Which AI agent hardening controls map to ISO/IEC 42001 and NIST AI RMF requirements?

AI agent hardening controls map to ISO/IEC 42001 and NIST AI RMF requirements by establishing a comprehensive management system for AI and addressing specific risks throughout the AI system lifecycle. These controls focus on governance, risk assessment, operational management, and continuous improvement.

• Governance and Policy: Organizations must establish an AI policy and a documented AI Management System (AIMS), defining roles, responsibilities, and authorities for AI governance [2, ISO/IEC 42001 Cl.5]. This includes maintaining an acceptable-use policy for AI/agent systems covering permitted and prohibited uses, and human-oversight expectations [9, NIST-GOVERN-1.1]. A named risk owner / accountable executive should exist for each deployed AI/agent system [9, NIST-GOVERN-2.1].
• Risk Assessment and Planning: Processes for AI risk assessment and AI impact assessment are crucial, identifying potential positive and negative impacts on individuals, groups, and society [2, ISO/IEC 42001 Cl.6; 3, ISO/IEC 42001 A.5; 5, NIST-MAP-5.1]. An inventory of AI/agent systems (models, agents, tools, data flows) must be maintained and kept current [5, NIST-MAP-1.5].
• Lifecycle Management and Data Governance: Responsible design, development, deployment, operation, and retirement of AI systems are required, with controls at each lifecycle stage [3, ISO/IEC 42001 A.6]. This includes data governance for provenance, quality, preparation, and management of data used by AI systems [3, ISO/IEC 42001 A.7].
• Monitoring, Evaluation, and Improvement: The AIMS must be subject to monitoring, measurement, analysis, and evaluation, including internal audits and management reviews [2, ISO/IEC 42001 Cl.9]. Continual improvement and corrective actions are necessary to address nonconformities and enhance the AIMS over time [2, ISO/IEC 42001 Cl.10]. Security and resilience of AI systems, including adversarial robustness and prompt-injection resistance, should be evaluated and documented [5, NIST-MEASURE-2.7].
• Third-Party and Supply Chain Risk: Policies must address risks from third-party models, datasets, and tools (foundation-model providers, fine-tunes, plugins), tracking provenance, licensing, and model-update risk [3, ISO/IEC 42001 A.10; 5, NIST-GOVERN-6.1]. This cross-maps to OWASP LLM03/LLM05 (supply chain) [5, NIST-GOVERN-6.1].
• Incident Response and Oversight: An AI/agent incident-response plan should be in place for detection, escalation, containment, communication, and learning [8, NIST-MANAGE-4.1]. Policies should define how humans oversee AI, including override authority and the boundary of agent autonomy [9, NIST-GOVERN-3.2]. Mechanisms to log decisions and trace AI behavior are also required for transparency and accountability [5, NIST-MEASURE-2.8].