Frameworks Index
Published, named guidance for AI/agentic-AI security. Each framework gets its own page with: scope, structure, current version, primary maintainer, evidence of adoption, strengths, gaps, and how it relates to other frameworks.
Pages
- A2A Protocol (Agent-to-Agent) — The Agent-to-Agent (A2A) Protocol is an open standard for communication between AI agents across organizational and platform boundaries.
- Gartner AI TRiSM — AI TRiSM (AI Trust, Risk, and Security Management) is Gartner’s analyst-defined market category for the AI security buying surface.
- AIUC-1 AI Agent Certification Standard — The first independent security, safety, and reliability certification for enterprise AI agents, positioned by its publisher as “SOC 2 for…
- AWS Agentic AI Security Scoping Matrix — A four-scope categorization scheme for autonomous AI systems published by AWS on 2025-11-21, structured around two foundational concepts…
- CLASP — CLASP (Capability-Centric Evaluation for Security Lifecycle) is a capability-centric rubric for assessing autonomous security agents beyo…
- Continuous Threat Exposure Management (CTEM) — CTEM is Gartner’s five-stage program for managing exposure as a continuous, business-prioritized cycle rather than a periodic scan-and-pa…
- CoSAI: Coalition for Secure AI — CoSAI (Coalition for Secure AI) is a OASIS-hosted industry consortium producing collaborative AI security guidance.
- CSA Agentic Trust Framework — This page covers two Cloud Security Alliance agentic-security publications.
- Cyber Defense Matrix
- EU AI Act — The EU AI Act (Regulation (EU) 2024/1689, published July 12, 2024) is the world’s first comprehensive binding legal framework for AI.
- Google SAIF: Secure AI Framework — Google SAIF (Secure AI Framework) provides AI security principles and lifecycle guidance across data, infrastructure, model, and applicat…
- IEC 42001: AI Management Systems — ISO/IEC 42001:2023 is the first (and only) certifiable AI Management System standard.
- MAAIS: Multilayer Agentic AI Security — A seven-layer defense-in-depth security framework for agentic AI systems, proposed in an arXiv preprint by Sunil Arora and John Hastings…
- Microsoft Responsible AI Standard (RAI) — Microsoft RAI is a responsible-AI goals standard, not a security-control catalogue.
- Microsoft Secure Development Lifecycle (SDL) — Microsoft SDL, Microsoft’s secure-by-design software development framework, codifies a set of security activities applied across the soft…
- Microsoft ZT4AI: Zero Trust for AI — Microsoft’s adaptation of Zero Trust principles to AI systems and agentic deployments, branded ZT4AI (Zero Trust for AI).
- MITRE ATLAS — MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversarial tactics and techniques…
- NIST AI 600-1: Generative AI Profile — NIST AI 600-1 (Generative AI Profile, July 2024) extends the NIST AI RMF to address GenAI-specific risks.
- NIST AI 800-4: Monitoring Challenges — NIST AI 800-4 (March 2026) is a report from the NIST Center for AI Standards and Innovation (CAISI) in the Trustworthy and Responsible AI…
- NIST AI Risk Management Framework (AI RMF) — The NIST AI RMF is the de facto voluntary U.S.
- NIST IR 8596 Cyber AI Profile — NIST IR 8596 is an Initial Public Draft (published 16 December 2025; comment period closed 30 January 2026) that frames the AI–cybersecur…
- NIST SP 800-162: Attribute-Based Access Control — Source: NIST CSRC publication record ·…
- NIST SP 800-218A: SSDF GenAI Profile — NIST SP 800-218A (Secure Software Development Practices for Generative AI and Dual-Use Foundation Models: An SSDF Community Profile) is N…
- NIST SSDF (SP 800-218) — NIST SP 800-218 v1.1 (Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities) is NIST…
- OpenTelemetry gen_ai.* Semantic Conventions — OpenTelemetry (OTel) is the CNCF-graduated observability standard: a vendor-neutral API, SDK, and protocol (OTLP) for distributed tracing…
- OSFI Guideline B-13: Technology and Cyber Risk — OSFI Guideline B-13 — Technology and Cyber Risk Management — is Canada’s federal regulatory expectations document for technology and cybe…
- OSFI Guideline E-23: Model Risk Management — OSFI Guideline E-23 (2027) — Model Risk Management — is Canada’s federal regulatory expectations document for enterprise-wide model risk…
- OWASP Top 10 for Agentic Applications (ASI Top 10) — The OWASP Top 10 for Agentic Applications (ASI Top 10) is the definitive agentic risk taxonomy as of Q1 2026, published December 9, 2025…
- OWASP AI Vulnerability Scoring System (AIVSS) — OWASP AIVSS v0.8 (March 19, 2026) is the first AI-specific vulnerability scoring system.
- OWASP Top 10 for LLM Applications — The OWASP Top 10 for LLM Applications is the primary vulnerability awareness list for large language model deployments.
- OWASP SAMM: Software Assurance Maturity Model — Source: OWASP SAMM
- Red Teaming Capability Framework — The Red Teaming Capability Framework is an internal proposal for structuring a red-teaming services capability for first-party agentic AI.
- SOC-CMM Security Operations Maturity Model — Source: soc-cmm.com
- XACML: Access Control Markup Language — Source: OASIS XACML Technical Committee ·…
This sub-index is out of sync with master index (April 2026 candidates note is stale). The master index has the authoritative list of frameworks. The two newest additions are listed below; full sync deferred to a future lint pass.