--- title: Cross-Framework Matrix, AI compliance coverage at a glance description: One grid of ZioSec capabilities across EU AI Act, NIST AI RMF, ISO 42001, AIUC-1, and OWASP AISVS. Each row maps a capability to the specific controls it satisfies in every framework. url: https://ziosec.com/ai-compliance/matrix --- # Cross-Framework Matrix Five frameworks. One pentest covers most of the work. Capabilities run down the rows. Frameworks run across the columns. ## Coverage key - ● Direct evidence. ZioSec satisfies the control end to end. - ◐ Supporting evidence. ZioSec contributes to the evidence chain but full satisfaction needs other tooling or process. - ○ Out of scope. The framework includes the obligation but pentest cannot satisfy it; the customer's governance, legal, or product teams fill the gap. ## Matrix | Capability | EU AI Act | NIST AI RMF | ISO/IEC 42001 | AIUC-1 | OWASP AISVS | | --- | --- | --- | --- | --- | --- | | Adversarial Robustness Testing | ● Art. 15 | ● MS-2.6, MG-3.2 | ● A.6.2.4 | ● B.1, B.2 | ● C02, C10 | | Prompt Injection Validation | ● Art. 15 | ● MS-2.6 | ● A.6.2.4 | ● B.2 | ● C02 | | Privacy and PII Probing | ◐ Art. 10 | ● MS-2.7 | ◐ A.7.4 | ● B.x | ● C11 | | RAG and Memory Security | ◐ Art. 15 | ● MS-2.6 | ◐ A.6.2.4 | ● B.x | ● C08 | | Containerized Deployment | ● Art. 14, 15 | ● MG-2.4 | ● A.6.2.5, A.6.2.6 | ● B.6, E.x | ● C04 | | Automatic Policy Composition | ● Art. 14 | ● MG-2.4 | ● A.6.2.6 | ● B.6 | ● C09 | | Agent Identity Boundaries | ◐ Art. 15 | ● MS-2.6 | ◐ A.6.2.4 | ● B.7 | ● C05 | | MCP and Tool Supply Chain | ◐ Art. 15 | ◐ MS-2.6 | ● A.10.3 | ● Q1 2026 | ◐ C06 | | Immutable Telemetry | ● Art. 12 | ● MG-2.4 | ● A.6.2.8 | ● E.x | ● C12 | | Audit-Ready Findings Catalog | ● Art. 11 | ● MS-1.1 | ● A.6.2.7, A.8.3 | ● B.1 | ● All Levels | | Cross-Standard Crosswalk Report | ● Art. 11, 17 | ● GV-1.4 | ● A.8.3 | ● E.x | ● All | | Fleet-Wide Governance | ● Art. 72 | ● MG-2.4 | ● A.6.2.6 | ● D.x, E.x | ● C12, C13 | | Continuous Risk Register | ● Art. 9 | ● MP-5.1 | ● A.6.2.4 | ● B.1 | ● C03, C10 | ### Customer-owned (out of scope) | Capability | EU AI Act | NIST AI RMF | ISO/IEC 42001 | AIUC-1 | OWASP AISVS | | --- | --- | --- | --- | --- | --- | | Organizational AI Governance | ○ Art. 26 | ○ GV-1.1, GV-3.2 | ○ A.2, A.3 | ○ A.x | ○ C13.org | | Training Data Governance | ○ Art. 10 | ○ MAP-2.x | ○ A.7 | ○ F.legal | ○ C01.proc | | Ethics, Fairness and Impact Assessment | ○ Art. 27 | ○ MS-2.11 | ○ A.5.2 | ○ C.x | ○ n/a | | Legal and Privacy Compliance | ○ Whole Act | ○ GV-1.1 | ○ Cl. 4, 6 | ○ F.legal | ○ n/a | | User Disclosure and Transparency Copy | ○ Art. 13, 50 | ○ n/a | ○ A.9.3 | ○ C.disclose | ○ n/a | | Procurement and Vendor Due Diligence | ○ Art. 25 | ○ GV-6.1 | ○ A.10 | ○ UW | ○ C06.proc | ## Capability details ### Adversarial Robustness Testing Trained pentesting agent runs thousands of adversarial probes. Tests cover prompt injection, jailbreaks, evasion, model extraction, and multimodal injection. Evidence produced: - Adversarial test corpus (versioned) - Robustness scorecards - OWASP LLM Top 10 mapping - MITRE ATLAS coverage report Framework anchors: - EU AI Act: Art. 15 - NIST AI RMF: MS-2.6, MG-3.2 - ISO/IEC 42001: A.6.2.4 - AIUC-1: B.1, B.2 - OWASP AISVS: C02, C10 ### Prompt Injection Validation Generates injection payloads across direct, indirect, and multimodal vectors. Tracks filter bypass rate over time. Evidence produced: - Injection success rate (per vector) - Filter classifier scores - Bypass technique catalog Framework anchors: - EU AI Act: Art. 15 - NIST AI RMF: MS-2.6 - ISO/IEC 42001: A.6.2.4 - AIUC-1: B.2 - OWASP AISVS: C02 ### Privacy and PII Probing Runs the privacy attack suite: membership inference, training data extraction, PII echo. Evidence produced: - Privacy test reports - Inference attack results - PII handling audit Framework anchors: - EU AI Act: Art. 10 - NIST AI RMF: MS-2.7 - ISO/IEC 42001: A.7.4 - AIUC-1: B.x - OWASP AISVS: C11 ### RAG and Memory Security Probes the entire retrieval surface: poisoned documents, cross-tenant leakage, embedding inversion attacks. Evidence produced: - RAG corruption test reports - Cross-tenant isolation tests Framework anchors: - EU AI Act: Art. 15 - NIST AI RMF: MS-2.6 - ISO/IEC 42001: A.6.2.4 - AIUC-1: B.x - OWASP AISVS: C08 ### Containerized Deployment Each agent runs in an isolated, hardened container with policy enforcement at the boundary. Evidence produced: - Container attestations - Build-pinned manifests - Kill-switch validation logs Framework anchors: - EU AI Act: Art. 14, 15 - NIST AI RMF: MG-2.4 - ISO/IEC 42001: A.6.2.5, A.6.2.6 - AIUC-1: B.6, E.x - OWASP AISVS: C04 ### Automatic Policy Composition When a pentest finds an exploitable path, the system composes a runtime policy that closes it. Evidence produced: - Composed runtime policies - Finding-to-policy traceability - Policy change history Framework anchors: - EU AI Act: Art. 14 - NIST AI RMF: MG-2.4 - ISO/IEC 42001: A.6.2.6 - AIUC-1: B.6 - OWASP AISVS: C09 ### Agent Identity Boundaries Tests confused-deputy, token leakage, and scope-creep flaws. Evidence produced: - Identity flow tests - Confused-deputy reports - Token handling audit Framework anchors: - EU AI Act: Art. 15 - NIST AI RMF: MS-2.6 - ISO/IEC 42001: A.6.2.4 - AIUC-1: B.7 - OWASP AISVS: C05 ### MCP and Tool Supply Chain Native understanding of MCP architecture. Probes MCP servers, tool descriptions, and tool-call hijacking. Evidence produced: - MCP server pentest reports - Tool-poisoning test results - SBOM-aligned findings Framework anchors: - EU AI Act: Art. 15 - NIST AI RMF: MS-2.6 - ISO/IEC 42001: A.10.3 - AIUC-1: Q1 2026 - OWASP AISVS: C06 ### Immutable Telemetry Captures every consequential agent event with correlation IDs across the decision chain. Evidence produced: - Tool-call audit trail - Policy decision logs - Integrity attestations Framework anchors: - EU AI Act: Art. 12 - NIST AI RMF: MG-2.4 - ISO/IEC 42001: A.6.2.8 - AIUC-1: E.x - OWASP AISVS: C12 ### Audit-Ready Findings Catalog Structured, timestamped reports formatted for Annex IV technical documentation requirements. Evidence produced: - Annex IV-aligned tech docs - Versioned findings catalog - Regulator-grade reports Framework anchors: - EU AI Act: Art. 11 - NIST AI RMF: MS-1.1 - ISO/IEC 42001: A.6.2.7, A.8.3 - AIUC-1: B.1 - OWASP AISVS: All Levels ### Cross-Standard Crosswalk Report One auditor-ready document maps every finding, policy artifact, and log stream to controls. Evidence produced: - Per-framework crosswalk PDFs - Auditor-ready evidence chains - Vendor questionnaire responses Framework anchors: - EU AI Act: Art. 11, 17 - NIST AI RMF: GV-1.4 - ISO/IEC 42001: A.8.3 - AIUC-1: E.x - OWASP AISVS: All ### Fleet-Wide Governance Single pane of glass for every agent in the enterprise, including shadow agents. Evidence produced: - Agent inventory - Behavior baselines - Drift detection alerts Framework anchors: - EU AI Act: Art. 72 - NIST AI RMF: MG-2.4 - ISO/IEC 42001: A.6.2.6 - AIUC-1: D.x, E.x - OWASP AISVS: C12, C13 ### Continuous Risk Register Risks update on every system change. Residual risk scores re-compute after each remediation. Evidence produced: - Risk register (auto-updated) - Pre/post-mitigation runs - Regression catalog Framework anchors: - EU AI Act: Art. 9 - NIST AI RMF: MP-5.1 - ISO/IEC 42001: A.6.2.4 - AIUC-1: B.1 - OWASP AISVS: C03, C10 ### Organizational AI Governance Every framework expects documented organizational structure for AI risk. Evidence produced: - Owner: Leadership / GRC / HR ### Training Data Governance Training-time governance lives upstream of pentest. Evidence produced: - Owner: ML Platform / Legal / Data ### Ethics, Fairness and Impact Assessment Fairness, bias, and fundamental-rights impact require demographic data and ethics review. Evidence produced: - Owner: Responsible AI / Legal / Ethics ### Legal and Privacy Compliance Lawful basis, consent management, DPIAs, and data subject rights are owned by Privacy and Legal. Evidence produced: - Owner: Privacy / Legal ### User Disclosure and Transparency Copy UI copy, disclosure language, and watermarking choices are product and legal decisions. Evidence produced: - Owner: Product / Design / Legal ### Procurement and Vendor Due Diligence Procurement and vendor selection are governance and legal processes. Evidence produced: - Owner: Procurement / Vendor Risk / Legal ## Summary - **13 ZioSec capabilities** produce direct or supporting evidence across the five frameworks. - **6 customer-owned rows** are obligations every framework includes but a pentest cannot satisfy. - **5 frameworks supported.** EU AI Act, NIST AI RMF, ISO/IEC 42001, AIUC-1, OWASP AISVS. Reviewed quarterly. ## Contact For a tailored crosswalk, email info@ziosec.com or book a demo at https://ziosec.com/demo.