Motivation

• Provide a formal, enforceable standard (CAC v1.0) that converts existing CAC enforcement/verification infrastructure into procurement-, audit-, and regulatory-grade requirements.
• Create an RFP-ready adoption surface so buyers can require verifiable admissibility artifacts (CACert, evidence bundles, traces, transparency proofs) from vendors.

Description

• Add a new control document at docs/standards/CAC_Procurement_Audit_Standard_v1.0.md containing the five required sections: RFC-style STANDARD, PROCUREMENT LANGUAGE (RFP clauses), AUDIT FRAMEWORK, COMPLIANCE MAPPING, and ADOPTION STRATEGY.
• Define normative MUST/SHOULD/MAY requirements covering Evidence Bundles, Decision Traces, binary Admissibility Verdicts, signed CACert schema/constraints, verification tooling requirements (API + CLI), and Merkle-based transparency log obligations.
• Provide 15 enforceable, testable RFP clauses, a repeatable third-party audit checklist with objective pass/fail criteria, and explicit mappings to NIST AI RMF, ISO/IEC 42001, SOC 2, and the EU AI Act.
• Include a phased adoption plan (0–90, 90–180, 180+ days) with procurement and audit enforcement mechanics to drive market conditioning.

Testing

• Ran prettier --check which initially reported formatting issues and then fixed the file with prettier --write.
• Re-ran prettier --check and confirmed the new document matches repository code style.
• No runtime code changes were made; change is documentation-only and carries low technical risk.

Codex Task