Guide / AIGIS resources
NIST AI RMF is a reference many US enterprises use for AI risk conversations. AIGIS does not certify RMF alignment; it produces permission-provenance evidence that supports the Measure and Manage functions. Salesforce is the production proof path.
Executive read
Treat RMF as an evidence and repeatability exercise, not a one-time policy.
Show, per AI interaction, which permission checks ran before the model saw data.
Keep an auditor-readable record of excluded fields and denied records.
Start on a Salesforce workflow; scope ServiceNow and SAP as disclosed co-development.
Analysis
The Measure and Manage functions ask teams to track and respond to AI risk over time. Permission-provenance gives those functions a concrete artifact: a record of the access decision behind each AI answer.
AIGIS produces that record. It does not assert RMF conformance, and no AIGIS material should claim it.
For one Salesforce workflow, capture the object, field, and live record access checks before prompt construction, then the fields stripped and records denied.
Repeat the same pattern across workflows so the evidence is consistent and reviewable.
Bring one permission-sensitive Salesforce workflow to a scoped review at `/demo` and see the evidence a reviewer would read.
Resource packet
Evidence packet
Capture user context, system of record, enforcement tier, stripped fields, model route, response, hash marker, and fallback notes.
Salesforce is the production proof path. ServiceNow and SAP are design-partner co-development paths with asymmetric enforcement that must be disclosed in diligence.
Keep reading
Security
A regulated-industry lens on permission provenance, field stripping, and Salesforce-first proof workflows.
Security
A concise CISO-oriented brief for evaluating AI governance evidence, permission enforcement, and connector asymmetry.
Audit
The audit elements needed to explain what an AI answer was allowed to know.