Frameworks & Standards

The frameworks & standards shaping AI governance

The rulebooks enterprises are being measured against — NIST AI RMF, OWASP for AI, the EU AI Act, ISO/IEC 42001 and Responsible AI — explained in plain terms and mapped to the controls you actually operate.

NIST

NIST AI Risk Management Framework (AI RMF)

A voluntary U.S. framework for identifying and managing AI risk across four functions — Govern, Map, Measure, Manage. It is the most widely adopted enterprise reference for building an AI risk program, and pairs with the Generative AI Profile for LLM-specific risks.

Govern · Map · Measure · ManageRisk managementVoluntary
OWASP

OWASP Top 10 for LLMs & Agentic AI

The security community’s ranked list of the most critical risks in LLM and agentic applications — led by prompt injection, insecure output handling, excessive agency and sensitive-data disclosure. The essential checklist for anyone securing AI agents and tools.

Prompt injectionExcessive agencySecurity
EU AI Act

EU AI Act

The world’s first comprehensive AI law. It classifies AI systems by risk (unacceptable, high, limited, minimal) and imposes obligations — transparency, human oversight, logging and record-keeping — on high-risk uses. Extraterritorial: it reaches any organization serving the EU.

RegulationRisk tiersRecord-keeping
ISO 42001

ISO/IEC 42001 — AI Management System

The first certifiable international standard for an AI Management System (AIMS). Like ISO 27001 for information security, it defines how to govern AI responsibly through policies, roles, risk controls and continual improvement — increasingly requested in enterprise procurement.

CertifiableManagement systemAuditable
SOC 2

SOC 2 & the trust criteria

The auditor’s bar for how a service organization protects data — security, availability, confidentiality and more. AI activity increasingly falls in scope: to pass, you need enforced access controls and a complete audit trail of what AI actors did.

Trust criteriaAudit trailAccess control
RAI

Responsible AI principles

The cross-industry principles — fairness, transparency, accountability, privacy and safety — that underpin most AI governance programs and regulations. They set the “why”; frameworks like NIST AI RMF and ISO 42001 provide the “how.”

FairnessTransparencyAccountability

No frameworks match your search.

Turn frameworks into enforced controls

AuthSpoke maps AI governance frameworks to real controls — identity, authorization, risk and audit — for every AI agent and MCP server.

Get a Demo