ACAI maps every API request to NIST 800-53 Rev. 5 security controls. Access is authenticated, data is classified, PII is detected, and every action is logged to a tamper-proof audit trail with evidence generation for federal compliance.
Built for federal agencies, government contractors, and organizations following NIST frameworks.
Every API request generates evidence mapped to these controls automatically.
Per-user API key authentication. Key lifecycle management (create, rotate, revoke). Dashboard RBAC via Entra External ID.
Every request logged: user ID, model, timestamp, classification, PII findings, content safety scores, latency. Dual PG+Blob sinks.
Dashboard audit trail with filtering by classification, model, date range. Compliance reports aggregate audit data into control-mapped evidence.
TLS 1.2+ enforced on all endpoints. No plaintext API keys. Azure Key Vault for secret storage.
Content safety scoring, prompt injection detection, PII scanning on every request. Anomalies logged with severity levels.
API audit data automatically mapped to NIST 800-53 controls. No manual crosswalk required.
Every request generates evidence for AU-2, SI-4, and SC-8. Real-time event logging with correlation IDs.
One-click NIST 800-53 evidence report covering access control, audit, system integrity, and data protection controls.
One API key. One BAA. NIST 800-53 evidence your auditor will accept.