Overview
The repository publishes a draft comment for the NIST National Cybersecurity Center of Excellence (NCCoE), mapping DAAP protocol capabilities to the NIST AI Risk Management Framework (AI RMF 1.0). The NCCoE comment period closed on April 2, 2026 and NIST lists the project as reviewing comments. Grantex does not currently publish a submission receipt or a NIST response, so this page must not be read as evidence of NIST acceptance, endorsement, or confirmed receipt.
Key Mappings
The comment maps DAAP capabilities to all four AI RMF functions:
Implementation Evidence
The comment includes evidence from the Grantex reference implementation:
- Authorization server: Fastify/PostgreSQL/Redis reference service deployed on Cloud Run, with CI-backed unit, integration, security, conformance, and end-to-end tests
- SDK coverage: TypeScript, Python, and Go; use each registry/module tag as the release source of truth
- Framework integrations: 11 production-ready integrations
- Conformance suite:
@grantex/conformance, with results tied to the tested package version and commit
Recommendations
- Adopt agent-specific identity standards (DIDs over API keys)
- Require action-level audit trails with tamper evidence
- Mandate real-time revocation with cascade semantics
- Define budget control requirements for financial agents
- Encourage external policy backend integration (OPA, Cedar, AuthZEN)
- Reference interoperability test suites in standards
Full Document
The complete comment is available in the repository at docs/standards/nist-nccoe-comment.md.Last modified on July 11, 2026