The first runnable AIGF v2.0 reference. 23 of 23 risks mapped.
Every AIGF v2.0 risk has a mapped mitigation in code, every mitigation has at least one passing eval case, every audit row carries the framework reference an external auditor needs to verify coverage.
23 of 23 risks. CI-gated at 85%.
Every AIGF risk has a mapped mitigation in code, at least one passing eval case, and at least one seeded audit row carrying the framework_ref.
AIGF v2.0 coverage
23 / 23 risks mapped
- Operational (AIR-OP)8
- Security (AIR-SEC)5
- Detection (AIR-DET)4
- Resilience / Recovery3
- Cross-cutting (AIR-RC)3
The evidence pack is one command.
Mapping, coverage, evidence pack, cross-framework matrix, chain verification — generated against the live audit table in under ten minutes for a 30-day window.
# AIGF mapping in Markdown
bondfoundry-finos mapping --format markdown
# Coverage check (CI-gated at 0.85)
bondfoundry-finos coverage --threshold 0.85
# 30-day evidence pack for the auditor
bondfoundry-finos evidence-pack --period 30d
# Cross-framework alignment
bondfoundry-finos cross-framework --target nist-ai-rmf
# Walk the audit chain end-to-end
bondfoundry-finos verify-chainOne mitigation. Five regulatory regimes.
Each AIGF mitigation carries explicit cross-references. The same code satisfies SR 11-7 in London, EU AI Act in Frankfurt, and MAS in Singapore.
| AIGF | Control | NIST AI RMF | EU AI Act | SR 11-7 | ISO 42001 |
|---|---|---|---|---|---|
| AIR-OP-6 | Tier routing | MANAGE-1.3, GOVERN-3.1 | Art. 9 risk mgmt | Model use | A.7.4 |
| AIR-OP-4 | SoD enforcement | GOVERN-2.1 | Art. 14 oversight | Validation | A.6.4 |
| AIR-SEC-24 | HMAC approval envelope | AC-3(2), SC-12 | Art. 10 data gov | Process | A.8.5 |
| AIR-DET-21 | Tier-3 audit chain | AU-9, AU-12 | Art. 12 logging | Audit trail | A.8.15 |
| AIR-OP-14 | CI coverage gate | MEASURE-2.1 | Art. 17 QMS | Validation | A.8.2 |
Reading on the FINOS reference.
Why Fixed-Income Desks Need FINOS AI Governance Now
The cross-framework alignment of FINOS AIGF v2.0 with NIST AI RMF, EU AI Act, ISO 42001, and SR 11-7 — and why ad-hoc AI policies will not survive a 2026 audit.
How to Build an AI Agent Your Auditor Will Actually Approve
Hash-chained audit logs, framework_ref schemas, pure-function policy gates — and the three things a real auditor checks first.
What reviewers and risk officers ask
What is the AIGF v2.0 coverage status?
23 of 23 risks have mapped mitigations in code; each mitigation has at least one passing eval case. CI fails any PR that drops coverage below 85% or leaves any risk with zero passing cases.
How does BondFoundry relate to finos/air-accelerator?
air-accelerator is the slot for a runnable AIGF reference implementation. BondFoundry is filling that slot for fixed-income; the same control plane forks to other domains.
Which adjacent frameworks are cross-referenced?
NIST AI RMF, NIST 800-53r5, EU AI Act, ISO 42001, SR 11-7, FFIEC, OWASP LLM Top-10 2025, and MAS. Each AIGF mitigation in BondFoundry carries the corresponding refs.
What does the auditor evidence pack contain?
Run `bondfoundry-finos evidence-pack --period 30d`. The output is a directory of: AIGF coverage matrix, per-risk passing eval cases, audit-chain verification report, materiality ledger summary, and a list of every framework_ref written in the window with row counts.