By Future Proof Intelligence · Published 13 June 2026 · 14 minute read

ISO 42001 to NIST AI RMF: a control-mapping crosswalk operators can actually use

Q: Does ISO/IEC 42001 map cleanly onto the NIST AI RMF?

The two instruments overlap substantially but do not map one-to-one. ISO/IEC 42001:2023 is a certifiable management system standard built around a Plan-Do-Check-Act cycle in clauses 4 to 10, with 38 AI-specific controls organised into nine control objectives in Annex A (A.2 to A.10). The NIST AI Risk Management Framework 1.0 is a voluntary framework organised into four functions (GOVERN, MAP, MEASURE, MANAGE) with 19 categories and approximately 72 subcategories. ISO 42001 Annex A controls map most strongly to the NIST GOVERN function, which carries 6 categories and 19 subcategories. The NIST MAP, MEASURE and MANAGE functions map more to the ISO 42001 clause 6 (planning), clause 8 (operation) and clause 9 (performance evaluation) management-system requirements than to discrete Annex A controls. A crosswalk is therefore directional, not symmetrical: ISO 42001 certification provides strong evidence for NIST GOVERN outcomes, while NIST MEASURE and MANAGE evidence supports the operational clauses of ISO 42001.

Q: How does AIUC-1 fit alongside ISO 42001 and the NIST AI RMF?

AIUC-1 is a certification standard for AI agents launched in 2025 by the Artificial Intelligence Underwriting Company. It is built specifically for agentic AI and is described as comprising controls across six domains: Safety, Security, Reliability, Accountability, Data and Privacy, and Society. AIUC-1 maps its threat coverage to MITRE ATLAS and the OWASP Top 10 for agentic applications, and it updates quarterly with quarterly technical retests between annual audits. Where ISO 42001 is a management-system standard and the NIST AI RMF is a risk framework, AIUC-1 is a controls-and-testing standard oriented to insurance underwriting. The three are complementary: ISO 42001 governs the management system, NIST AI RMF structures risk identification and measurement, and AIUC-1 adds agent-specific technical controls and adversarial testing. The Agent Certified methodology treats all three as evidence sources that map to its seven dimensions.

Q: Can I reuse my NIST AI RMF documentation for an ISO 42001 audit or an Agent Certified assessment?

Yes, with translation. NIST AI RMF documentation produced under the GOVERN function maps directly to ISO 42001 clause 5 (leadership) and Annex A control objectives A.2 (AI policy) and A.3 (internal organisation). MAP documentation supports ISO 42001 clause 6 planning and the A.5 impact-assessment controls. MEASURE documentation supports clause 9 performance evaluation. MANAGE documentation supports clause 8 operation and clause 10 improvement. The reuse is not automatic, because ISO 42001 requires the management-system scaffolding (scope, policy, objectives, internal audit, management review) that the NIST RMF does not mandate. For an Agent Certified assessment, both ISO 42001 and NIST AI RMF documentation are accepted as evidence and reduce the gap-analysis and remediation phases, because the seven Agent Certified dimensions draw on the same underlying governance, data, oversight and risk-management practices.

Q: What does a control crosswalk actually save an operator?

A control crosswalk lets an operator produce evidence once and present it against multiple frameworks. An organisation that has documented a human oversight procedure can use the same artefact to satisfy ISO 42001 control A.9 (responsible use), NIST AI RMF MANAGE outcomes for monitoring and response, AIUC-1 Accountability controls, and EU AI Act Article 14 human-oversight obligations. The saving is in audit preparation time and in avoiding duplicated governance documents that drift out of sync. The crosswalk also exposes genuine gaps: requirements that one framework demands and the others do not, such as the agent-specific adversarial testing in AIUC-1 or the management-review cadence in ISO 42001.

How much of an ISO 42001, NIST AI RMF or AIUC-1 programme carries across to the others? Enough to matter: ISO/IEC 42001:2023 carries 38 Annex A controls across 9 objectives, the NIST AI RMF 1.0 carries 19 categories and roughly 72 subcategories across 4 functions, and AIUC-1 carries its controls across 6 domains, and the underlying evidence is largely shared even though the three frameworks were built for different purposes and do not align one-to-one. Most organisations preparing for the EU AI Act era are not starting from zero. They have an ISO 42001 management system, or a NIST AI RMF risk programme, or an AIUC-1 agent certification, and they want to know how much of that work carries across. This article gives a real, clause-level crosswalk so an operator can see which artefact satisfies which requirement, where the genuine gaps sit, and how to produce governance evidence once and present it against all three frameworks plus the Agent Certified seven dimensions.

Key takeaways

ISO/IEC 42001:2023 is a certifiable management system standard with 38 controls in Annex A across nine control objectives (A.2 to A.10). The NIST AI RMF 1.0 is a voluntary risk framework with four functions (GOVERN, MAP, MEASURE, MANAGE), 19 categories and roughly 72 subcategories. The two overlap heavily but map directionally, not symmetrically.
ISO 42001 Annex A controls map most strongly to the NIST GOVERN function (6 categories, 19 subcategories). NIST MAP, MEASURE and MANAGE map more to the ISO 42001 operational clauses (6, 8 and 9) than to discrete Annex A controls.
AIUC-1, launched in 2025 by the Artificial Intelligence Underwriting Company, is a controls-and-testing standard for AI agents across six domains (Safety, Security, Reliability, Accountability, Data and Privacy, Society) with quarterly retests. It adds agent-specific adversarial testing that neither ISO 42001 nor the NIST RMF mandates explicitly.
None of the three is a substitute for an EU AI Act conformity assessment under Article 43 of Regulation (EU) 2024/1689. They reduce the work but do not confer a presumption of conformity, which only harmonised standards cited in the Official Journal under Article 40 will provide.
A working crosswalk lets you produce one human-oversight procedure, one impact assessment, one incident log, and present each against ISO 42001, NIST, AIUC-1, the AI Act and the Agent Certified dimensions. The table below is the starting point.

Why these three frameworks do not align by default

The first thing to understand before mapping anything is that ISO/IEC 42001, the NIST AI RMF and AIUC-1 were designed to answer different questions. Mapping them as though they were the same kind of document produces a misleading crosswalk that overstates coverage.

ISO/IEC 42001:2023 is a management system standard. Its structure follows the Annex SL high-level structure shared by ISO 27001 and ISO 9001: clauses 4 through 10 cover context, leadership, planning, support, operation, performance evaluation and improvement, organised as a Plan-Do-Check-Act cycle. The 38 AI-specific controls sit in Annex A, grouped into nine control objectives numbered A.2 to A.10, and are selected through a Statement of Applicability. The question ISO 42001 answers is: does the organisation run a managed, auditable system for governing AI responsibly?

The NIST AI Risk Management Framework 1.0, published in January 2023 as NIST AI 100-1, is a voluntary risk framework. It is organised into four functions: GOVERN (which cuts across the others), MAP, MEASURE and MANAGE. Across these functions it defines 19 categories and approximately 72 subcategories, each expressed as an outcome rather than a mandatory control. The companion Playbook offers suggested actions and example evidence for each subcategory. The question the NIST RMF answers is: has the organisation identified, measured and managed the risks of a specific AI system in context?

AIUC-1 is the youngest of the three. Launched in 2025 by the Artificial Intelligence Underwriting Company, it is a certification standard built specifically for AI agents and frequently described as a SOC 2 equivalent for agentic systems. Its controls are organised across six domains: Safety, Security, Reliability, Accountability, Data and Privacy, and Society. It maps its threat coverage to MITRE ATLAS and the OWASP Top 10 for agentic applications, and it runs quarterly technical retests between annual audits because agent behaviour changes faster than annual cycles can capture. The question AIUC-1 answers is: will this specific agent behave safely under adversarial conditions, and is that backed by testing an underwriter can rely on?

A management system, a risk framework and an agent-testing standard are three different altitudes. ISO 42001 governs the organisation. The NIST RMF structures the reasoning about a system. AIUC-1 stress-tests the agent. The crosswalk that follows respects those altitudes rather than pretending the rows are equivalent.

The control-mapping crosswalk

The table below maps each ISO/IEC 42001 Annex A control objective to the NIST AI RMF function and categories that carry the strongest evidence overlap, to the AIUC-1 domain most closely aligned, and to the EU AI Act article the same evidence supports. The final column names the single piece of evidence an operator can produce once and reuse across all four. Mappings are directional: a strong overlap means evidence produced for one framework will substantially satisfy the others, not that the requirements are identical.

ISO/IEC 42001 Annex A objective	NIST AI RMF function and categories	AIUC-1 domain	EU AI Act article supported	Shared evidence artefact
A.2 Policies related to AI	GOVERN 1 (policies, processes, procedures)	Accountability	Article 26 (deployer obligations)	Board-approved AI policy with named accountable owner
A.3 Internal organisation	GOVERN 2 and GOVERN 3 (accountability structures, roles, diverse teams)	Accountability	Article 22 (authorised representatives), Article 26	RACI matrix for AI roles and escalation path
A.4 Resources for AI systems	MAP 1 and MAP 3 (context, capabilities and resources)	Reliability	Annex IV (technical documentation, resources)	System resource and dependency inventory
A.5 Assessing impacts of AI systems	MAP 5 and MEASURE 2 (impacts, evaluation of trustworthy characteristics)	Society	Article 27 (fundamental rights impact assessment)	AI system impact assessment (FRIA-aligned)
A.6 AI system life cycle	MAP, MEASURE and MANAGE (development, testing, deployment outcomes)	Reliability and Safety	Article 9 (risk management system), Article 17 (quality management)	Documented development and validation lifecycle
A.7 Data for AI systems	MAP 2 and MEASURE 2 (data provenance, data quality measurement)	Data and Privacy	Article 10 (data and data governance)	Data governance record and provenance log
A.8 Information for interested parties	GOVERN 4 and MAP 5 (transparency, communication to stakeholders)	Accountability and Society	Article 13 (transparency), Article 50 (transparency to users)	User-facing transparency and instructions of use
A.9 Use of AI systems	MANAGE 2 and MANAGE 4 (monitoring, response, human intervention)	Safety and Accountability	Article 14 (human oversight), Article 26(1)(a) (use per instructions)	Human oversight procedure and intervention log
A.10 Third-party and customer relationships	GOVERN 6 (third-party and supply-chain risk)	Security and Accountability	Article 25 (responsibilities along the value chain)	Supplier and value-chain risk register

Two rows deserve a caution. Row A.6 (AI system life cycle) does not map to a single NIST category, because lifecycle management spans MAP (design context), MEASURE (testing) and MANAGE (deployment and monitoring); treating it as a one-to-one mapping understates the work. Row A.5 (impact assessment) overlaps with the EU AI Act Article 27 fundamental rights impact assessment only for the deployers and systems where Article 27 applies, which is a defined subset, not all AI systems.

Where each framework demands something the others do not

A crosswalk is only honest if it shows the gaps as clearly as the overlaps. The following requirements are demanded by one framework and not directly by the others. These are the items that catch operators who assume one certification covers the rest.

Requirement	Required by	Not directly required by	Why it matters
Management review and internal audit on a defined cadence	ISO/IEC 42001 (clauses 9.2, 9.3)	NIST AI RMF, AIUC-1	The auditable governance loop is what makes ISO 42001 certifiable; the others assume but do not mandate it.
Agent-specific adversarial and red-team testing on a quarterly cadence	AIUC-1	ISO 42001, NIST AI RMF (encouraged, not specified)	Agentic behaviour drifts between annual audits; ISO and NIST do not fix a retest interval.
Statement of Applicability justifying control inclusion and exclusion	ISO/IEC 42001 (Annex A use)	NIST AI RMF, AIUC-1	Forces an explicit, defensible record of why each control does or does not apply.
Threat mapping to MITRE ATLAS and OWASP agentic top 10	AIUC-1	ISO 42001, NIST AI RMF	Gives underwriters a concrete, attacker-centric threat model rather than a governance abstraction.
Continuous risk measurement against trustworthy characteristics	NIST AI RMF (MEASURE function)	ISO 42001 (asks for evaluation, not a measurement taxonomy)	The MEASURE function's 4 categories and 22 subcategories give a richer measurement vocabulary than ISO clause 9.
Mandatory conformity assessment and CE marking for high-risk systems	EU AI Act (Article 43, Article 48)	All three voluntary frameworks	None of the three confers a presumption of conformity; only harmonised standards under Article 40 will.

How to use the crosswalk in practice

The value of a crosswalk is operational, not academic. Here is the sequence an operator who already holds one framework should follow to extend coverage to the others without rebuilding documentation.

If you hold ISO/IEC 42001: you have the management-system scaffolding the others assume. Your fastest path to NIST AI RMF alignment is to take your Annex A control evidence and tag it against the NIST functions using the crosswalk table, then close the MEASURE gap by adding a structured risk-measurement taxonomy, which ISO does not prescribe in detail. For AIUC-1, the gap is the agent-specific adversarial testing and the quarterly retest cadence; your management review process already exists, so the new work is the testing programme, not the governance.

If you hold a NIST AI RMF programme: your GOVERN documentation maps to ISO 42001 clause 5 and control objectives A.2 and A.3; your MAP work supports clause 6 and the A.5 impact controls; your MEASURE work supports clause 9. The gap to ISO 42001 certification is the formal management-system apparatus: a defined scope, an AI policy, a Statement of Applicability, internal audit and management review on a cadence. These are real additions, but they are scaffolding around evidence you already produce, not new substantive analysis.

If you hold AIUC-1: you have strong agent-specific technical controls and testing evidence. The gap to ISO 42001 and the NIST RMF is the organisational governance layer: policy, accountability structure, lifecycle documentation and impact assessment beyond the agent itself. AIUC-1 is deliberately narrow and current; extending to a management standard means documenting the organisation around the agent.

In every direction, the principle is the same: produce each governance artefact once, store it in a single source of truth, and tag it against every framework it satisfies. The duplicated, drifting governance document is the failure mode the crosswalk exists to prevent.

How the crosswalk maps to the Agent Certified dimensions

The Agent Certified methodology scores seven dimensions: Trust and Transparency, Context Awareness, Distribution and Scope, Product Safety and Reliability, Governance, System Integration, and Autonomy Envelope. Because the seven dimensions draw on the same underlying governance, data, oversight and risk practices that ISO 42001, the NIST RMF and AIUC-1 each capture from a different angle, evidence produced for any of the three is accepted in an Agent Certified assessment and reduces the gap-analysis and remediation phases.

The mapping is broadly as follows. ISO 42001 control objectives A.2, A.3 and A.10, together with the NIST GOVERN function, supply the bulk of the Governance dimension. ISO A.7 and NIST MAP 2 supply the data-governance evidence that the Agent Certified data and context dimensions require. ISO A.9 and NIST MANAGE 2 and MANAGE 4, alongside AIUC-1 Accountability controls, supply the human-oversight evidence the Context Awareness and Autonomy Envelope dimensions need. AIUC-1 Safety, Security and Reliability controls supply the strongest evidence for Product Safety and Reliability and for System Integration, because they are the most agent-specific and the most adversarially tested of the three.

For the full seven-dimension rubric and weighting, see the methodology page. For how the dimensions map to specific EU AI Act articles, see the seven dimensions to AI Act obligations map. For a higher-level comparison of what each instrument demands and a practical adoption sequence, see NIST AI RMF, ISO 42001 and the EU AI Act: what operators actually need. For the European certification gap that AIUC-1 leaves open, see the AIUC-1 and European certification gap article. For how certification feeds insurance underwriting, see the certification and premium guide on agentinsured.eu.

The limit of any crosswalk

A crosswalk maps requirements; it does not map quality. Two organisations can both satisfy ISO 42001 control A.9 and NIST MANAGE 4 with a human-oversight procedure, and one of those procedures can be a living practice that genuinely catches errors while the other is a document nobody reads. The crosswalk tells you which artefact to produce. It does not tell you whether the artefact reflects reality. That is the work an assessment does, and it is the reason a control mapping is a starting point for compliance, not a finish line. Use the table to avoid duplicated effort and to find your gaps. Then do the substantive work of making each control true.

Frequently asked questions

Does ISO/IEC 42001 map cleanly onto the NIST AI RMF?

The two overlap substantially but do not map one-to-one. ISO/IEC 42001:2023 is a certifiable management system standard with 38 controls across nine Annex A objectives (A.2 to A.10). The NIST AI RMF 1.0 is a voluntary framework with four functions (GOVERN, MAP, MEASURE, MANAGE), 19 categories and roughly 72 subcategories. ISO Annex A controls map most strongly to the NIST GOVERN function (6 categories, 19 subcategories); NIST MAP, MEASURE and MANAGE map more to the ISO operational clauses 6, 8 and 9 than to discrete Annex A controls. The crosswalk is directional, not symmetrical.

If I am certified to ISO 42001, am I also compliant with the EU AI Act?

No. ISO/IEC 42001 certification is voluntary and is not a conformity assessment under Article 43 of Regulation (EU) 2024/1689. CEN and CENELEC are developing harmonised standards under Article 40 that, once cited in the Official Journal, will confer a presumption of conformity; ISO 42001 is not one of those today. It does provide a strong foundation that overlaps with the risk management system (Article 9), technical documentation (Article 11 and Annex IV), record-keeping (Article 12) and human oversight (Article 14) requirements.

How does AIUC-1 fit alongside ISO 42001 and the NIST AI RMF?

AIUC-1 is a 2025 certification standard for AI agents from the Artificial Intelligence Underwriting Company, with controls across six domains (Safety, Security, Reliability, Accountability, Data and Privacy, Society), threat mapping to MITRE ATLAS and the OWASP agentic top 10, and quarterly retests. ISO 42001 governs the management system, the NIST RMF structures risk identification and measurement, and AIUC-1 adds agent-specific technical controls and adversarial testing. They are complementary, and Agent Certified treats all three as evidence sources for its seven dimensions.

How many controls does ISO/IEC 42001 Annex A contain?

ISO/IEC 42001:2023 Annex A contains 38 AI-specific controls organised into nine control objectives, numbered A.2 to A.10, covering AI policy, internal organisation, resources, impact assessment, the AI system life cycle, data, information for interested parties, use of AI systems, and third-party relationships. Annex B provides implementation guidance, and controls are selected and justified through a Statement of Applicability.

Can I reuse my NIST AI RMF documentation for an ISO 42001 audit or an Agent Certified assessment?

Yes, with translation. GOVERN documentation maps to ISO clause 5 and objectives A.2 and A.3; MAP supports clause 6 planning and the A.5 impact controls; MEASURE supports clause 9; MANAGE supports clause 8 and clause 10. ISO 42001 additionally requires the management-system scaffolding (scope, policy, Statement of Applicability, internal audit, management review) that the NIST RMF does not mandate. For an Agent Certified assessment, both ISO 42001 and NIST documentation are accepted evidence and shorten the gap-analysis and remediation phases.

What does a control crosswalk actually save an operator?

It lets you produce evidence once and present it against multiple frameworks. A single human-oversight procedure can satisfy ISO 42001 control A.9, NIST MANAGE monitoring and response outcomes, AIUC-1 Accountability controls and EU AI Act Article 14. The saving is in audit preparation and in avoiding duplicated governance documents that drift out of sync. The crosswalk also exposes genuine gaps, such as AIUC-1 agent-specific adversarial testing or the ISO management-review cadence.

References

ISO/IEC 42001:2023. Information technology, Artificial intelligence, Management system. International Organisation for Standardisation and International Electrotechnical Commission, published December 2023. Clauses 4 to 10 follow the Annex SL high-level structure; Annex A contains 38 controls across nine control objectives (A.2 to A.10); Annex B provides implementation guidance.
NIST AI Risk Management Framework (AI RMF 1.0), NIST AI 100-1, January 2023. Four functions: GOVERN, MAP, MEASURE, MANAGE. 19 categories and approximately 72 subcategories in total; the GOVERN function has 6 categories and 19 subcategories, and the MEASURE function has 4 categories and 22 subcategories. Available at nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf and the NIST AI Resource Center at airc.nist.gov.
NIST AI RMF Playbook. National Institute of Standards and Technology, AI Resource Center. Provides suggested actions, informative references and example evidence outputs for each AI RMF subcategory. Available at airc.nist.gov/airmf-resources/playbook.
AIUC-1. The Artificial Intelligence Underwriting Company, launched 2025. Controls organised across six domains (Safety, Security, Reliability, Accountability, Data and Privacy, Society), with threat mapping to MITRE ATLAS and the OWASP Top 10 for agentic applications, annual audits and quarterly technical retests. AIUC launched with a USD 15 million seed round; ElevenLabs was reported as the first certified company. See prnewswire.com release dated 2025 and reinsurancene.ws coverage.
Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 (EU Artificial Intelligence Act). OJ L, 2024/1689. Article 9 (risk management system), Article 10 (data governance), Article 11 and Annex IV (technical documentation), Article 13 (transparency), Article 14 (human oversight), Article 25 (responsibilities along the value chain), Article 26 (deployer obligations), Article 27 (fundamental rights impact assessment), Article 40 (harmonised standards), Article 43 (conformity assessment), Article 50 (transparency obligations).
CEN-CENELEC JTC 21 standardisation request from the European Commission (Implementing Decision C(2023)3215) for harmonised standards supporting the AI Act under Article 40. Harmonised standards cited in the Official Journal confer a presumption of conformity; ISO/IEC 42001 is not currently a harmonised standard for that purpose.