The Compliance Management tab provides a centralized workspace to manage compliance across multiple AI governance frameworks. This feature is accessible through the new Compliance menu, under Compliance Tracking.
It enables organizations to track controls, upload and review evidence, and demonstrate policy and regulatory alignment across standards such as NIST AI RMF, EU AI Act, ISO/IEC 42001, and more.
This capability helps teams reduce duplication of effort, improve audit readiness, and maintain consistent oversight of AI compliance obligations.
Purpose
Compliance Management allows you to operationalize your selected compliance frameworks by translating them into actionable controls with defined evidence requirements.
Once your organization aligns to one or more frameworks, you will see a structured list of controls where you can:
Review control descriptions and expectations
Upload and manage supporting evidence
Track fulfillment status across frameworks
Reuse evidence where controls overlap
All compliance activity is managed from the Compliance Tracking tab, providing a single view of your organization’s AI compliance posture.
How It Works
Each compliance framework (for example, NIST AI RMF) is broken down into individual controls with clear evidence requirements.
Example control:
Framework: NIST AI RMF
Control ID: E-GOV-08
Control Name: Cybersecurity & Data Protection Policies
Evidence Requirement:
Documented evidence of appropriately scoped cybersecurity and data protection policies. Policies are high-level statements of management intent from executive leadership, designed to guide organizational decision-making and achieve desired outcomes. These policies are enforced through standards and implemented via procedures that define actionable and accountable requirements.
For each control, users can review the requirements and indicate whether appropriate evidence has been provided.
Standardized Control Mapping (SCF)
All controls are mapped using the Secure Controls Framework (SCF) to standardize evidence collection and reduce duplication across frameworks.
This means that satisfying a control in one framework may also satisfy related controls in others.
For example:
If NIST AI RMF – E-GOV-08 is fulfilled,
The same evidence may also apply to relevant controls in ISO/IEC 42001, EU AI Act, or other supported frameworks.
By leveraging SCF mappings, RexCommand enables:
Cross-framework evidence reuse
Consistent interpretation of control requirements
Reduced compliance overhead
Learn more about SCF at: https://securecontrolsframework.com/
Evidence Collection - Manual Upload (Current)
Evidence collection is currently managed through manual uploads within the Compliance Tracking tab.
When a document is attached to a control:
It is linked directly to that compliance requirement
It can be reviewed and tracked as proof of fulfillment
It becomes available for reuse across other SCF-mapped controls and frameworks
This ensures a centralized, auditable source of truth for compliance evidence across your organization.
Future Enhancements
Automated evidence collection is planned as a future enhancement. This will enable:
Continuous evidence ingestion from connected systems
Reduced manual effort for compliance teams
Near real-time compliance visibility across frameworks
Notes
The Compliance Management feature is accessed via Compliance → Compliance Tracking.
Evidence can be reviewed and tracked across all configured frameworks in one place.
SCF mapping minimizes duplicate uploads and simplifies audits.
Compliance status reflects evidence coverage, not legal certification.
Automated evidence collection is not yet available but is part of the product roadmap.