Where we are on certifications
Honest about timing. We will not claim certifications we don't hold.
Reports are available under NDA on completion;
request an evidence package to receive a signed
copy. Source data:
packages/trust-portal/src/data/attestations.json
(last updated 2026-04-29).
Audit initiated; report available under NDA on completion.
Follows successful Type I closure.
Industry-first if achieved at this timeline.
Self-mapped framework coverage
Distinct from external attestations: fastpace ships a validated mapping doc tying every primitive to controls in NIST AI RMF, ISO/IEC 42001, EU AI Act, SOC 2, ISO 27001, and GDPR. Each row points at the artifact that demonstrates the control.
How to read it
External attestations (above) certify the operating environment.
The mapping certifies what each fastpace install does.
fastpace aibom generate --release <tag> produces
the per-release attestation envelope (CycloneDX-AI flavor) that
goes into a regulated software supply chain alongside SBOMs.
fastpace gate check --format github drops straight
into a GitHub Actions workflow to block merges that lack provenance,
audit-chain integrity, or a fresh AI-BOM.
Need a security questionnaire answered?
We answer CAIQ, SIG Core, SIG Lite, VSA, and custom questionnaires under NDA. Turnaround under 5 business days. See all questionnaires or email security@fastpace.net.