{"slug": "show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp", "title": "Show HN: Crosswalk mapping AI-agent design controls to NIST, ISO 42001, OWASP", "summary": "AgentAz, a design-time governance vocabulary for AI agents, published a crosswalk mapping its dimensions to controls in NIST AI RMF 1.0, ISO/IEC 42001:2023, and OWASP Agentic Security. The mapping helps enterprises produce machine-readable evidence toward compliance with these frameworks, though it explicitly excludes runtime defenses and certification.", "body_md": "# AgentAz™ Regulatory Crosswalk\n\nAgentAz is a design-time governance vocabulary. This crosswalk maps each AgentAz dimension to the controls it helps satisfy in three frameworks an enterprise is likely already audited against — so a machine-readable `agentaz.json`\n\nbecomes a shortcut through the governance section of a security questionnaire.\n\nA spec’s worth is what it maps up to. Read each row as: “an agent that declares this AgentAz dimension is producing design-time evidence toward these controls.” It is **evidence toward**, not a certification — the mapping shows intent is documented, not that an auditor has verified the running system.\n\n| AgentAz dimension | NIST AI RMF 1.0 | ISO/IEC 42001:2023 | OWASP Agentic (ASI) |\n|---|---|---|---|\n| Worst-case action & Trust Level (A1–A5)Classifying an agent by the maximum impact it could have. | MAP 1.1 (context), MAP 5.1 (impact likelihood & magnitude) | A.5 — AI system impact assessment | ASI01 Agent Goal Hijack · ASI10 Rogue Agents |\n| Authority boundaryWhat the agent is permitted to modify, send, spend, or delete. | MAP 2 (system categorization), GOVERN 1.4 (oversight policy) | A.9.4 (intended use) · A.9.2 (responsible-use boundaries) | ASI03 Identity & Privilege Abuse |\n| Tool boundary (least privilege)A scoped tool registry; gated vs. auto-executable; absent capabilities. | MANAGE 2 (risk treatment) | A.4 (resources/tooling) · A.9.2 (usage limits) | ASI02 Tool Misuse · ASI03 Privilege Abuse (“Least Agency”) |\n| Human approval gateHuman-in-the-loop sign-off before an irreversible action runs. | MANAGE 4.1 (override mechanisms), GOVERN 1.4 (human oversight) | A.9.2 — human oversight / override of AI decisions | ASI09 Human-Agent Trust Exploitation (supports ASI02) |\n| Confidence escalationRouting low-confidence or ambiguous cases to a human instead of acting. | MANAGE 4.1 (appeal & override), MANAGE 2 | A.6.2 (operation/monitoring) · A.9.2 | ASI09 (decision-fatigue) · ASI01 |\n| Cost ceilingA spend cap per run, with an alert threshold.partial mapping | MANAGE 2 (risk treatment) | A.6.2 (operation) | ASI08 Cascading Failures (blast-radius limit) |\n| Loop bound / escape hatchAn iteration cap so the agent can't spin indefinitely. | MANAGE 4.1 (monitoring) | A.6.2 (operation) | ASI08 Cascading Failures (circuit breakers) |\n| Output boundaryA constrained, declared set of outputs the agent may emit.partial mapping | MEASURE 2 (evaluation) | A.8 (information for interested parties) · A.9.2 | ASI02 Tool Misuse · ASI05 Unexpected Code Execution |\n| Audit trail (tamper-evident)An append-only, verifiable record of decisions and approvals. | MANAGE 4 (monitoring), GOVERN (documentation) | A.6.2 (lifecycle logging) · A.5 | Cross-cutting — detection signal for ASI06 / ASI10 |\n\n## What this crosswalk does *not* claim\n\nHonest scope is the point — a governance mapping is only useful if its gaps are stated. AgentAz stays in one lane: design-time, machine-readable, blueprint-level. It does not cover runtime proof, agent identity, or certification. Specifically out of scope:\n\n- OWASP ASI04 (Supply Chain), ASI05 (sandboxing of code execution), ASI06 (memory/RAG poisoning), and ASI07 (inter-agent communication) are runtime and infrastructure defenses. AgentAz documents design-time intent; it does not implement these — they belong to your runtime and security layers.\n- NIST MEASURE bias/fairness depth and full TEVV methodology. AgentAz is boundary-focused, not a fairness-testing methodology; treat these as partial at best.\n- ISO/IEC 42001 A.7 (data governance) and A.10 (third-party relationships). Largely outside a single blueprint's design-time spec.\n\nA mapping is a starting point for a questionnaire, not a compliance verdict. Your auditor still determines whether a control is satisfied in your environment.\n\n## Sources & version\n\nMapped against the published structure of [NIST AI RMF 1.0](https://www.nist.gov/itl/ai-risk-management-framework) (2023), [ISO/IEC 42001:2023](https://www.iso.org/standard/81230.html), and the [OWASP Top 10 for Agentic Applications](https://genai.owasp.org/) (ASI01–ASI10, December 2025).\n\nCrosswalk version 1.0 · Last reviewed 2026-06-30. These frameworks are revised over time (the OWASP agentic list especially is new and evolving) — verify any row against the current published control text before relying on it in an audit.", "url": "https://wpnews.pro/news/show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp", "canonical_source": "https://www.agent-kits.com/agentaz-crosswalk", "published_at": "2026-06-30 08:57:38+00:00", "updated_at": "2026-06-30 09:20:15.534845+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy"], "entities": ["AgentAz", "NIST", "ISO", "OWASP", "NIST AI RMF 1.0", "ISO/IEC 42001:2023", "OWASP Agentic Security"], "alternates": {"html": "https://wpnews.pro/news/show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp", "markdown": "https://wpnews.pro/news/show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp.md", "text": "https://wpnews.pro/news/show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp.txt", "jsonld": "https://wpnews.pro/news/show-hn-crosswalk-mapping-ai-agent-design-controls-to-nist-iso-42001-owasp.jsonld"}}