GTSAF

Deep AI assurance controls for systems, GenAI and agents.

The Gamut Trust, Security and Assurance Framework is Gamut's native control baseline for teams that need structured evidence across AI governance, security, data, model, runtime, agentic and assurance domains.

Discuss GTSAF assurance

What GTSAF covers

GTSAF contains 358 controls across 17 domains. It is designed to help teams move from high-level AI governance intent into operating control evidence that reviewers can inspect.

Governance and intake

Strategy, accountability, use-case intake, approval, risk tiering, legal context and contractual obligations.

Data and model controls

Data governance, lineage, privacy engineering, acquisition, annotation, validation, robustness and model development evidence.

Runtime and agentic security

Prompt, retrieval, inference, API, identity, non-human identity, tool use and autonomous action governance.

Supply chain

Third-party model, software, SaaS AI and vendor assurance controls linked to buyer and audit expectations.

Operations and resilience

Monitoring, detection, incident readiness, continuity, recovery and AI security operations evidence.

Evidence and infrastructure

Auditability, assurance workpapers, platform security, environment hardening and infrastructure controls.

How Gamut operationalizes GTSAF

Control scoring

Score applicable controls, capture domain notes, record evidence quality and track gaps through remediation.

Evidence requests

Turn control expectations into evidence requests with owners, review status, findings and supporting artefacts.

Cross-framework traceability

Use GTSAF as the deep baseline while surfacing implications for NIST AI RMF, EU AI Act readiness, ISO routes, ATF and ACRS.

Board-ready reporting

Translate control depth into summaries for risk, security, audit, leadership, buyers and assurance reviewers.

Useful outputs