--- id: agent-brief/standard-caring artifact_id: standard/caring source_path: standards/caring/InfoTechCanonCaringAccessGovernanceStandard.md source_kind: standard generated: true --- # Agent Brief: InfoTechCanon CARING Access Governance Standard - Artifact ID: `standard/caring` - Kind: `standard` - Canonical path: `standards/caring/InfoTechCanonCaringAccessGovernanceStandard.md` - Full source: `standards/caring/InfoTechCanonCaringAccessGovernanceStandard.md` - Summary: Cross-cutting canon standard: InfoTechCanon CARING Access Governance Standard. ## Retrieval Hints Imports and anchors: - `kernel/itc-core` - `model/access-control` - `model/data` - `model/devsecops` - `model/governance` - `model/network` - `model/observability` - `model/organization` - `model/security` - `model/task` - `standard/tagging` ## Owned Concepts - `CARINGAccessDescriptor` - `CARINGAnalysisFitnessTest` - `CARINGAnalysisProcedure` - `CARINGCanonicalRole` - `CARINGCapabilityProfile` - `CARINGDeclaredAccessMap` - `CARINGDerivedCapability` - `CARINGEffectiveAccessMap` - `CARINGExposureEvent` - `CARINGExposureMode` - `CARINGInducedAccess` - `CARINGOrganizationRelation` - `CARINGPlane` - `CARINGRedesignProcedure` - `CARINGRestrictionPrecedence` - `InfoTechCanon CARING Access Governance Standard` ## Related Distinctions - **Actor vs Subject vs Principal**: Use actor for the acting entity in a context, subject for the entity a policy evaluates, and principal for the authenticated identity bound to access decisions. - **Organization Role vs AccessRole vs CARING role**: Organization roles describe responsibility or position; access roles describe permissions; CARING roles classify access-governance needs and analysis.