Trustworthy AI architecture, verified.
acipta is on track for listing on the Cloud Security Alliance STAR Registry for AI as an Orchestrated Service Provider — the category for platforms that integrate and govern AI models in enterprise environments. Our architecture maps to AICM v1.0.3 controls across 18 security domains.
Deterministic Precision. Experiential Intuition. Autonomous Agents.
STAR is the largest public registry of security and trust for cloud and AI providers.
Level 1 listing is a self-assessment against the Cloud Security Alliance's AI Controls Matrix — a vendor-neutral framework for trustworthy AI systems aligned to ISO/IEC 42001, NIST AI RMF, BSI AIC4, and the EU AI Act.
AICM security domains mapped to acipta architecture.
control objectives surveyed across the OSP role.
aligned frameworks: ISO 42001 · NIST AI RMF · BSI AIC4 · EU AI Act · ISO 27001.
role classification · Orchestrated Service Provider.
CSA defines five provider roles in the AI stack. acipta is squarely OSP.
The OSP layer is the platform between an enterprise's AI workloads and the regulators, auditors, and boards that need to inspect them.
Model orchestration
Three frontier models — GPT-4o, Gemini, Claude — voting at a 0.85 confidence floor. Sub-floor cases route to human reviewers, not another model pass.
Governance & control catalog
One canonical NIST 800-53 control catalog projecting to 21+ framework attestations — SOC 2, HIPAA, GDPR, EU AI Act, DORA, NIS2 — from a single evidence chain.
Tamper-evident evidence
Every verdict cryptographically signed at write time with hybrid Ed25519 + ML-DSA-65 post-quantum signatures. Byte-identically replayable five years out.
The 18 AICM domains.
Our submission maps the acipta architecture to each AICM domain. The full self-assessment publishes on the CSA STAR Registry once listed.
Audit & Assurance
Application & Interface Security
Business Continuity & Resilience
Change Control & Configuration
Cryptography, Encryption & Keys
Datacenter Security
Data Security & Privacy Lifecycle
Governance, Risk & Compliance
Human Resources Security
Identity & Access Management
Interoperability & Portability
Infrastructure Security
Logging & Monitoring
Model Security
Incident Mgmt & E-Discovery
Supply Chain & Transparency
Threat & Vulnerability Management
Universal Endpoint Management
STAR for AI is one of several third-party signals.
We publish multiple third-party credentials so customers, auditors, and regulators don't have to take our word for anything.
STAR for AI Level 1
Self-assessment against AICM v1.0.3. Public, free, demonstrates architectural intent and coverage today.
SOC 2 Type 2 + HIPAA
Third-party audit attestation for security and healthcare data handling. Published alongside STAR listing at our August 2026 GA.
STAR for AI Level 2
Third-party certification against AICM controls. On our roadmap, bundled with HITRUST and ISO/IEC 42001 attestation work.
One control catalog · N framework attestations.
AICM's value is that one set of controls projects cleanly to the standards our customers and their regulators already use.
AI Management Systems
AI Risk Management Framework
AI Act + GPAI obligations
German AI cloud catalog
Information Security Management
Trust Services Criteria
Security & Privacy Rules
Records of Processing
Architecture behind the listing.
The architecture behind the STAR Registry listing — cryptographically signed verdicts, three-model consensus, and a canonical control catalog that projects across frameworks — is documented in our Platform page.