Frameworks Index

Published, named guidance for AI/agentic-AI security. Each framework gets its own page with: scope, structure, current version, primary maintainer, evidence of adoption, strengths, gaps, and how it relates to other frameworks.

Pages

• A2A Protocol — Agent-to-Agent — The Agent-to-Agent (A2A) Protocol is an open standard for communication between AI agents across organizational and platform boundaries.
• Gartner AI TRiSM — AI TRiSM (AI Trust, Risk, and Security Management) is Gartner’s analyst-defined market category for the AI security buying surface.
• AIUC-1 — AI Agent Certification Standard — The first independent security, safety, and reliability certification for enterprise AI agents — positioned by its publisher as “SOC 2 fo…
• AWS Agentic AI Security Scoping Matrix — A four-scope categorization scheme for autonomous AI systems published by AWS on 2025-11-21, structured around two foundational concepts…
• CLASP — The CLASP framework (Capability-Centric Evaluation for Security Lifecycle) provides a multi-dimensional rubric to assess autonomous secur…
• CoSAI — Coalition for Secure AI — CoSAI (Coalition for Secure AI) is a OASIS-hosted industry consortium producing collaborative AI security guidance.
• CSA Agentic Trust Framework — The CSA Agentic Trust Framework (ATF, February 2, 2026) is a new framework applying Zero Trust governance principles specifically to auto…
• Cyber Defense Matrix
• EU AI Act — The EU AI Act (Regulation (EU) 2024/1689, published July 12, 2024) is the world’s first comprehensive binding legal framework for AI.
• Google SAIF — Secure AI Framework — Google SAIF (Secure AI Framework) provides AI security principles and lifecycle guidance across data, infrastructure, model, and applicat…
• IEC 42001 — AI Management Systems — ISO/IEC 42001:2023 is the first (and only) certifiable AI Management System standard.
• MAAIS — Multilayer Agentic AI Security Framework — A seven-layer defense-in-depth security framework for agentic AI systems, proposed in an arXiv preprint by Sunil Arora and John Hastings…
• Microsoft Responsible AI Standard (RAI) — Microsoft RAI began as an ethics-focused governance framework (Standard v2, 2022) covering fairness, transparency, and accountability.
• Microsoft Secure Development Lifecycle (SDL) — Microsoft SDL — Microsoft’s secure-by-design software development framework — codifies a set of security activities applied across the so…
• Microsoft ZT4AI — Zero Trust for AI — Microsoft’s adaptation of Zero Trust principles to AI systems and agentic deployments, branded ZT4AI (Zero Trust for AI).
• MITRE ATLAS — MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversarial tactics and techniques…
• NIST AI 600-1 — Generative AI Profile — NIST AI 600-1 (Generative AI Profile, July 2024) extends the NIST AI RMF to address GenAI-specific risks.
• NIST AI Risk Management Framework (AI RMF) — The NIST AI RMF is the de facto voluntary U.S.
• NIST SP 800-162 — Guide to Attribute Based Access Control (ABAC) — Source: NIST CSRC publication record ·…
• NIST SP 800-218A — SSDF Community Profile for Generative AI and Dual-Use Foundation Models — NIST SP 800-218A — Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile — is…
• NIST SSDF — Secure Software Development Framework (SP 800-218 v1.1) — NIST SP 800-218 v1.1 — Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities — is NI…
• OpenTelemetry gen_ai.* Semantic Conventions — OpenTelemetry (OTel) is the CNCF-graduated observability standard: a vendor-neutral API, SDK, and protocol (OTLP) for distributed tracing…
• OSFI Guideline B-13 — Technology and Cyber Risk Management — OSFI Guideline B-13 — Technology and Cyber Risk Management — is Canada’s federal regulatory expectations document for technology and cybe…
• OSFI Guideline E-23 (2027) — Model Risk Management — OSFI Guideline E-23 (2027) — Model Risk Management — is Canada’s federal regulatory expectations document for enterprise-wide model risk…
• OWASP Top 10 for Agentic Applications (ASI Top 10) — The OWASP Top 10 for Agentic Applications (ASI Top 10) is the definitive agentic risk taxonomy as of Q1 2026, published December 9, 2025…
• OWASP AI Vulnerability Scoring System (AIVSS) — OWASP AIVSS v0.8 (March 19, 2026) is the first AI-specific vulnerability scoring system.
• OWASP Top 10 for LLM Applications — The OWASP Top 10 for LLM Applications is the primary vulnerability awareness list for large language model deployments.
• Red Teaming Capability Framework — A modern red teaming services capability for first-party agentic AI in 2026 should be founded on the following layered approach:
• XACML — eXtensible Access Control Markup Language — Source: OASIS XACML Technical Committee ·…

This sub-index is out of sync with master index (April 2026 candidates note is stale). The master index has the authoritative list of frameworks. The two newest additions are listed below; full sync deferred to a future lint pass.