docs: add CAC Procurement and Audit Standard v1.0

[BrianCLong]

Motivation

• Provide a formal, enforceable standard (CAC v1.0) that converts existing CAC enforcement/verification infrastructure into procurement-, audit-, and regulatory-grade requirements.
• Create an RFP-ready adoption surface so buyers can require verifiable admissibility artifacts (CACert, evidence bundles, traces, transparency proofs) from vendors.

Description

• Add a new control document at docs/standards/CAC_Procurement_Audit_Standard_v1.0.md containing the five required sections: RFC-style STANDARD, PROCUREMENT LANGUAGE (RFP clauses), AUDIT FRAMEWORK, COMPLIANCE MAPPING, and ADOPTION STRATEGY.
• Define normative MUST/SHOULD/MAY requirements covering Evidence Bundles, Decision Traces, binary Admissibility Verdicts, signed CACert schema/constraints, verification tooling requirements (API + CLI), and Merkle-based transparency log obligations.
• Provide 15 enforceable, testable RFP clauses, a repeatable third-party audit checklist with objective pass/fail criteria, and explicit mappings to NIST AI RMF, ISO/IEC 42001, SOC 2, and the EU AI Act.
• Include a phased adoption plan (0–90, 90–180, 180+ days) with procurement and audit enforcement mechanics to drive market conditioning.

Testing

• Ran prettier --check which initially reported formatting issues and then fixed the file with prettier --write.
• Re-ran prettier --check and confirmed the new document matches repository code style.
• No runtime code changes were made; change is documentation-only and carries low technical risk.

---

Codex Task

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@BrianCLong has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 5 minutes and 41 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 5 minutes and 41 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1d3886eb-1571-45a0-b0f8-2ddc68db08a4

📥 Commits

Reviewing files that changed from the base of the PR and between ff4ddf6 and c216932.

📒 Files selected for processing (1)

• docs/standards/CAC_Procurement_Audit_Standard_v1.0.md

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/create-cac-procurement-and-audit-standard

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}