武士道BUSHIDŌ · THE CODE

Nine frameworks.
One evidence bundle.

Every DojoLM finding is pre-mapped to the controls that matter — ISO 42001, NIST AI RMF, the EU AI Act, SOC 2, GDPR, HIPAA, PCI-DSS, FedRAMP, and CMMC. Scan once. Attest everywhere.

9frameworks1,454controls544findings mapped

Open the matrix Inspect a crosswalk

frameworks mapped

律

1,454

control references

条

544

findings pre-mapped

鑑

< 90s

evidence bundle export

印

律FRAMEWORK MATRIX

The code you answer to.

Select any framework to see coverage, clause hit-list, and how DojoLM evidence rolls up. Pre-audit your posture without opening a spreadsheet.

●Full mapGlobal2023

ISO 42001

AI Management System

AI management system standard. Risk, lifecycle, and governance controls for AI-embedded organisations.

Standard: ISO/IEC 42001:2023
Modules: Bushido Hattori Sengoku

94%

coverage

clauses

182

controls

◆ KEY CLAUSES

01Clause 6.1 — AI risk assessment
02Clause 7.4 — AI system impact
03Annex A — 38 control objectives

View crosswalk →Export evidence →

渡ONE FINDING · NINE CODES

Cross-walk, automatically.

A single detection landing in Haiku Scanner produces nine control references at once. The crosswalk is versioned, reviewed, and PR-open — extend it for your own frameworks.

Finding

ISO 42001

NIST AI RMF

EU AI Act

SOC 2

GDPR

HIPAA

PCI-DSS v4

FedRAMP

CMMC 2.0

CRIT

hku.in.ignore-prev

Direct instruction hijack

A.8.24

MEASURE 2.7

Art. 15(4)

CC7.2

Art. 32

§164.312(b)

Req. 10.2

SI-4(4)

SI.L2-3.14.6

CRIT

hku.ex.sys

System-prompt exfiltration

A.5.34

GOVERN 1.4

Art. 15(5)

CC6.8

Art. 5(1)(f)

§164.308(a)(1)

Req. 7.2

AC-3

AC.L2-3.1.1

CRIT

hku.ex.keys

Secret-key exfiltration

A.8.12

MANAGE 2.3

Art. 15(5)

CC6.1

Art. 32(1)(a)

§164.312(a)(2)

Req. 3.5

SC-28

SC.L2-3.13.11

HIGH

hku.un.homoglyph

Homoglyph bypass

A.8.26

MEASURE 2.11

Art. 15(4)

CC7.2

—

§164.312(c)

Req. 6.2

SI-10

SI.L2-3.14.1

HIGH

hku.tl.shell

Tool-use command exec

A.8.25

MANAGE 3.2

Art. 15(5)

CC6.6

Art. 32(1)(b)

§164.312(e)(1)

Req. 6.5

SI-7

SI.L2-3.14.2

条PER-CONTROL COVERAGE

ISO 42001 · 38 clauses, 182 controls

Clause 6.1 — AI risk assessment89%

Clause 7.4 — AI system impact91%

Annex A — 38 control objectives93%

Switch framework in the matrix above to see its control breakdown.

覆COVERAGE GRID

Per-framework module spread

国

ISO 42001

米

NIST AI RMF

欧

EU AI Act

米

SOC 2

欧

GDPR

米

HIPAA

測PER-FRAMEWORK GAUGES

Coverage at a glance

ISO 42001

NIST AI RMF

EU AI Act

SOC 2

GDPR

HIPAA

PCI-DSS v4

FedRAMP

CMMC 2.0

布DISTRIBUTION

Coverage by framework

ISO 42001 · Global94%

NIST AI RMF · US91%

EU AI Act · EU89%

SOC 2 · US86%

GDPR · EU82%

HIPAA · US74%

PCI-DSS v4 · Global71%

FedRAMP · US Fed68%

CMMC 2.0 · US DoD64%

律COMPLIANCE · GALLERY

Custom frameworks in action

Captures of YAML crosswalks, custom framework cards, and the coverage grid picking up new entries.

screenshot pending
01 · YAML crosswalk
screenshot pending
02 · Custom framework card
screenshot pending
03 · Coverage grid update

印EVIDENCE BUNDLER

Audit, one command.

Sign every scan with a cryptographic manifest. Bundle run logs, fixtures fired, and control mappings into a single signed archive your auditor can verify without opening DojoLM.

印Signed evidence bundles — SHA-256 manifest, detached signature
版Versioned crosswalks — diff between releases per framework
略Control-gap heatmap — find what’s not yet covered, fast (preview)
連POA&M export — FedRAMP-shaped, ready to paste into Atlassian (preview)

# ───── bundle evidence ─────
$ dojo bushido bundle \
    --framework iso42001,euai,soc2 \
    --run last --sign

▸ collecting 544 findings…
▸ mapping  iso42001     (94%)
▸ mapping  euai         (89%)
▸ mapping  soc2         (86%)
▸ writing  manifest.json
▸ signing  minisign → .sig

  bundle       dojo-2026-04-24.tar.gz
  size         12.4 MB
  checksum     9f1c…e2a7
  clauses hit  215 / 215

道THE CODE

Map once.
Attest everywhere.

Download DojoLM Talk to the team

Audit, one command.

Sign every scan with a cryptographic manifest. Bundle run logs, fixtures fired, and control mappings into a single signed archive your auditor can verify without opening DojoLM.

印Signed evidence bundles — SHA-256 manifest, detached signature

版Versioned crosswalks — diff between releases per framework

略Control-gap heatmap — find what’s not yet covered, fast (preview)

連POA&M export — FedRAMP-shaped, ready to paste into Atlassian (preview)

# ───── bundle evidence ───── $ dojo bushido bundle \ --framework iso42001,euai,soc2 \ --run last --sign ▸ collecting 544 findings… ▸ mapping iso42001 (94%) ▸ mapping euai (89%) ▸ mapping soc2 (86%) ▸ writing manifest.json ▸ signing minisign → .sig bundle dojo-2026-04-24.tar.gz size 12.4 MB checksum 9f1c…e2a7 clauses hit 215 / 215

Nine frameworks.One evidence bundle.

The code you answer to.

ISO 42001

Cross-walk, automatically.

Audit, one command.

Map once.Attest everywhere.

Nine frameworks.One evidence bundle.

The code you answer to.

ISO 42001

Cross-walk, automatically.

Audit, one command.

Map once.Attest everywhere.

Nine frameworks.
One evidence bundle.

Map once.
Attest everywhere.

Nine frameworks.
One evidence bundle.

Map once.
Attest everywhere.