aws2 Documentation

Working draft

This page renders the current aws2 working draft. It is not a released standard, certification program, compliance framework, legal analysis, endorsement, or public conformance claim.

This section defines first-pass candidate control families for the working draft. The requirements are intentionally written in normative style so they can be reviewed for clarity and testability, but they remain candidate requirements until a released aws2 version exists.

Each family includes:

objective
primary layer and typical owner
applicability notes
candidate Level 1, Level 2, and Level 3 requirements
minimum evidence examples
mapping notes
claim limits

The current candidate requirements have been revised against the completed source-first and family-first crosswalk baseline. They remain working-draft candidate requirements until a released aws2 version exists, and mapping notes in this section remain informative rather than conformance, legal, or certification claims.

ID	Family	Primary layer	Typical owner
AWS2-SCP	Scope, inventory, and ownership	Workspace and endpoint	Organization or governance
AWS2-DEL	Delegation, authority, and identity	Runtime platform	Organization or governance
AWS2-WSB	Workspace and execution boundaries	Workspace and endpoint	Workspace or endpoint
AWS2-RUN	Runtime policy, approvals, and action control	Runtime platform	Runtime platform
AWS2-SRC	Skill, tool, and connector source trust	Skill or skill-set source	Skill or skill-set source
AWS2-CTX	Context, memory, and instruction boundary control	Runtime platform	Runtime platform
AWS2-SEC	Secrets, credentials, and sensitive data handling	Workspace and endpoint	Workspace or endpoint
AWS2-LOG	Logs, receipts, and traceability	Evidence and audit	Evidence or audit
AWS2-VAL	Validation, testing, and review	Evidence and audit	Evidence or audit
AWS2-GOV	Governance, exceptions, and change management	Organization and governance	Organization or governance