Version History

OSSASAI v0.2.0 (January 2026)

Industry-Ready Release

This release addresses critical gaps identified during the industry-readiness review, adding missing controls, fixing tooling bugs, and improving documentation completeness.

New Controls

General Domain (GEN) - 5 new controls:

  • OSSASAI-GEN-01: Security by Default
  • OSSASAI-GEN-02: Fail Secure
  • OSSASAI-GEN-03: Principle of Least Privilege
  • OSSASAI-GEN-04: Defense in Depth
  • OSSASAI-GEN-05: Audit Logging

Supply Chain Domain (SC) - 1 new control:

  • OSSASAI-SC-03: Artifact Signing and Attestation

Control Catalog Updates

  • Total controls increased from 24 to 30
  • Updated control matrix with GEN domain
  • Added OSSASAI Top 10 mappings for new controls
  • Expanded evidence requirements table

Tooling Improvements

ossasai-audit.sh v2.0.0:

  • Implemented verification for all 30 controls (previously only 4)
  • Added cross-platform support (macOS/Linux)
  • Removed “assumed pass” behavior - all controls actively verified
  • Added GEN, SC-03, and remaining control checks
  • Improved error handling and reporting
  • Added WARN and SKIP status support

ossasai-report.py v2.0.0:

  • Fixed logic error in compliance status (line 48)
  • Added XML escaping for JUnit output (security fix)
  • Added YAML escaping for special characters
  • Added optional PDF report generation
  • Improved error handling and validation

ossasai-github-action.yml v2.0.0:

  • Removed dummy JSON creation on failure (security fix)
  • Set fail-on-error: true for proper CI integration
  • Added proper audit script validation
  • Improved PR commenting with update support
  • Better error messaging and failure enforcement

Profile Endpoint System

  • Created /profiles/registry.md - Central profile registry with API endpoints
  • Added webhook notification system for framework changes
  • Added compatibility tracking between OSSASAI and profile versions
  • Created /appendices/schemas/profile.schema.json - Profile validation schema
  • Defined profile lifecycle management (official, verified, community, deprecated)
  • Added API reference for profile registration and change notifications

Documentation Updates

  • Created /profiles/ directory with overview and OpenClaw profile
  • Added /appendices/schemas/evidence-manifest.schema.json
  • Added /appendices/schemas/profile.schema.json
  • Fixed cross-platform issues in hardening checklist
  • Fixed curl bash antipattern in CI/CD documentation
  • Updated control overview with GEN domain
  • Expanded L1/L2/L3 control lists
  • Updated OCSAS profile with registry configuration

Breaking Changes

  • Audit script now returns FAIL for unverified controls (previously PASS)
  • Control count increased - update compliance targets accordingly
  • GitHub Action now fails builds on compliance failures by default

OSSASAI v0.1.0 (January 2026)

Initial Public Release

This is the initial public release of the Open Security Standard for Agentic Systems (OSSASAI).

Framework Structure

  • Established three assurance levels: L1 (Local-First Baseline), L2 (Network-Aware), L3 (High-Risk Runtime)
  • Defined four canonical trust boundaries (B1-B4)
  • Created 24 security controls with verification procedures using RFC 2119 language

Threat Model

  • Defined OSSASAI Top 10 failure modes for agentic systems
  • Established five adversary classes (A1-A5)
  • Created trust boundary model (B1: Inbound Identity, B2: Control Plane, B3: Tool Boundary, B4: Local State)

Control Domains

  • CP (Control Plane): 4 controls
  • ID (Identity/Session): 3 controls
  • TB (Tool Blast Radius): 4 controls
  • LS (Local State): 4 controls
  • SC (Supply Chain): 2 controls
  • FV (Formal Verification): 3 controls (optional)
  • NS (Network Security): 4 controls

Profile Mechanism

  • Introduced profile mechanism for ecosystem-specific mappings
  • Published OCSAS (OpenClaw Security Assurance Standard) as the first implementation profile

Documentation

  • Complete specification using RFC 2119 language (MUST/SHOULD/MAY)
  • Implementation guides for all assurance levels
  • Verification procedures for each control
  • Standards mapping to OWASP ASVS, NIST, CIS, SLSA

Tooling

  • ossasai-audit.sh - Automated compliance verification
  • ossasai-report.py - Compliance report generator
  • GitHub Actions workflow template

OCSAS (OpenClaw Profile) v0.1.0 (January 2026)

Initial Profile Release

First release of the OpenClaw-specific implementation profile for OSSASAI.

  • Maps OSSASAI controls to OpenClaw configuration and CLI tooling
  • Provides conformance recipes for L1/L2/L3 deployments
  • Integrates with openclaw security audit for automated verification
  • Documents evidence collection via OpenClaw CLI

Planned Changes

OSSASAI v0.2.0 (Planned)

  • Additional controls for multi-agent systems
  • Enhanced MCP server security guidance
  • Memory poisoning detection controls
  • Expanded retrieval/RAG security guidance

OSSASAI v1.0.0 (Future)

  • Stable control catalog
  • Expanded formal verification requirements
  • Hardware security module integration guide
  • Multi-tenant deployment patterns

Migration Guide

From Earlier Drafts

If migrating from earlier draft versions:

  1. Control IDs have been prefixed with OSSASAI- (e.g., CP-01OSSASAI-CP-01)
  2. Some controls have been reorganized to align with trust boundaries
  3. Evidence requirements have been standardized across all controls

Contributing

OSSASAI is an open community standard. Changes are proposed via:

  1. Issues: Report gaps, errors, or suggest improvements
  2. Pull Requests: Propose specific changes with rationale
  3. Discussions: Broader architectural discussions

All changes undergo community review before inclusion in the specification.

Back to top

OSSASAI v0.2.0 - Open Security Standard for Agentic Systems. Apache 2.0 License.

This site uses Just the Docs, a documentation theme for Jekyll.