The Per-Layer Control Specifications document consolidates the compensating controls implemented at each of the eight architectural layers described above. For each layer, the specification records the controls implemented, the intent drift risk each control addresses, the outcome drift risk each control addresses, the configuration parameters and thresholds, and the monitoring and alerting mechanisms.

This artefact serves as both a design document and a compliance checklist. During the conformity assessment, the assessor can verify that each layer has the controls documented in the specification and that the controls are configured as described. During production operation, the specification serves as the reference against which the monitoring layer checks the system’s behaviour.

The specification must be version-controlled and updated whenever a control is added, modified, or removed. Changes to control specifications should be assessed for their impact on the system’s overall compliance posture and may trigger a substantial modification assessment. The Per-Layer Control Specifications feed into both Module 3 and Module 6 of the AISDP.

Key outputs

• Control specification per architectural layer
• Mapping of controls to intent drift and outcome drift risks
• Configuration parameters and monitoring thresholds
• Module 3 and Module 6 AISDP evidence