L2-003: The scoped agentic workspace system SHOULD provide structured exports or summaries that allow review without exposing raw secrets, credentials, confidential payloads, private personal data, or unrelated business content.

Level 3 Candidate Requirements

AWS2-LOG-L3-001: The scoped agentic workspace system MUST protect high-impact action and approval records against unauthorized modification, deletion, or unreviewed retention changes, and MUST document any gaps where authoritative records remain outside the assessed boundary.

AWS2-LOG-L3-002: The scoped agentic workspace system MUST test whether reviewers can reconstruct a sampled high-impact workflow from records, approvals, policy outcomes, source or configuration state, sensitive-data handling records, and evidence artifacts.

AWS2-LOG-L3-003: The scoped agentic workspace system SHOULD use tamper-evident, independently retained, write-once, or separation-controlled logging for high-impact environments where feasible, and SHOULD map critical log sources to monitoring, incident, or alert review where applicable.

Minimum evidence examples:

  • log source inventory
  • receipt schema
  • sampled runtime and approval receipts
  • denied-action records
  • sensitive-data access or redaction receipts
  • disclosure, incident, or escalation records where applicable
  • source-change or boundary-change records
  • retention policy
  • reconstruction test result
  • log integrity or tamper-evidence control note
  • structured export or review packet

Mapping notes:

  • The completed crosswalk treats AWS2-LOG as a candidate-control family shaped by retained logs, disclosure events, incident escalation, tamper-evident action receipts, policy decision logs, interaction metadata, action-chain audit records, evidence packets, observability, provenance, monitoring, and AI-incident detection signals from EU AI Act, CSA AARM, OWASP AISVS, AIUC-1, CSA MAESTRO, NIST AI 600-1, ISO/IEC 42001, Five Eyes guidance, and MITRE ATLAS.

Claim limits:

  • Logs and receipts support evidence for selected controls. They do not prove control effectiveness, Article 26 or Article 50 compliance, AISVS conformance, AIUC-1 certificate equivalence, tamper-evident runtime behavior, or complete incident reconstruction unless paired with policy, validation, retention, integrity, and review evidence.
Previous
AWS2-SEC: Secrets, Credentials, And Sensitive Data Handling
Next
AWS2-VAL: Validation, Testing, And Review