AGF

Standards Alignment

How AGF maps to NIST, OWASP, CSA, EU AI Act, ISO, OpenTelemetry, Singapore IMDA, and MITRE ATLAS.

AGF is a synthesis framework — it integrates, not replaces, established standards. This page summarizes how AGF maps to each.

Regulatory Frameworks

EU AI Act

ArticleAGF Mapping
Art. 6 (Risk classification)Risk classification → ring activation level
Art. 9 (Risk management)Three-level security model
Art. 12 (Record-keeping)Event-Driven Observability (#10)
Art. 14 (Human oversight)Governance Gates (#8), mandatory gates
Art. 15 (Robustness)Adversarial Robustness (#15)
Art. 50 (Transparency)Identity & Attribution (#14)

NIST AI RMF

NIST FunctionAGF Mapping
GOVERNRing 2 governance functions
MAPRisk classification + ring activation
MEASUREEvaluation & Assurance (#18) + Ring 1 verification
MANAGETrust Ladders (#11) + Bounded Agency (#7)

AGF primitives are "agentic specializations of" NIST functions — runtime mechanisms within broader organizational functions.

Singapore IMDA

IMDA DimensionAGF Mapping
Risk BoundingBounded Agency (#7)
AccountabilityGovernance Gates (#8)
Technical ControlsEvaluation & Assurance (#18)
End-User ResponsibilityIdentity & Attribution (#14)

IMDA explicitly includes operational environments as a governance dimension, validating Agent Environment Governance (#19).

Security Frameworks

OWASP Top 10 for Agentic Applications

All 10 ASI threats are mapped to the three-level security model with single-owner responsibility per threat. See the Security Profile for the complete threat-by-threat analysis.

OWASP MCP Top 10

All 10 MCP threats are mapped to specific primitives and security architecture components.

CSA MAESTRO

7-layer threat model mapped to AGF primitives layer by layer.

CSA Agentic Trust Framework

Trust Ladders (#11) aligns with ATF's earned autonomy maturity model.

MITRE ATLAS

Security architecture aligned to the adversarial technique taxonomy.

NIST SP 800-207 (Zero Trust)

NIST Zero TrustAGF Mapping
Policy Enforcement Point (PEP)Security Fabric
Policy Decision Point (PDP)Security Governance
Continuous DiagnosticsSecurity Intelligence

Industry Standards

StandardAGF Mapping
ISO/IEC 42001Policy as Code (#9) maps to operational planning; AGF provides runtime mechanisms
IEEE P2863Organizational governance that AGF's runtime architecture implements
OpenTelemetry GenAIEvent architecture builds on OTel conventions with governance extensions
NIST 800-53 / ISO 27001Control crosswalks available in the GRC Profile

For detailed article-level regulatory mappings and control crosswalks, see the GRC Profile.

Edit on GitHub

Architecture Diagrams

Visual reference models for the AGF framework — rings, security, deployment, observability, and more.

How the Documents Relate

The hub-and-spoke architecture of AGF documents and how the concept areas connect.

On this page

Regulatory FrameworksEU AI ActNIST AI RMFSingapore IMDASecurity FrameworksOWASP Top 10 for Agentic ApplicationsOWASP MCP Top 10CSA MAESTROCSA Agentic Trust FrameworkMITRE ATLASNIST SP 800-207 (Zero Trust)Industry Standards