AgentAz™ Regulatory Crosswalk — NIST AI RMF, ISO 42001, OWASP Agentic — AgentKits<br>Skip to content<br>AgentAz™ Regulatory Crosswalk<br>AgentAz is a design-time governance vocabulary. This crosswalk maps each AgentAz dimension to the controls it helps satisfy in three frameworks an enterprise is likely already audited against — so a machine-readable agentaz.json becomes a shortcut through the governance section of a security questionnaire.<br>A spec’s worth is what it maps up to. Read each row as: “an agent that declares this AgentAz dimension is producing design-time evidence toward these controls.” It is evidence toward , not a certification — the mapping shows intent is documented, not that an auditor has verified the running system.<br>AgentAz dimensionNIST AI RMF 1.0ISO/IEC 42001:2023OWASP Agentic (ASI)Worst-case action & Trust Level (A1–A5)Classifying an agent by the maximum impact it could have.MAP 1.1 (context), MAP 5.1 (impact likelihood & magnitude)A.5 — AI system impact assessmentASI01 Agent Goal Hijack · ASI10 Rogue AgentsAuthority boundaryWhat the agent is permitted to modify, send, spend, or delete.MAP 2 (system categorization), GOVERN 1.4 (oversight policy)A.9.4 (intended use) · A.9.2 (responsible-use boundaries)ASI03 Identity & Privilege AbuseTool boundary (least privilege)A scoped tool registry; gated vs. auto-executable; absent capabilities.MANAGE 2 (risk treatment)A.4 (resources/tooling) · A.9.2 (usage limits)ASI02 Tool Misuse · ASI03 Privilege Abuse (“Least Agency”)Human approval gateHuman-in-the-loop sign-off before an irreversible action runs.MANAGE 4.1 (override mechanisms), GOVERN 1.4 (human oversight)A.9.2 — human oversight / override of AI decisionsASI09 Human-Agent Trust Exploitation (supports ASI02)Confidence escalationRouting low-confidence or ambiguous cases to a human instead of acting.MANAGE 4.1 (appeal & override), MANAGE 2A.6.2 (operation/monitoring) · A.9.2ASI09 (decision-fatigue) · ASI01Cost ceilingA spend cap per run, with an alert threshold.partial mappingMANAGE 2 (risk treatment)A.6.2 (operation)ASI08 Cascading Failures (blast-radius limit)Loop bound / escape hatchAn iteration cap so the agent can't spin indefinitely.MANAGE 4.1 (monitoring)A.6.2 (operation)ASI08 Cascading Failures (circuit breakers)Output boundaryA constrained, declared set of outputs the agent may emit.partial mappingMEASURE 2 (evaluation)A.8 (information for interested parties) · A.9.2ASI02 Tool Misuse · ASI05 Unexpected Code ExecutionAudit trail (tamper-evident)An append-only, verifiable record of decisions and approvals.MANAGE 4 (monitoring), GOVERN (documentation)A.6.2 (lifecycle logging) · A.5Cross-cutting — detection signal for ASI06 / ASI10<br>What this crosswalk does not claim<br>Honest scope is the point — a governance mapping is only useful if its gaps are stated. AgentAz stays in one lane: design-time, machine-readable, blueprint-level. It does not cover runtime proof, agent identity, or certification. Specifically out of scope:<br>OWASP ASI04 (Supply Chain), ASI05 (sandboxing of code execution), ASI06 (memory/RAG poisoning), and ASI07 (inter-agent communication) are runtime and infrastructure defenses. AgentAz documents design-time intent; it does not implement these — they belong to your runtime and security layers.<br>NIST MEASURE bias/fairness depth and full TEVV methodology. AgentAz is boundary-focused, not a fairness-testing methodology; treat these as partial at best.<br>ISO/IEC 42001 A.7 (data governance) and A.10 (third-party relationships). Largely outside a single blueprint's design-time spec.<br>A mapping is a starting point for a questionnaire, not a compliance verdict. Your auditor still determines whether a control is satisfied in your environment.

Sources & version<br>Mapped against the published structure of NIST AI RMF 1.0 (2023), ISO/IEC 42001:2023, and the OWASP Top 10 for Agentic Applications (ASI01–ASI10, December 2025).<br>Crosswalk version 1.0 · Last reviewed 2026-06-30. These frameworks are revised over time (the OWASP agentic list especially is new and evolving) — verify any row against the current published control text before relying on it in an audit.<br>Read the AgentAz™ spec Scan an agent against it