MG-AI-3.4: AI system incidents are logged + auditable

AI system incidents are logged + auditable sits in the manage surface, and NIST AI 600-1 rates it high. Tamper-evident log of incidents, anomalies + responses. For teams shipping LLM and agentic features, a control like this is only as good as the evidence that it was actually tested - an unverified control is a finding waiting for an auditor.

Penaxtra turns this NIST AI 600-1 obligation into testable, recurring evidence: scheduled scans and posture checks produce findings tied to MG-AI-3.4, and the append-only audit log records what was tested and when, which is exactly what an assessor asks for. Every relevant finding is created with the NIST AI 600-1 MG-AI-3.4 identifier already attached, so it lands in the audit-evidence pack mapped to the control rather than as a screenshot someone has to translate later. Where the same weakness touches another framework, the cross-framework overlap means one finding satisfies several control cells at once.

Findings for MG-AI-3.4 carry the NIST AI 600-1 MG-AI-3.4 identifier and cross-map to the related controls in the other five frameworks Penaxtra covers.