Industry Vocabulary Reference

Government & Public Sector

Comprehensive enumeration library for the Government & Public Sector vertical. Covers every subdomain where agentic AI is actively deployed as of March 2026: FedRAMP cloud authorisation and NIST SP 800-53 Rev 5 control family compliance monitoring, OMB M-24-10 AI governance for federal agencies, FIPS 140-3 cryptographic module compliance, AI accountability use case classification for high-impact government AI, federal procurement and acquisition AI (FAR/DFARS), benefits eligibility and public services delivery, law enforcement and criminal justice AI governance, immigration adjudication, open government data and FOIA automation, and EU public sector AI governance (EU AI Act Annex III, GDPR Art 22, EU AI Act Art 14). Designed for use as OTel span attributes in an agentic AI SDK and as policy vocabulary in an OPA Rego GRC portal.

v2026.03.1621 enum categories2.2 schema9 subdomains29 standards

Back to industry coverage library

Download mirrored JSON Open vertical SDK quick start Get API access

How to use this reference

Start with the core file if you need the cross-industry governance baseline.
Then move into the vertical file to see the regulated workflow vocabulary, policy surfaces, and implementation pressure unique to this market.
Use the OTel attributes and policy paths here as the common language across SDK instrumentation, governance review, and evidence export.

March 2026 deployment context

As of March 2026, agentic AI in government and public sector is deployed across: automated benefits eligibility determination (Social Security, Medicaid, SNAP, unemployment insurance), AI-driven immigration document review and risk scoring (USCIS, CBP), predictive law enforcement tools (crime forecasting, recidivism risk scoring), AI-assisted procurement and contract vehicle management (GSA, DoD), automated FOIA request triage and redaction, AI-powered citizen services chatbots and case routing (VA, SSA, IRS), fraud detection and improper payment prevention (OMB paymentaccuracy.gov), federal cybersecurity threat detection (CISA CDM programme), AI-assisted legislative drafting and regulatory analysis, and open data portal AI (Data.gov, DOGE-related automation). OMB M-24-10 (March 2024) requires every federal agency to: designate a Chief AI Officer (CAIO), conduct annual inventories of all AI use cases, complete minimum risk practices for rights-impacting and safety-impacting AI by December 2024, and publish AI use case inventories. EO 14110 requires agencies with AI use in critical infrastructure or national security to conduct safety evaluations and report to OMB. The EU AI Act Annex III paras 5–7 explicitly classify AI used in public benefits administration, law enforcement, migration, and border control as high-risk.

Risk note: OMB M-24-10 Section 5 establishes minimum risk management practices for 'rights-impacting' and 'safety-impacting' AI — AI that meaningfully impacts the rights, opportunities, or access to critical resources of members of the public, or that could threaten the life or safety of individuals. These practices include: independent assessments before deployment, ongoing monitoring, testing for bias and disparate impact, providing human alternatives and timely human review, and public disclosure. Federal agencies that deploy such AI without completing these practices must pause or halt use. The EU AI Act Article 6(2) and Annex III para 5(a) make AI systems determining access to public benefits and services a high-risk category — applying from August 2, 2026 with a 12-month grace period for systems already in service. The Council of Europe AI Convention (CETS 225), which the US, EU member states, and other signatories opened for signature in September 2024, creates binding human rights obligations for AI across public and private sector applications.

Loading Model

Mirrored file: 09_vertical_government_public_sector.json
Kind: vertical

OTel Namespaces

government

Primary Standards

NIST SP 800-53 Rev 5 — Security and Privacy Controls for Information Systems and Organizations (2020)
NIST SP 800-53B — Control Baselines for Information Systems (2020)
NIST SP 800-37 Rev 2 — Risk Management Framework (RMF) for Information Systems (2018)
NIST SP 800-171 Rev 3 — Protecting CUI in Nonfederal Systems (2024)
NIST AI RMF 1.0 — AI Risk Management Framework (2023)
NIST AI 600-1 — Generative AI Profile (2024)
FedRAMP Rev 5 — Federal Risk and Authorization Management Program (GSA/OMB, 2023)
FedRAMP Authorization Playbook — Agency and JAB authorisation processes
FIPS 140-3 — Security Requirements for Cryptographic Modules (2019)
FIPS 199 — Standards for Security Categorization of Federal Information and Information Systems
FIPS 200 — Minimum Security Requirements for Federal Information and Information Systems
OMB M-24-10 — Advancing Governance, Innovation, and Risk Management for Agency Use of AI (March 2024)
OMB M-23-22 — Delivering a Digital-First Public Experience (September 2023)
OMB M-22-09 — Moving the US Government Toward Zero Trust Cybersecurity Principles
OMB M-21-31 — Improving the Federal Government's Investigative and Remediation Capabilities (log retention)
EO 14110 — Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (October 2023)
EO 14028 — Improving the Nation's Cybersecurity (May 2021)
CISA JCDC AI Cybersecurity Collaboration Playbook (2024)
FAR Part 12/39 — Federal Acquisition Regulation for IT and AI procurement
DFARS 252.204-7012 — Safeguarding Covered Defense Information
EU AI Act (2024/1689) Annex III para 5 — High-risk AI in public services and law enforcement
EU AI Act (2024/1689) Annex III para 6 — High-risk AI in law enforcement
EU AI Act (2024/1689) Annex III para 7 — High-risk AI in migration, asylum, border control
EU GDPR Article 22 — Automated individual decision-making including profiling
EU NIS2 Directive (2022/2555) — Essential and important entities in public administration
Council of Europe Framework Convention on AI (CETS 225) — Opened for signature September 2024
G7 Hiroshima AI Process — Guiding principles for advanced AI systems (2023)
OECD Principles on AI (2019, updated 2024)
UN General Assembly Resolution A/RES/78/311 — International AI Governance (March 2024)

Source URLs

Subdomains

Subdomain	Categories	Sample Attributes
FedRAMP & Cloud Security Authorisation	4	government.fedramp.authorization_status, government.fips.security_level, government.fisma.impact_level
NIST SP 800-53 Control Compliance Monitoring	3	government.nist_sp800_53.control_family, government.nist_sp800_53.control_assessment_status, government.continuous_monitoring.frequency
AI Accountability & Rights-Impacting Use Cases	3	government.ai_accountability.use_case, government.ai_accountability.min_risk_practice_status, government.ai_accountability.inventory_stage
Law Enforcement & Criminal Justice AI	2	government.law_enforcement.ai_tool_type, government.ai_accountability.bias_audit_outcome
Benefits Administration & Public Services	2	government.benefits.eligibility_decision_type, government.citizen_service.channel_type
Immigration & Border Management AI	1	government.immigration.ai_use_type
Federal Procurement & Acquisition AI	2	government.procurement.ai_acquisition_vehicle, government.procurement.ai_contract_risk_tier
FOIA, Records Management & Open Government	2	government.foia.processing_status, government.foia.exemption_category
Cybersecurity & Zero Trust (Federal)	2	government.zero_trust.maturity_level, government.cybersecurity.incident_severity_category

Implementation examples

FedRAMP & Cloud Security Authorisation: Fed RAMPAuthorization Status. OPA policy blocks any AI agentic workflow from routing federal data to a cloud-based AI service whose FedRAMP authorisation status is not 'authorized_agency', 'authorized_jab', or 'authorized_with_conditions'. 'Revoked' status triggers immediate data routing halt and CISO notification. (Fedramp Rev5: FedRAMP Rev 5 — Cloud services processing federal data at Low, Moderate, or High impact levels require FedRAMP authorisation)
FedRAMP & Cloud Security Authorisation: FIPSSecurity Level. AI agent security posture registry records the FIPS security level of all cryptographic modules used by the agent. OPA policy enforces that AI agents processing CUI must use Level 2 or above. AI agents in physically unprotected field deployments processing classified data require Level 4. (Fips 140 3: FIPS 140-3 — Cryptographic module validation; federal agencies must use validated modules for all cryptographic operations)
NIST SP 800-53 Control Compliance Monitoring: NISTSPControl Family. AI continuous monitoring agent generates automated evidence for each NIST SP 800-53 control it can assess. Evidence records are tagged with control family and specific control ID (e.g. AC-2, AU-6) for ingestion into eMASS or equivalent agency GRC platform.
NIST SP 800-53 Control Compliance Monitoring: Continuous Monitoring Frequency. FedRAMP ConMon requires monthly vulnerability scanning, annual penetration testing, and continuous log monitoring. AI compliance agents schedule and execute control assessments at the required frequency and generate evidence with timestamp and frequency classification for the FedRAMP PMO.

Illustrative policy patterns

block rights impacting ai without omb m2410 practices

Block any federal AI system classified as rights-impacting or safety-impacting from processing public data unless all required OMB M-24-10 Section 5 minimum risk practices have been completed. Implements the OMB M-24-10 Section 5(c) pause-or-halt obligation in automated enforcement.

Regulatory basis: OMB M-24-10 Section 5(b) and 5(c) — Minimum risk practices required for rights-impacting and safety-impacting AI; Section 5(c) — Failure to complete requires agency to pause or halt use

package government.ai_accountability

rights_impacting_use_cases := {
  "benefits_eligibility_determination",
  "law_enforcement_predictive_policing",
  "law_enforcement_facial_recognition",
  "parole_sentencing_risk_scoring",
  "immigration_adjudication",
  "immigration_border_risk_screening",
  "child_welfare_risk_scoring"
}

blocking_practice_statuses := {
  "not_started",

block autonomous adverse benefits determination

Block any AI benefits processing agent from autonomously issuing an adverse determination (denial, termination, fraud referral) without human caseworker review and documented notice to the claimant. Implements OMB M-24-10 human alternatives requirement and APA due process for AI-assisted agency decisions.

Regulatory basis: OMB M-24-10 Section 5(b)(ii) — Human alternative and timely human review required for rights-impacting AI; APA § 706 — Arbitrary and capricious standard; EU AI Act Annex III para 5(a) and Article 14; GDPR Article 22

package government.benefits

adverse_decisions := {
  "initial_eligibility_denied",
  "recertification_denied",
  "benefit_suspension",
  "benefit_termination",
  "overpayment_determination",
  "fraud_referral"
}

deny[msg] {
  input.government_benefits_eligibility_decision_type in adverse_decisions
  not input.human_caseworker_reviewed == true

From enum to evidence

The same vocabulary should carry from instrumentation through review. The OTel attribute names here become emitted metadata, those attributes become policy inputs, and those same labels should still be intelligible when a reviewer opens the decision record later.

import { VeriproofClient, VeriproofSdkOptions, SessionMetadata } from '@veriproof/sdk-core';
import { FedRAMPAuthorizationStatus, FedRAMPAuthorizationStatusMeta, FIPSSecurityLevel, FIPSSecurityLevelMeta, FISMAImpactLevel, FISMAImpactLevelMeta } from '@veriproof/sdk-core/verticals/government-public-sector';

const client = new VeriproofClient(
  VeriproofSdkOptions.createProduction({
    apiKey: process.env.VERIPROOF_API_KEY!,
    applicationId: 'government-public-sector-production',
  }),
);

const session = client
  .startSession('government-public-sector.review')
  .withSessionMetadata(SessionMetadata.forTransaction('txn-1001').withEnvironment('production'))
  .addStep('evaluate_workflow', { output: { status: 'completed' } })
  .withMetadata(FedRAMPAuthorizationStatusMeta.otelAttribute, FedRAMPAuthorizationStatus.in_process)
  .withMetadata(FIPSSecurityLevelMeta.otelAttribute, FIPSSecurityLevel.level_1)
  .withMetadata(FISMAImpactLevelMeta.otelAttribute, FISMAImpactLevel.low)

await session.complete();

SDK: emit the OTel attribute shown on this page during the decision workflow.
Policy: reference the matching `opa_policy_path` in governance rules.
Evidence: surface the same label and value in the portal and exported record so reviewers are not translating between systems.

For a step-by-step getting-started walkthrough specific to this vertical, open the Government & Public Sector SDK quick start. For the full core API reference, continue with TypeScript, Python, or .NET.

Ready to connect your first workflow?

Register a free Builder account for full SDK and REST API access, enter the live demo if you want to see the portal first, or request a coverage workshop if your team wants a guided review of this vertical before implementation starts.

Live demo →Get API access →Request coverage workshop →

Highlighted Enum Categories

Enum	OTel Attribute	Values
FedRAMPAuthorizationStatus FedRAMP Rev 5 authorisation status of a cloud service or AI system deployed in the federal environment. AI agents integrated into federal systems must verify FedRAMP authorisation status before consuming or producing data in FedRAMP-boundary systems. An AI agent itself may require FedRAMP authorisation if it processes federal data. Workflow area: FedRAMP & Cloud Security Authorisation	government.fedramp.authorization_status	in_process, fedramp_ready, authorized_agency, authorized_jab, authorized_with_conditions, revoked, not_applicable_on_premise
FIPSSecurityLevel FIPS 140-3 security level for a cryptographic module used by a government AI system. All cryptographic operations in federal systems — including AI model signing, API authentication, and data-at-rest encryption — must use FIPS 140-3 validated modules at the appropriate security level. Workflow area: FedRAMP & Cloud Security Authorisation	government.fips.security_level	level_1, level_2, level_3, level_4
FISMAImpactLevel FIPS 199 / FISMA security impact categorisation for a federal information system. Determines the NIST SP 800-53 control baseline applicable to an AI system. All AI systems processing federal information must be categorised at the system level before deployment. Workflow area: FedRAMP & Cloud Security Authorisation	government.fisma.impact_level	low, moderate, high
RMFLifecyclePhase NIST SP 800-37 Rev 2 Risk Management Framework lifecycle phase for a federal information system or AI system. AI systems must progress through all RMF phases before receiving an ATO and going into production with federal data. Workflow area: FedRAMP & Cloud Security Authorisation	government.rmf.lifecycle_phase	prepare, categorize, select, implement, assess, authorize, monitor
NISTSPControlFamily NIST SP 800-53 Rev 5 control family identifier. All 20 control families are represented. AI compliance agents tag automated evidence generation and control assessment actions with the applicable family for CSAM/eMASS integration and audit trail. Workflow area: NIST SP 800-53 Control Compliance Monitoring	government.nist_sp800_53.control_family	AC_access_control, AT_awareness_training, AU_audit_accountability, CA_assessment_authorisation_monitoring, CM_configuration_management, CP_contingency_planning, IA_identification_authentication, IR_incident_response
ControlAssessmentStatus NIST SP 800-53A Rev 5 control assessment outcome status. AI compliance agents report the assessment result for each tested control in the Security Assessment Report (SAR) and continuous monitoring programme. Workflow area: NIST SP 800-53 Control Compliance Monitoring	government.nist_sp800_53.control_assessment_status	satisfied, other_than_satisfied, not_applicable, not_assessed, assessment_in_progress, inherited_from_common_control_provider
ContinuousMonitoringFrequency NIST SP 800-137A / FedRAMP continuous monitoring assessment frequency classification. AI compliance agents schedule automated control assessments according to these frequencies as required by FedRAMP ConMon obligations. Workflow area: NIST SP 800-53 Control Compliance Monitoring	government.continuous_monitoring.frequency	continuously, daily, weekly, monthly, quarterly, semi_annually, annually, on_demand
AIAccountabilityUseCase OMB M-24-10 / EU AI Act Annex III high-impact government AI use case classification. Every federal AI system must be categorised against this taxonomy for the annual agency AI use case inventory and to determine which minimum risk practices apply. Use cases marked rights-impacting or safety-impacting require enhanced governance. Workflow area: AI Accountability & Rights-Impacting Use Cases	government.ai_accountability.use_case	benefits_eligibility_determination, law_enforcement_predictive_policing, law_enforcement_facial_recognition, child_welfare_risk_scoring, hiring_and_employment_screening, parole_sentencing_risk_scoring, immigration_adjudication, immigration_border_risk_screening
AIMinimumRiskPracticeStatus OMB M-24-10 Section 5 minimum risk practice completion status for a rights-impacting or safety-impacting AI use case. All required practices must reach 'completed' status before the AI system may be deployed in production for the relevant use case. Workflow area: AI Accountability & Rights-Impacting Use Cases	government.ai_accountability.min_risk_practice_status	not_started, in_progress, completed, completed_with_exceptions, waiver_requested, waiver_granted, not_applicable, overdue_paused
AIUseCaseInventoryStage Stage of an AI use case in the federal agency annual AI use case inventory lifecycle per OMB M-24-10. Agencies must publish inventories annually; AI systems not yet inventoried may not process public data. Workflow area: AI Accountability & Rights-Impacting Use Cases	government.ai_accountability.inventory_stage	identified_not_yet_assessed, under_assessment, inventoried_non_sensitive, inventoried_rights_impacting, inventoried_safety_impacting, inventoried_national_security_excepted, decommissioned, not_covered_narrow_exception
LawEnforcementAIToolType Classification of a law enforcement AI tool type for accountability tracking and rights-impact assessment. Each type carries different bias risks, due process implications, and EU AI Act compliance requirements. Workflow area: Law Enforcement & Criminal Justice AI	government.law_enforcement.ai_tool_type	facial_recognition_identification, predictive_policing_hotspot, recidivism_risk_scoring, bail_risk_assessment, gang_membership_identification, social_media_monitoring, license_plate_reader_analytics, gunshot_detection_ai
BiasAuditOutcome Outcome of an independent bias and disparate impact audit for a rights-impacting or safety-impacting government AI system. OMB M-24-10 requires independent assessments; EU AI Act Article 9 requires ongoing bias testing for high-risk AI. Workflow area: Law Enforcement & Criminal Justice AI	government.ai_accountability.bias_audit_outcome	no_disparate_impact_identified, disparate_impact_identified_within_threshold, disparate_impact_identified_exceeds_threshold, disparate_impact_identified_remediation_complete, audit_in_progress, audit_not_yet_conducted, audit_methodology_under_review

This reference page is rendered from the mirrored JSON file inside the docs app, not from a hand-written website model.

If you need the machine-readable asset for offline review, automation, or internal diffing, use the mirrored JSON download above.

Next: open the corresponding SDK reference under SDK documentation and then compare it with the public-site industry page to see how the same vocabulary is framed commercially.