--- title: Standards Explorer, search every AI compliance control description: Search by control ID or keyword across EU AI Act, NIST AI RMF, ISO 42001, AIUC-1, and OWASP AISVS. Filter by coverage type. Read the full obligation and ZioSec evidence for every requirement. url: https://ziosec.com/ai-compliance/explorer --- # Standards Explorer A guided tour of five frameworks. Switch between standards using the tabs on the web page. Search by control ID or keyword. Filter by coverage status. This document lists every control across all five frameworks for AI agents to consume in one pass. ## How to read coverage - **Full.** ZioSec produces direct evidence that satisfies this control. - **Partial.** ZioSec produces some evidence; gaps remain that need other tooling or process. - **Supporting.** ZioSec's outputs feed into evidence the customer's GRC team assembles. - **Out of scope.** The framework includes this obligation but a pentest cannot satisfy it. It lives with governance, legal, or product. ## EU AI Act Deep dive: https://ziosec.com/ai-compliance/eu-ai-act The first comprehensive legal framework for AI worldwide. A risk-tiered regime where high-risk systems carry obligations around risk management, data governance, technical documentation, human oversight, accuracy, robustness, and cybersecurity. ### At a glance - **In Force:** Aug 2024 (entry); prohibitions Feb 2025 - **Critical Date:** 02 AUG 2026 - **Scope:** Providers and deployers on the EU market - **Penalty:** €35M / 7% ### Control-level coverage - **Art. 9 Risk Management System** (Full) - Obligation: Continuous, iterative process across the AI lifecycle to identify, estimate, and evaluate risks, then test mitigations. - ZioSec capability: Continuous Pentest - Coverage: Our trained pentesting agent probes thousands of vulnerability pathways on every change, satisfying the "continuous, iterative" testing requirement. - Evidence: Risk register (auto-updated); Pre/post-mitigation test runs; Residual risk scoring - **Art. 10 Data and Data Governance** (Supporting) - Obligation: Training, validation, and testing datasets must be relevant, representative, free of errors, and complete. - ZioSec capability: Data-Path Probing - Coverage: Probes for data leakage, training data extraction, and PII exfiltration vectors that violate Art. 10's quality and integrity requirements. - Evidence: Extraction attack reports; PII leakage test results; Vector store probe logs - **Art. 11 Technical Documentation** (Full) - Obligation: Detailed documentation demonstrating system compliance, drawn up before placing on the market and maintained. - ZioSec capability: Audit-Ready Reporting - Coverage: Every pentest produces a structured, timestamped report meeting Annex IV technical documentation requirements. - Evidence: Test methodology docs; Version-pinned findings; Annex IV-aligned reports - **Art. 12 Record-Keeping (Logging)** (Full) - Obligation: Automatic logging of events relevant to risk identification and substantial modification tracking. - ZioSec capability: Fleet-Wide Telemetry - Coverage: Containerized deployment captures every agent action, tool call, and policy decision into immutable logs. - Evidence: Tool-call audit trail; Policy decision logs; Event correlation IDs - **Art. 14 Human Oversight** (Partial) - Obligation: Designed to be effectively overseen by humans, with capabilities to intervene, override, or shut down. - ZioSec capability: Policy Composition - Coverage: Automatic policy composition produces enforceable guardrails that surface decision points and preserve human-in-the-loop integrity. - Evidence: Override-path testing; Kill-switch validation; Escalation logs - **Art. 15 Accuracy, Robustness, Cybersecurity** (Full) - Obligation: Resilient against errors, faults, attempts by unauthorised third parties, and attacks specific to AI. - ZioSec capability: Offensive Testing Core - Coverage: ZioSec's primary mandate. Adversarial inputs, prompt injection, model evasion, and supply-chain attacks tested continuously. - Evidence: Adversarial test corpus; Robustness benchmarks; Attack-resistance scores - **Art. 17 Quality Management System** (Supporting) - Obligation: Documented strategy for compliance including testing, examination, validation procedures. - ZioSec capability: Continuous QMS Input - Coverage: Pentest cadence and findings feed directly into the QMS, with version-controlled procedures and evidence chains. - Evidence: Procedure version history; Validation runs - **Art. 72 Post-Market Monitoring** (Full) - Obligation: Active and systematic gathering of data on AI system performance throughout its lifetime. - ZioSec capability: Fleet-Wide Governance - Coverage: Single pane of glass surfaces every agent's behavior post-deployment, with anomaly detection feeding the post-market monitoring file. - Evidence: Drift detection alerts; Behavior baselines; Incident timelines #### Customer-owned (out of scope) These EU AI Act obligations cannot be satisfied by pentest. They live with governance, legal, or product. - **Art. 13 Transparency & Provision of Information** (Out of Scope (customer-owned)) - Obligation: High-risk systems must be designed so deployers can interpret outputs. - ZioSec capability: Customer Governance Fills - Coverage: Authoring user-facing instructions and interpretation guidance is a documentation and product function, not a pentest output. - Evidence: Owner: Product / Legal - **Art. 26 Obligations of Deployers** (Out of Scope (customer-owned)) - Obligation: Deployers must use the system per instructions, assign human oversight to qualified persons. - ZioSec capability: Customer Governance Fills - Coverage: Operational obligations on the organization deploying the agent. Role assignments and oversight policies live with your GRC team. - Evidence: Owner: GRC / Operations - **Art. 27 Fundamental Rights Impact Assessment** (Out of Scope (customer-owned)) - Obligation: Public-sector and certain private deployers must perform an FRIA. - ZioSec capability: Customer Governance Fills - Coverage: FRIA is a legal and ethical analysis, not a technical pentest. Owned by Legal, Privacy, and Ethics functions. - Evidence: Owner: Legal / Privacy / Ethics - **Art. 50 Transparency to Natural Persons** (Out of Scope (customer-owned)) - Obligation: Users must be informed they are interacting with AI; AI-generated content must be marked. - ZioSec capability: Customer Governance Fills - Coverage: UI disclosure copy, watermarking choices, and disclosure policies are product and legal decisions. - Evidence: Owner: Product / Legal ## NIST AI RMF Deep dive: https://ziosec.com/ai-compliance/nist-ai-rmf A voluntary framework structured around GOVERN, MAP, MEASURE, MANAGE. The GenAI Profile extends RMF to LLMs and agents. ### At a glance - **Released:** v1.0 Jan 2023; GenAI Profile July 2024 - **Adoption:** De Facto Benchmark - **Functions:** GOVERN, MAP, MEASURE, MANAGE - **Procurement:** Increasingly required in US federal AI ### Control-level coverage - **GV-1.4 Risk-Management Process Established** (Supporting) - Obligation: Documented, repeatable processes for AI risk management. - ZioSec capability: Process-In-A-Box - Coverage: Containerized deployment ships with an opinionated, repeatable risk testing process out of the box. - Evidence: Process documentation; Repeatable test runs - **MP-2.3 AI Capabilities and Limits Documented** (Full) - Obligation: System capabilities, limitations, and intended uses are documented with sufficient specificity. - ZioSec capability: Capability Mapping - Coverage: Pentest scoping discovers actual agent capabilities (tools, data access, autonomy level) and validates them against documented intent. - Evidence: Capability inventory; Tool-access surface map - **MP-5.1 Likelihood and Impact of Risks Assessed** (Full) - Obligation: Likelihood and magnitude of risks (including malicious use) are assessed. - ZioSec capability: Adversary Simulation - Coverage: Empirical likelihood data from real attack simulations replaces guesswork in risk assessments. - Evidence: Exploit success rates; Attack chain analysis - **MS-1.1 Approaches and Metrics Identified** (Full) - Obligation: Quantitative and qualitative measures for trustworthy AI characteristics are identified. - ZioSec capability: OWASP / MITRE Mapping - Coverage: Findings mapped to OWASP LLM Top 10, OWASP Agentic Top 10, and MITRE ATLAS. - Evidence: OWASP Top 10 mapping; MITRE ATLAS mapping; Quantitative scores - **MS-2.6 AI System Security and Resilience Evaluated** (Full) - Obligation: System is regularly evaluated for security vulnerabilities and resilience to adversarial attacks. - ZioSec capability: This Is The Job - Coverage: Continuous adversarial probing across thousands of vulnerability pathways. Direct fulfillment of MS-2.6. - Evidence: Continuous test cadence; Vulnerability findings; Resilience benchmarks - **MS-2.7 Privacy Risk Tested** (Full) - Obligation: Privacy risks of the AI system are documented and tested. - ZioSec capability: PII Exfiltration Suite - Coverage: Specific test category for membership inference, training data extraction, and PII leakage. - Evidence: Privacy attack reports; Inference test results - **MG-2.4 Mechanisms to Supersede or Deactivate** (Full) - Obligation: Mechanisms exist to supersede, disengage, or deactivate AI systems. - ZioSec capability: Containerized Kill-Switch - Coverage: Deployment architecture provides per-agent isolation and immediate deactivation; tested as part of every engagement. - Evidence: Kill-switch validation; Isolation tests - **MG-3.2 Pre-Deployment Adversarial Testing (GenAI Profile)** (Full) - Obligation: Generative AI systems undergo structured pre-deployment red-teaming. - ZioSec capability: Pre-Deployment Gates - Coverage: ZioSec serves as the pre-deployment gate, with structured red-teaming aligned to the GenAI Profile. - Evidence: Red-team reports; Pre-deployment sign-off #### Customer-owned (out of scope) These NIST AI RMF obligations cannot be satisfied by pentest. They live with governance, legal, or product. - **GV-1.1 Legal and Regulatory Requirements Understood** (Out of Scope (customer-owned)) - Obligation: Legal, regulatory, and other obligations relevant to AI are documented. - ZioSec capability: Customer Governance Fills - Coverage: Legal mapping and regulatory tracking are owned by Legal and Compliance. - Evidence: Owner: Legal / Compliance - **GV-3.2 Roles and Responsibilities Established** (Out of Scope (customer-owned)) - Obligation: Roles, responsibilities, and lines of communication for AI risk management are documented. - ZioSec capability: Customer Governance Fills - Coverage: Org chart definition and RACI matrices are organizational design owned by leadership. - Evidence: Owner: Leadership / HR - **MS-2.11 Fairness and Bias Evaluated** (Out of Scope (customer-owned)) - Obligation: Fairness and bias are measured and addressed throughout the lifecycle. - ZioSec capability: Customer Governance Fills - Coverage: Fairness and bias evaluation requires demographic data and ethics review not produced by offensive testing. - Evidence: Owner: Responsible AI / Data Science ## ISO/IEC 42001 Deep dive: https://ziosec.com/ai-compliance/iso-42001 The first international management system standard for AI. Certifiable through accredited bodies, increasingly demanded in enterprise procurement. ### At a glance - **Published:** December 2023 - **Type:** Certifiable - **Structure:** Clauses 4-10, plus Annex A (38 controls) - **Procurement:** Now in enterprise vendor questionnaires ### Control-level coverage - **A.6.2.4 AI System Verification and Validation** (Full) - Obligation: The organization shall define and document V&V measures. - ZioSec capability: V&V As A Service - Coverage: ZioSec is the verification and validation engine. Continuous offensive testing satisfies V&V at depth. - Evidence: V&V test plans; Pass/fail outcomes; Regression test history - **A.6.2.5 AI System Deployment** (Full) - Obligation: The organization shall document deployment, ensuring requirements are met. - ZioSec capability: Deployment Validation - Coverage: Containerized deployment produces a per-deployment compliance artifact tied to a specific build. - Evidence: Build-pinned attestation; Deployment manifests - **A.6.2.6 AI System Operation and Monitoring** (Full) - Obligation: Define and document the necessary elements for AI system operation. - ZioSec capability: Fleet Governance - Coverage: Single pane of glass for fleet-wide agent observation, with policy enforcement at runtime. - Evidence: Operational dashboards; Policy violation logs - **A.6.2.7 AI System Technical Documentation** (Full) - Obligation: Technical documentation shall be available, current, and complete. - ZioSec capability: Auto-Generated Tech Docs - Coverage: Pentest engagements emit structured technical documentation with versioned findings. - Evidence: Versioned tech docs; Findings catalog - **A.6.2.8 AI System Recording of Event Logs** (Full) - Obligation: Event logs of the AI system shall be recorded. - ZioSec capability: Immutable Telemetry - Coverage: Every agent action logged with cryptographic integrity at the container layer. - Evidence: Immutable event logs; Integrity attestations - **A.7.4 Quality of Data for AI Systems** (Supporting) - Obligation: Define and document data quality requirements. - ZioSec capability: Data-Path Probing - Coverage: Probes detect data quality issues surfacing as exploitable behavior. - Evidence: Data poisoning tests; RAG corruption probes - **A.8.3 External Reporting** (Full) - Obligation: Determine if and how to report relevant information to interested parties. - ZioSec capability: Audit-Ready Reporting - Coverage: Reports formatted for procurement teams, customers, and regulators. - Evidence: Customer-facing summaries; Regulator-grade reports - **A.10.3 Suppliers** (Full) - Obligation: Ensure use of services from suppliers aligns with the AIMS. - ZioSec capability: Third-Party Agent Testing - Coverage: Third-party agents tested under the same regime as first-party. - Evidence: Vendor attestation; Cross-vendor benchmarks #### Customer-owned (out of scope) These ISO/IEC 42001 obligations cannot be satisfied by pentest. They live with governance, legal, or product. - **A.2.2 AI Policy** (Out of Scope (customer-owned)) - Obligation: The organization shall document an AI policy. - ZioSec capability: Customer Governance Fills - Coverage: Policy authorship is a leadership and legal function. - Evidence: Owner: Leadership / Legal - **A.3.2 AI Roles and Responsibilities** (Out of Scope (customer-owned)) - Obligation: Roles and responsibilities for the AIMS shall be defined. - ZioSec capability: Customer Governance Fills - Coverage: Org structure owned by leadership. - Evidence: Owner: Leadership / HR - **A.5.2 AI System Impact Assessment** (Out of Scope (customer-owned)) - Obligation: Assess potential consequences for individuals, groups, and societies. - ZioSec capability: Customer Governance Fills - Coverage: Societal impact assessment is an ethics and legal function. - Evidence: Owner: Legal / Ethics ## AIUC-1 Deep dive: https://ziosec.com/ai-compliance/aiuc-1 The first agent-specific certifiable standard. Updated quarterly. Audited by Schellman. Built around the threat model ZioSec was designed to address. ### At a glance - **Released:** Mid-2025; quarterly updates - **Auditor:** Schellman - **Pillars:** Security, Safety, Reliability, Accountability, Data - **Edge:** Insurance-aligned, agent-specific ### Control-level coverage - **B.1 Third-party Adversarial Robustness Testing** (Full) - Obligation: Independent technical testing of adversarial resistance. - ZioSec capability: Independent Pentest - Coverage: ZioSec is structured as an independent third-party tester. - Evidence: Independent test report; Adversarial robustness score - **B.2 Detect Adversarial Input** (Full) - Obligation: Real-time detection of inputs that attempt to manipulate agent behavior. - ZioSec capability: Detection Validation - Coverage: Pentest validates that deployed input filters actually catch what they claim. - Evidence: Filter bypass tests; Detection rate metrics - **B.6 Prevent Unauthorized Agent Actions** (Full) - Obligation: Technical controls prevent agents from executing actions outside scope. - ZioSec capability: Action Boundary Testing - Coverage: Tests every authorized tool call boundary; produces enforceable policies. - Evidence: Authorization tests; Composed runtime policies - **B.7 Enforce User Authentication for Agent Actions** (Full) - Obligation: User identity must be cryptographically bound to agent actions. - ZioSec capability: Identity Probing (Q1'26) - Coverage: Tests confused-deputy and identity propagation flaws. - Evidence: Identity flow tests; Confused-deputy reports - **B.MCP MCP Security (Q2 2026 Emphasis)** (Full) - Obligation: Specific controls for MCP servers, tool integrations, and supply chain. - ZioSec capability: MCP-Aware Testing - Coverage: Native understanding of MCP architecture; probes tool descriptions and hijacking. - Evidence: MCP server pentest; Tool-poisoning tests - **C.x Safety: Output Boundaries and Groundedness** (Partial) - Obligation: Controls for hallucinations, harmful outputs, and safety envelope. - ZioSec capability: Output Boundary Probing - Coverage: Adversarial generation of inputs designed to produce out-of-policy outputs. - Evidence: Output policy violations; Groundedness tests - **D.x Reliability: Predictability Under Pressure** (Full) - Obligation: Agent behaves predictably even when targeted. - ZioSec capability: Stress Testing - Coverage: Continuous probing produces baseline behavior data; deviations become reliability metrics. - Evidence: Behavior baselines; Adversarial drift logs - **E.x Accountability: Traceability of Agent Actions** (Full) - Obligation: Every consequential action is traceable. - ZioSec capability: Containerized Audit Trail - Coverage: Container-level event capture with correlation IDs across the decision chain. - Evidence: End-to-end action traces; Decision provenance #### Customer-owned (out of scope) These AIUC-1 obligations cannot be satisfied by pentest. They live with governance, legal, or product. - **A.x Organizational Governance & Management** (Out of Scope (customer-owned)) - Obligation: Documented leadership accountability and policy framework. - ZioSec capability: Customer Governance Fills - Coverage: Pillar A is foundational organizational work, not testable via pentest. - Evidence: Owner: Leadership / GRC - **F.legal Data Privacy: Legal Basis & Data Subject Rights** (Out of Scope (customer-owned)) - Obligation: Lawful basis for processing, data subject rights, DPIAs. - ZioSec capability: Customer Governance Fills - Coverage: Legal basis and consent management owned by Privacy and Legal teams. - Evidence: Owner: Privacy / Legal ## OWASP AISVS Deep dive: https://ziosec.com/ai-compliance/owasp-aisvs Modeled on OWASP ASVS, this is the technical verification checklist that risk frameworks point to. Thirteen chapters, three levels, testable by design. ### At a glance - **Released:** v1.0 (current stable) - **Founder:** Jim Manico et al. - **Levels:** L1, L2, L3 - **Position:** Technical complement to the other four ### Control-level coverage - **C01 Training Data Governance** (Supporting) - Obligation: Provenance, integrity, and lifecycle controls for training data. - ZioSec capability: Inference-Time Probing - Coverage: Probes for training-data leakage at inference time. - Evidence: Training data extraction tests - **C02 User Input Validation** (Full) - Obligation: Prompt injection defenses, content screening, multimodal input validation. - ZioSec capability: Direct Coverage - Coverage: Prompt injection is the central probe. Multimodal injection vectors tested. - Evidence: Injection success rates; Multimodal attack reports; Filter classifier scores - **C03 Model Lifecycle & Change Control** (Full) - Obligation: Versioning, approval gates, and rollback for model changes. - ZioSec capability: Regression Testing - Coverage: Every model or system-prompt change triggers re-pentest. - Evidence: Pre/post-change deltas; Regression catalog - **C04 Infrastructure, Configuration & Deployment** (Full) - Obligation: Hardening of the runtime environment. - ZioSec capability: Containerized Hardening - Coverage: ZioSec deploys in a hardened container by default. - Evidence: Container attestations; Config drift reports - **C05 Access Control & Identity** (Full) - Obligation: Identity and authorization for AI components and users. - ZioSec capability: Identity Flow Testing - Coverage: Tests confused-deputy, token leakage, scope creep. - Evidence: Authorization bypass tests; Token handling reports - **C06 Supply Chain Security** (Partial) - Obligation: Models, frameworks, datasets from third parties. - ZioSec capability: Pickle & Tool-Source Probing - Coverage: Tests unsafe deserialization, model file integrity, and rogue MCP tool descriptions. - Evidence: SBOM-aligned findings; Pickle vulnerability tests - **C07 Model Behavior, Output Control & Safety** (Full) - Obligation: Output filtering, groundedness, behavior bounds. - ZioSec capability: Output Probing - Coverage: Adversarial inputs designed to elicit out-of-policy outputs. - Evidence: Output violation reports - **C08 Memory, Embeddings & Vector DB Security** (Full) - Obligation: Controls for RAG pipelines, vector stores, and persistent memory. - ZioSec capability: RAG Probing Suite - Coverage: Tests for cross-tenant retrieval leakage, embedding inversion, and vector store poisoning. - Evidence: RAG corruption reports; Cross-tenant tests - **C09 Autonomous Orchestration & Agentic Action** (Full) - Obligation: Controls for agents that take autonomous actions and chain tools. - ZioSec capability: This Is The Heart Of It - Coverage: ZioSec was built for this chapter. Multi-step agent action chains, tool orchestration safety. - Evidence: Action chain analysis; Tool composition tests; Autonomy boundary reports - **C10 Adversarial Robustness & Attack Resistance** (Full) - Obligation: Defense against jailbreaks, evasion, model extraction. - ZioSec capability: Direct Coverage - Coverage: The full adversarial test corpus aligns with C10. - Evidence: Jailbreak success rates; Extraction attempt logs; Robustness benchmarks - **C11 Privacy Protection & Personal Data** (Full) - Obligation: Protection of personal data flowing through the AI system. - ZioSec capability: Privacy Test Suite - Coverage: Membership inference, training data extraction, PII echo. - Evidence: Privacy test reports; Inference attack results - **C12 Monitoring, Logging & Anomaly Detection** (Full) - Obligation: Observability and detection capabilities. - ZioSec capability: Telemetry As Default - Coverage: Containerized deployment captures the events C12 requires. - Evidence: Detection-rate validation; Telemetry attestation - **C13 Human Oversight, Accountability & Governance** (Supporting) - Obligation: Governance scaffolding, human-in-the-loop touchpoints. - ZioSec capability: Governance Plumbing - Coverage: Fleet-wide governance feeds the data C13 requires. - Evidence: Override audit trail; Escalation logs ## Contact For a tailored crosswalk or briefing, email info@ziosec.com or book a demo at https://ziosec.com/demo.