AWS2-SCP: Scope, Inventory, And Ownership

Objective:

The scoped agentic workspace system should have an explicit boundary, inventory, and owner model so that agents, tools, resources, identities, evidence sources, and exclusions are visible and reviewable.

Primary layer: workspace and endpoint.

Typical owner: organization or governance.

Applicability:

Applies to every scoped agentic workspace system. If a system cannot describe its boundary, it should not claim alignment with any aws2 candidate level.

Level 1 Candidate Requirements

AWS2-SCP-L1-001: The scoped agentic workspace system MUST maintain a scope record that identifies the agent runtime or runtimes, connected tools, skills, connectors, workspace resources, data or context sources, memory sources where applicable, human users, approvers, administrators, and evidence owners in scope.

AWS2-SCP-L1-002: The scoped agentic workspace system MUST identify out-of-scope systems, resources, data sources, context sources, roles, or action classes that a reviewer could reasonably confuse with the assessed boundary.

AWS2-SCP-L1-003: The scoped agentic workspace system MUST assign at least one named owner or owner group for workspace or endpoint, runtime platform, skill or skill-set source, organization or governance, and evidence or audit responsibilities.

Level 2 Candidate Requirements

AWS2-SCP-L2-001: The scoped agentic workspace system MUST maintain a repeatable inventory process for in-scope runtimes, tools, skills, connectors, repositories, workspace resources, data categories, memory or retrieval sources, and external systems reachable by agents.

AWS2-SCP-L2-002: The scoped agentic workspace system MUST review material boundary changes before production use, including new high-impact tools, expanded filesystem or repository access, new connectors, new delegated authority paths, or changed evidence collection or claim scope.

AWS2-SCP-L2-003: The scoped agentic workspace system SHOULD reconcile runtime configuration, tool availability, and source inventories against the approved scope record on a periodic or release-driven basis.

Level 3 Candidate Requirements

AWS2-SCP-L3-001: The scoped agentic workspace system MUST retain historical scope records for material production periods so reviewers can reconstruct what agents could observe or invoke at the time of a relevant event.

AWS2-SCP-L3-002: The scoped agentic workspace system MUST require independent or separated review for material boundary changes that introduce high-impact action authority, sensitive data access, production write access, or new trusted runtime or skill sources.

AWS2-SCP-L3-003: The scoped agentic workspace system SHOULD detect and review drift between approved scope records and observed runtime, connector, skill, or workspace state.

Minimum evidence examples:

• scope record
• inventory export
• owner matrix
• intended-use and impact note
• tool, data, memory, and component map
• boundary-change record
• scope review or approval record
• drift or reconciliation report where available

Mapping notes:

• The completed crosswalk treats AWS2-SCP mostly as supporting evidence for scope, inventory, ownership, intended use, component mapping, and boundary review. EU AI Act, NIST, ISO/IEC, CSA, OWASP, Five Eyes, and MITRE sources help shape the records a reviewer should expect, but they do not define the aws2 assessment boundary by themselves.

Claim limits:

• Scope and inventory evidence supports review of selected candidate controls. It does not prove secure configuration, legal role classification, ISO/IEC management-system conformity, AISVS conformance, AIUC-1 certificate equivalence, or satisfaction of the full standard.