SOC 2 Trust Services Criteria, Attestix coverage
How Attestix's signed audit chains, Verifiable Credentials, and provenance records map to the AICPA SOC 2 Trust Services Criteria (2017 + 2022 additions). SOC 2 is an attestation, not a certification. Attestix is evidence plumbing your CPA's auditor can use, not a SOC 2 readiness platform.
The AICPA SOC 2 Trust Services Criteria (TSC 2017 with 2022 Revised Points of Focus) are the framework an independent CPA firm uses to perform a SOC 2 examination of a service organisation. This page shows how Attestix's signed audit chains, Verifiable Credentials, and provenance records map to the TSC, focused on the technology-heavy criteria (Common Criteria CC1-CC9 and Processing Integrity PI1) where chain-hashed evidence is most useful.
Why this matters
SOC 2 is an attestation, not a certification. This distinction is load-bearing:
- A certification (ISO 27001, ISO 42001) is a binary YES/NO awarded by an accredited certification body. The organisation displays a cert mark.
- An attestation (SOC 2) is a CPA firm's professional opinion on whether the service organisation's controls were suitably designed (Type I) or designed and operating effectively (Type II) to meet the relevant Trust Services Criteria over a stated audit period. The deliverable is a SOC 2 report (~80 to 200 pages) with a one-page CPA opinion letter on top.
Attestix does not ship SOC 2 attestations and is not a CPA firm. We do not issue an opinion. What Attestix ships is the evidence plumbing your CPA's auditor can use during your own SOC 2 examination, particularly for the technology-heavy criteria where signed audit trails + chain-hashed event logs + cryptographic identity reduce auditor evidence-gathering by weeks.
The honest coverage table
The TSC 2017 has 64 criteria total. The table below covers 30 representative criteria focused on Common Criteria (CC1-CC9, the Security category required for every SOC 2 report) and Processing Integrity (PI1, the entire category, the strongest Attestix-aligned area).
| Criterion | Mitigation surface in Attestix | Coverage | Evidence shape |
|---|---|---|---|
| CC1.1 Integrity + ethical values commitment | None directly; ethics culture is organisational | record-only | ProviderAssertionCredential |
| CC1.2-CC1.5 Board oversight + structures + competency + accountability | None; organisational controls | out-of-scope | n/a |
| CC2.1-CC2.3 Information quality + internal + external communication | Every audit event high-quality by construction; agent cards + DoC as external-communication artefacts | evidence-substrate | AgentIdentityCredential + audit chain |
| CC3.1 Specifies objectives | intended_purpose + system_objectives (v0.5) | record-only | ProviderAssertionCredential |
| CC3.2 Identifies + analyses risk (includes 2022 AI/ML points of focus) | v0.5 risk register + cross-walk to OWASP ASI + FRIA template | evidence-substrate | ProviderAssertionCredential + SecurityCheckCredential |
| CC3.3 Considers fraud risk | Chain-hashed audit log makes post-hoc fraud forensically detectable (actors with valid DID credentials can still emit fraudulent-but-hash-consistent events, pair with CC7.2 anomaly detection); cross-walk to OWASP ASI03 (identity abuse) | evidence-substrate | ProviderAssertionCredential + audit-chain tamper-evidence |
| CC4.1-CC4.2 Ongoing + separate evaluations + deficiency communication | compliance_service checks re-run on cron with signed VerifiableCheckResult; v0.5 control_deficiency events | evidence-substrate | VerifiableCheckResult + audit chain |
| CC5.1-CC5.3 Control activity selection + general technology controls + deployment via policies | compliance_service profiles encode control selections; audit chain over every profile change | record-only | ProviderAssertionCredential + audit chain |
| CC6.1 Logical access security software + infrastructure | DID-based identity; UCAN capability + scope enforcement; every state change signed by actor DID | evidence-substrate | DID document + UCAN token + audit chain |
| CC6.2 Registers + authorises new users prior to credential issuance | identity_service.create_agent_identity, signed + dated + role-tagged; approver DID signs issuance event | evidence-substrate | AgentIdentityCredential + approver-signed audit event |
| CC6.3 Authorises + modifies + removes access (least privilege + segregation of duties) | UCAN delegation chain (least-privilege built in via attenuation: no chain can grant powers the parent did not have, PR #45); revoke_credential | evidence-substrate (strongest CC6 row) | UCAN chain + revocation VC + audit chain |
| CC6.4-CC6.5 Physical access + asset retrieval/disposal | None directly; data-centre operations (AWS, GCP, Azure, on-prem) | out-of-scope | n/a |
| CC6.6 Logical security measures against threats outside system boundary | Cross-walk to OWASP ASI03 + ASI07; offline verify_credential for external-actor authentication | evidence-substrate | Audit chain + SecurityCheckCredential |
| CC6.7 Transmission + movement + removal of information | bundle export signed + chain-hashed; v0.5 data_egress events | evidence-substrate | Audit chain + signed bundle manifest |
| CC6.8 Prevention + detection of unauthorised or malicious software | Cross-walk to OWASP ASI04 supply chain; model-lineage + training-data fingerprints | evidence-substrate | Provenance entries + SecurityCheckCredential (ASI04 tag) |
| CC7.1 Detection + monitoring procedures (config changes + vulnerabilities) | v0.5 config_change events with before/after; cross-walk to Art 15.5 cybersec check | evidence-substrate | Audit chain + VerifiableCheckResult |
| CC7.2 Monitors system components for anomalies | Cross-walk to NIST AI RMF MANAGE-4.1; reputation drift; v0.5 incident-reporting collection | evidence-substrate | Hash-chained audit + ReputationScoreCredential + IncidentReportCredential |
| CC7.3 Evaluates security events; initiates response | v0.5 incident-reporting collection (Art 73 cross-walk); revocation as kill-switch | evidence-substrate | IncidentReportCredential + revocation VC + audit chain |
| CC7.4 Executes defined incident-response programme | Same surface as CC7.3 + cross-walk to ISO 42001 A.8.4 | evidence-substrate | IncidentReportCredential + audit chain |
| CC7.5 Recovers from identified incidents | v0.5 recovery_event; re-issued credentials post-recovery signed + chain-hashed | evidence-substrate | Audit chain + re-issued credential VCs |
| CC8.1 Change management (authorise + design + develop + configure + document + test + approve + implement) | record_action(entry_type="change_request", before, after, approver_did); model-lineage changes; profile audit chain | evidence-substrate (strong: change-management evidence is exactly what chain-hashed event logs are for) | Audit chain + provenance entries |
| CC9.1 Risk-mitigation activities for potential business disruptions | Same surface as CC3.2 + CC7.5 | evidence-substrate | ProviderAssertionCredential + audit chain |
| CC9.2 Vendor + business-partner risk (includes 2022 AI/ML points of focus) | Cross-walk to NIST AI RMF MAP-3.4 + OWASP ASI04; third-party AgentIdentityCredential acceptance | evidence-substrate | AgentIdentityCredential + UCAN delegation + audit chain |
| PI1.1 Processing objectives + data definitions + product/service specs | intended_purpose + system_specifications (v0.5); signed agent card with data-schema declarations | evidence-substrate | AgentIdentityCredential + ProviderAssertionCredential |
| PI1.2 Input completeness + accuracy controls | v0.5 Art 15 accuracy/robustness check evidence; input_validation events | evidence-substrate | Audit chain + VerifiableCheckResult |
| PI1.3 System-processing controls | Every state change signed + chain-hashed; processing integrity is forensic by construction; verify_chain tamper-evidence | evidence-substrate (strongest PI row) | Audit chain + verify_chain result |
| PI1.4 Output completeness + accuracy + timeliness | output_delivered events + bundle-export integrity | evidence-substrate | Audit chain + bundle manifest |
| PI1.5 Storage of inputs + items in processing + outputs | Storage chain-hashed by construction; bundle export = portable storage receipt | evidence-substrate | Audit chain + bundle |
| A1.1-A1.3 Capacity + system backup + environmental monitoring | None directly; platform-operations (AWS/GCP/Azure/on-prem) | record-only | ProviderAssertionCredential |
| C1.1-C1.2, P1.1 Confidentiality + privacy notice + retention | Cross-walk to GDPR Art 17 (already in v0.3.0); privacy notice as ProviderAssertionCredential | partial | ProviderAssertionCredential + audit chain |
Tally (across all 64 criteria)
- evidence-substrate (Attestix produces signed evidence your auditor can examine): 27
- record-only (Attestix signs your operator's assertions): 18
- out-of-scope (organisational + cultural CC1 + physical CC6.4-CC6.5 + most of Privacy P1-P8 territory): 19
Concentrated where it matters most for SOC 2: Security CC6 (logical access via UCAN + DID), CC7 (system operations via chain-hashed events), CC8 (change management via provenance) and Processing Integrity PI1 (the entire category).
Important caveat:
security_check_idships in v0.5.0. As of Attestix v0.4.0 the underlying events are emitted today, but they are NOT yet tagged with thesoc2.*discriminator. The v0.5.0 release registers the prefix inFRAMEWORK_REGISTRY; per-criterion emission tagging is incremental.
What we don't do
- We do not issue SOC 2 reports. The CPA firm performing your examination is the only entity that issues SOC 2 reports.
- We do not author your policies. Policy authorship lives in your DMS, with Vanta / Drata / Secureframe templates, or with internal counsel.
- We do not shepherd your SOC 2 readiness end-to-end. That is what compliance platforms (Vanta, Drata, Secureframe, Strike Graph, AuditBoard) do: auditor coordination, employee training, evidence collection workflows, continuous monitoring dashboards. They sit above the evidence layer; we sit below. The two stack.
- We do not do physical security (CC6.4-CC6.5). Your data-centre operator's SOC 2 carve-out covers that.
- We are not your IAM enforcement layer. We record who attempted what; your Okta / Auth0 / Entra IAM enforces access policies.
- We are not your SIEM. We produce signed forensic evidence; your Splunk / Datadog / Honeycomb ingests + dashboards.
How to verify our coverage yourself
Python / CLI
# List every audit event tagged with a SOC 2 criterion (v0.5.0+)
attestix audit list --security-check soc2.security.CC6_3.access_granted
# Export a bundle scoped to SOC 2 evidence for your auditor (v0.5.0+)
attestix bundle export --controls soc2 --out my-soc2-evidence.atxbundle
# Verify chain integrity for an agent's audit log (today)
attestix verify-chain <agent-did>JavaScript / browser
npm install attestiximport { verifyCredential } from "attestix";
const result = await verifyCredential(securityCheckCredentialJson);
// result.valid === true if the Ed25519 signature over the JCS-canonical body
// matches the issuer DID's public key.On-chain anchor (Base L2 Sepolia testnet)
attestix anchor audit-batch --agent <did> --network base-sepoliaMainnet schema registration is planned; testnet is the default target today.
Comparable disclosure
How other tools position themselves on SOC 2.
| Tool | Stated SOC 2 position | Where to read more |
|---|---|---|
| Microsoft Agent Governance Toolkit | Publishes docs/compliance/soc2-mapping.md; CloudEvents-to-Azure-Monitor as evidence path | github.com/microsoft/agent-governance-toolkit |
| Vanta | End-to-end SOC 2 readiness platform: auditor coordination + policy templates + employee training + continuous monitoring + evidence collection. Slots above Attestix as the GRC layer | vanta.com |
| Drata | Same posture as Vanta | drata.com |
| Secureframe | Same posture as Vanta + Drata | secureframe.com |
| Strike Graph | Same posture; mid-market focused | strikegraph.com |
| AuditBoard | Enterprise GRC including SOC 2 module; same posture | auditboard.com |
| CPA firms (Coalfire, Schellman, A-LIGN, Sensiba, etc.) | The actual SOC 2 examination performers. Attestix is evidence input to their audit | AICPA SOC 2 firm directory |
See also
- OWASP Top 10 for Agentic Applications mapping
- ISO/IEC 42001:2023 mapping
- NIST AI RMF 1.0 mapping
- FRIA template (EU AI Act Art 27)
- The internal mapping spec at
attestix-cloud-plan/25-SOC2-MAPPING.md.
Attestix is evidence tooling a customer's auditor can use during the customer's own SOC 2 examination. Attestix does not issue SOC 2 attestations, is not a CPA firm, and a passing tag against a Trust Services Criterion is one signal among many in the audit, and the auditor's professional opinion is the authoritative output. Compliance platforms like Vanta, Drata, Secureframe, and Strike Graph shepherd the end-to-end SOC 2 readiness journey; we slot underneath them as the cryptographic evidence layer.
NIST AI RMF 1.0 Attestix coverage
How Attestix's signed audit chains, Verifiable Credentials, and provenance records map to the NIST AI Risk Management Framework 1.0 GOVERN-MAP-MEASURE-MANAGE functions. Honest per-subcategory coverage. Attestix is evidence tooling for AI RMF operationalisation, not an AI RMF conformance attestation.
FRIA template for EU AI Act Article 27
A structured, fillable, cryptographically-signable Fundamental Rights Impact Assessment template aligned to EU AI Act Article 27(2). 12 sections, deterministic completeness checks, ImpactAssessmentCredential VC wrapper, and an optional Base L2 Sepolia anchor.