AI Governance Framework
Unified, prescriptive guidance that maps ISO 42001, NIST AI RMF, OWASP Top 10 for LLMs, OWASP Agentic AI, and CIS Controls v8.0 into one actionable lifecycle.
Lifecycle Domains
Six domains cover every phase of the AI lifecycle, from governance through continuous improvement.
| Domain | Description | Tier 1 | Tier 2 | Total |
|---|---|---|---|---|
| GOVERN | Establish organizational structure, policies, roles, accountability, and risk appetite for AI systems. | 4 | 3 | 7 |
| BUILD | Ensure AI systems are developed, integrated, and tested with security, quality, and compliance built into the pipeline from day one. | 4 | 3 | 7 |
| SECURE | Implement AI-specific threat detection, vulnerability management, and adversarial resilience across all AI systems and agent architectures. | 4 | 4 | 8 |
| DEPLOY | Manage safe, versioned, and auditable deployment of AI models and agent systems with rollback capabilities and environment isolation. | 4 | 3 | 7 |
| MONITOR | Continuously observe AI system behavior, detect drift, measure fairness, and maintain audit trails for regulatory compliance and incident response. | 4 | 3 | 7 |
| IMPROVE | Drive maturity through structured reviews, gap analysis, post-incident learning, and continuous alignment with evolving frameworks and organizational goals. | 4 | 3 | 7 |
Source Frameworks
Five industry-leading frameworks unified into a single governance model.
ISO/IEC 42001:2023
16 items
The world's first AI management system standard. Specifies requirements for establishing, implementing, and improving an AI Management System (AIMS). 10 clauses + Annex A with 9 control domains.
NIST AI Risk Management Framework 1.0
6 items
A voluntary framework for managing risks throughout the AI lifecycle. Organized around four core functions: Govern, Map, Measure, and Manage. Includes the Generative AI Profile (AI 600-1) for foundation model risks.
OWASP Top 10 for LLM Applications
10 items
Identifies the most critical security risks in applications utilizing large language models. Covers prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, and more.
OWASP Top 10 for Agentic AI Applications
10 items
Addresses security risks unique to autonomous AI agent systems. Covers excessive permissions, misaligned objectives, resource exhaustion, supply chain integrity, identity exploitation, unmonitored actions, cascading failures, compliance gaps, operational disruption, and misplaced trust.
CIS Critical Security Controls v8.0
18 items
18 prioritized cybersecurity best practices (formerly the SANS Top 20) mapped to AI governance as foundational security hygiene. Covers asset management, access control, vulnerability management, audit logging, incident response, and penetration testing.