Oracle Library
Verified sources that power Goober's grounded responses. Each oracle is a curated, chunked, and embedded document — regulatory frameworks, industry standards, and domain-specific governance data.
Framework Oracles
Regulatory mandates, compliance standards, and governance best practices that apply across industries.
Tier 1 — Regulatory Mandates
EU AI Act (High Risk)
EU AI Act
European Parliament and Council of the European UnionVerified Feb 15, 2026
Tier 1 — Regulatory Mandates
boundary
Goober Boundaries — Topics Requiring Professional Referral
*
Ontic LabsVerified Feb 15, 2026
Tier 1 — Regulatory Mandates
HIPAA – Health Insurance Portability and Accountability Act Compliance Guide
HIPAA
U.S. Department of Health and Human Services (HHS)Verified Feb 15, 2026
Tier 1 — Regulatory Mandates
Sarbanes–Oxley (SOX) & Related SEC/FINRA Obligations
SOXSECFINRA
U.S. Congress / U.S. Securities and Exchange Commission (SEC)Verified Feb 15, 2026
Tier 2 — Industry Standards
COSO Enterprise Risk Management (ERM) 2017
COSO ERM 2017Enterprise Risk Management—Integrating with Strategy and Performance
Committee of Sponsoring Organizations of the Treadway Commission (COSO)Verified Feb 15, 2026
Tier 2 — Industry Standards
DOJ Evaluation of Corporate Compliance Programs (ECCP)
DOJ ECCP
U.S. Department of Justice, Criminal DivisionVerified Feb 15, 2026
Tier 2 — Industry Standards
GDPR — General Data Protection Regulation
GDPR (EU) 2016/679
European Parliament and Council of the European UnionVerified Feb 15, 2026
Tier 2 — Industry Standards
GRC Fundamentals — Governance, Risk, and Compliance as an Integrated System
OCEG GRC Capability Model 3.5IIA Three Lines ModelCOSO ERM 2017ISO 37301:2021+1 more
OCEG (Open Compliance and Ethics Group) / IIA (Institute of Internal Auditors)Verified Feb 15, 2026
Tier 2 — Industry Standards
ISO/IEC 27001 — Information Security Management System (ISMS)
ISO 27001ISO 27002
International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC)Verified Feb 15, 2026
Tier 2 — Industry Standards
ISO/IEC 42001:2023 Artificial Intelligence Management System (AIMS)
ISO/IEC 42001:2023ISO 42001
International Organization for Standardization (ISO) / IECVerified Feb 15, 2026
Tier 2 — Industry Standards
NIST AI Risk Management Framework (AI RMF 1.0)
NIST AI RMF 1.0NIST AI 600-1
National Institute of Standards and Technology (NIST), U.S. Department of CommerceVerified Feb 15, 2026
Tier 2 — Industry Standards
NIST Cybersecurity Framework (CSF) 2.0
NIST CSF 2.0
National Institute of Standards and Technology (NIST), U.S. Department of CommerceVerified Feb 15, 2026
Tier 2 — Industry Standards
PCI DSS — Payment Card Industry Data Security Standard
PCI DSS v4.0.1
PCI Security Standards Council (PCI SSC)Verified Feb 15, 2026
Tier 2 — Industry Standards
SOC 2 — AICPA Service Organization Controls for Trust Services Criteria
SOC 2AICPA Trust Services CriteriaTSP Section 100SOC 2 Type 1+1 more
AICPA (American Institute of Certified Public Accountants)Verified Feb 15, 2026
Tier 3 — Best Practices
Compliance Management Systems — Frameworks, Monitoring, and Evidence
ISO 37301:2021OCC CMSCFPB CMSDOJ ECCP
International Organization for Standardization (ISO) / U.S. Federal Banking Regulators / U.S. Department of JusticeVerified Feb 15, 2026
Tier 3 — Best Practices
Framework Crosswalks — NIST CSF, ISO 27001, SOC 2, NIST AI RMF, ISO 42001, EU AI Act, GDPR
NIST CSF 2.0ISO/IEC 27001:2022SOC 2NIST AI RMF 1.0+3 more
Ontic LabsVerified Feb 15, 2026
Tier 3 — Best Practices
Internal Controls
COSO Internal Control — Integrated Framework (2013)
Committee of Sponsoring Organizations of the Treadway Commission (COSO)Verified Feb 15, 2026
Tier 3 — Best Practices
Oracle Pipeline — End-to-End Lifecycle
GRCISO 37301
Ontic LabsVerified Feb 15, 2026
Tier 3 — Best Practices
Policy Management — Creation, Distribution, Versioning, and Audit Trails
ISO 9001:2015 Clause 7.5ISO 27001:2022ISO 37301:2021COSO 2013
Cross-framework synthesisVerified Feb 15, 2026
Industry Oracles
Domain-specific governance landscapes — regulatory bodies, compliance frameworks, and risk patterns for each industry Goober supports.
Tier 2 — Industry Standards
industry
Accounting & Audit
AICPA Professional StandardsCircular 230GAO Yellow Book (GAGAS)+9 more
Tier 2 — Industry Standards
industry
Advertising
Advertiser contract law (SLA enforcement)EU Unfair Commercial Practices DirectiveFTC Act+13 more
Tier 2 — Industry Standards
industry
Agriculture & Food
Allergen labeling (FALCPA)CFTC (commodity trading)EPA FIFRA (pesticide application)+13 more
Tier 2 — Industry Standards
industry
Automotive
EPA emissions regulationsEU type-approval (WVTA)FMVSS+9 more
Tier 2 — Industry Standards
industry
Construction
Davis-Bacon Act (if federal)EPA stormwaterIBC+8 more
Tier 2 — Industry Standards
industry
Cross-Sector
All sector-specific frameworks applicable to operating segmentsBoard-level fiduciary obligations re: AI riskEU AI Act+11 more
Tier 2 — Industry Standards
industry
Cybersecurity
CISA directivesDORA (if financial sector)EU NIS2 Directive+10 more
Tier 2 — Industry Standards
industry
Defense & Intelligence
Classified information handling (EO 13526)DD Form 254 requirementsDFARS 252.204-7012 / 252.204-7021 (CMMC)+9 more
Tier 2 — Industry Standards
industry
Education
ADA/Section 504Accessibility (Section 508 / WCAG)Accreditation body standards (HLC, SACSCOC, etc.)+7 more
Tier 2 — Industry Standards
industry
Energy
DOE Order 206.1 (if federal facilities)DOE nuclear safety directivesEPA CERCLA/RCRA+8 more
Tier 2 — Industry Standards
industry
Financial Services
ACAAMLA 2020BSA/AML+17 more
Tier 2 — Industry Standards
industry
Government
ADA accessibility requirementsADA/Section 508APA (5 USC 551+)+15 more
Tier 2 — Industry Standards
industry
Hardware & Electronics
CE marking (EU)EU Cyber Resilience ActFCC Part 15+9 more
Tier 2 — Industry Standards
industry
Healthcare
21st Century Cures Act (information blocking)42 CFR Part 2 (substance use confidentiality)ACA+17 more
Tier 2 — Industry Standards
industry
Hospitality & Travel
ADA accessibilityAllergen disclosure requirementsCCPA/CPRA+13 more
Tier 2 — Industry Standards
industry
HR & Employment
ADAADEAColorado SB 24-205+11 more
Tier 2 — Industry Standards
industry
Legal
Client confidentiality obligationsCross-border: GDPR, legal professional privilegeFederal Rules of Civil Procedure+8 more
Tier 2 — Industry Standards
industry
Life Sciences & Biotech
EU Clinical Trials RegulationFDA 21 CFR Parts 11 and 58 (GLP)GAMP 5 (computerized systems)+7 more
Tier 2 — Industry Standards
industry
Manufacturing
ANSI/RIA R15.06EU Machinery DirectiveISO 10218 / ISO 15066 (robot safety)+3 more
Tier 2 — Industry Standards
industry
Media & Publishing
Defamation law (state-specific)EU Digital Services ActFTC endorsement guidelines+4 more
Tier 2 — Industry Standards
industry
Mining & Extractives
BLM/USFS permittingEPA NEPA/CERCLA/Clean Air ActEU Critical Raw Materials Act+7 more
Tier 2 — Industry Standards
industry
Nutrition & Wellness
App store policiesCOPPA (if under-13 users)FDA DSHEA (21 USC 343)+5 more
Tier 2 — Industry Standards
industry
Platforms
CSAM reporting (18 USC 2258A)EU Digital Services ActEU Digital Services Act / Digital Markets Act+8 more
Tier 2 — Industry Standards
industry
Real Estate
CFPB supervisory authorityECOA/Reg BFair Housing Act+7 more
Tier 2 — Industry Standards
industry
Retail & E-Commerce
ADA (web accessibility)ADA accessibilityCCPA/CPRA+8 more
Tier 2 — Industry Standards
industry
Semiconductors
AEC-Q100CHIPS Act complianceEAR/ITAR (export controls)+3 more
Tier 2 — Industry Standards
industry
Software & Technology
FedRAMP (if government)GDPRGDPR (if EU customers)+8 more
Tier 2 — Industry Standards
industry
Telecom
CALEACAN-SPAM ActCPNI rules+9 more
Tier 2 — Industry Standards
industry
Transportation & Logistics
AAR standardsDOT Hours of ServiceDOT consumer protection (14 CFR 259)+17 more
Authority Stack Examples
Oracles don't deploy alone. Each segment gets a concrete bundle of framework oracles, an industry encyclopedia, and a recommended enforcement environment. Here's what real stacks look like.
Regional bank (U.S.) core stack
Mid-market bank deploying AI for loan decisioning, customer service, and compliance reporting.
- Framework oracles: NIST Cybersecurity Framework (CSF) 2.0, NIST AI Risk Management Framework (AI RMF 1.0), Sarbanes–Oxley (SOX) & Related SEC/FINRA Obligations, PCI DSS — Payment Card Industry Data Security Standard, GLBA privacy, BSA/AML, FFIEC IT Handbook
- Industry oracle: Financial Services
- Encyclopedia: banking_regional encyclopedia
- Recommended environment: Refinery
Hospital system core stack
Hospital system using AI for clinical decision support, patient triage, and PHI-handling workflows.
- Framework oracles: HIPAA – Health Insurance Portability and Accountability Act Compliance Guide, NIST AI Risk Management Framework (AI RMF 1.0), ISO/IEC 27001 — Information Security Management System (ISMS), FDA AI/ML SaMD guidance, HITECH Act, 42 CFR Part 2
- Industry oracle: Healthcare
- Encyclopedia: hospital_system encyclopedia
- Recommended environment: Clean Room
Cybersecurity SaaS vendor core stack
Enterprise security platform using AI for threat detection, SOC automation, and compliance reporting.
- Framework oracles: NIST Cybersecurity Framework (CSF) 2.0, SOC 2 — AICPA Service Organization Controls for Trust Services Criteria, ISO/IEC 27001 — Information Security Management System (ISMS), ISO/IEC 42001:2023 Artificial Intelligence Management System (AIMS), FedRAMP (gov customers), CMMC (defense supply chain)
- Industry oracle: Cybersecurity
- Encyclopedia: cybersecurity_enterprise encyclopedia
- Recommended environment: Refinery
Try oracle-grounded chat
These oracles power Goober's verified answers. Take the risk wizard and enable oracle grounding to see them in action.