A practical guide to the AI governance frameworks that now apply to AI agents — NIST AI RMF, ISO/IEC 42001, and the EU AI Act — and how Strac enforces the technical controls they require, then maps them to audit-ready evidence via Strac Comply.
A chatbot answers questions. An AI agent acts — it queries your databases, reads your CRM, opens tickets, edits records, and exports data, all on a user's behalf and often through Model Context Protocol (MCP) connectors. The moment an agent can reach regulated data and take actions, it stops being a productivity feature and becomes a system that regulators, auditors, and customers expect you to govern.
That's the shift the major frameworks are responding to. AI governance used to mean "do we have an AI policy?" Now it means a concrete set of questions about every agent you run:
An AI governance program that only answers the first question on paper fails the next four in practice. The frameworks below define those expectations; the rest of this guide explains each one and shows where the controls have to actually live.
The NIST AI Risk Management Framework (AI RMF 1.0), published in January 2023, is the US government's voluntary, sector-agnostic standard for managing AI risk across the system lifecycle. It's structured around four interconnected functions — read them as the official NIST AI 100-1 publication defines them:
For an AI agent specifically, the RMF stops being abstract fast. Map means knowing every agent connected to your environment and what data each can reach — you can't map a system you haven't discovered. Measure means observing what those agents actually do with sensitive data, not estimating it. Manage means having an enforcement mechanism — redact, block, gate — when a measured risk shows up in a live tool call. Govern ties it together with policy and accountability.
The RMF is voluntary and outcome-based: it tells you what good risk management looks like, not which product to buy. That's deliberate — but it also means the framework is only as real as the technical controls you put behind Map, Measure, and Manage.
ISO/IEC 42001:2023 is the world's first certifiable AI management system (AIMS) standard. If ISO 27001 is the management system for information security, ISO 42001 is its counterpart for AI — and it follows the same structure: high-level management-system requirements in Clauses 4–10 (context, leadership, planning, support, operation, performance evaluation, improvement) plus a reference set of controls in Annex A and implementation guidance in Annex B. You can review the scope on the official ISO/IEC 42001 standard page.
Annex A is where ISO 42001 gets specific to AI. It contains a reference set of AI-specific controls organized into control objectives spanning AI policy, internal organization, resources, AI impact assessment, the AI system life cycle, data for AI systems, information for interested parties, responsible use of AI, and third-party relationships. Unlike ISO 27001, these controls address AI-native concerns — bias, transparency, explainability, and human oversight.
For AI agents, the load-bearing Annex A domains are the ones about data and the AI system life cycle. An agent connected to your SaaS and cloud stack is an operational AI system processing data continuously, so the standard expects you to control the data feeding it, document its behavior, and monitor it through its life cycle. The management-system clauses then require you to demonstrate that those controls operate — which, like every ISO standard, comes down to evidence: records that the control exists, runs, and is reviewed.
ISO 42001 is appealing precisely because it's certifiable — a third-party auditor signs off, and you can show customers a certificate. But certification turns on operating evidence. A documented data-governance control with no logs of it actually inspecting agent traffic is a finding, not a pass.
The EU AI Act is the difference between voluntary and binding. Where NIST and ISO are frameworks you adopt, the AI Act is law, with obligations that scale by risk tier — and high-risk AI systems carry the heaviest. The articles most relevant to AI agents (each linked to the authoritative consolidated text) read almost like a controls checklist:
An AI agent operating in a regulated domain — finance, healthcare, employment, critical services — can fall squarely into the high-risk tier, which means data governance, record-keeping, and human oversight stop being best practices and become legal requirements. Article 12's record-keeping mandate in particular is unforgiving: you need an automatic, tamper-evident log of what every agent did, not a quarterly screenshot. That's a technical control, not a policy document.
Here's the throughline across all three frameworks: they ask for the same handful of operational controls, in different vocabulary. Discover the AI systems. Govern the data they touch. Oversee high-risk actions. Log everything. Strac implements each of those as an actual enforcement point in the agent's data path — and Strac Comply maps each back to the specific clause that demands it.
For how each of these controls is implemented in the agent data path, see the sibling guides on discovering AI agents, protecting AI agents, and monitoring AI agents.
This is the difference that matters, and it's where most of the AI-governance market falls short.
A GRC or attestation-only platform helps you document a control. It collects your policy, stores your AI risk assessment, and answers the security questionnaire. What it cannot do is sit in the path of an AI agent and actually inspect, redact, or block sensitive data — because it has no presence in the data flow. When an auditor asks "show me the evidence this control operated," an attestation tool can point to a policy PDF; it cannot show a log of the control stopping a real exposure, because there is no control, only a description of one.
Strac is built the other way around. The control comes first; the evidence is a byproduct.
Then Strac Comply does the mapping. It takes the controls Strac is already enforcing and ties them to specific NIST AI RMF functions, ISO/IEC 42001 Annex A controls, and EU AI Act articles, then assembles audit-ready evidence on demand — the same way it does for SOC 2 and ISO 27001. One system enforces the control and produces the proof, framework-agnostic across SOC 2, ISO 27001, ISO 42001, GDPR, HIPAA, PCI, and the EU AI Act.
That "enforce + prove" bundle is the part a documentation-only tool structurally cannot replicate — it would need to live in the data path, which is where Strac already is.
An AI governance framework is a structured set of requirements for managing the risks of AI systems across their lifecycle — covering data governance, access control, monitoring, human oversight, and record-keeping. The three that matter most today are the NIST AI RMF (US, voluntary), ISO/IEC 42001 (international, certifiable), and the EU AI Act (binding law). They overlap heavily on what controls AI systems and AI agents must have.
The NIST AI RMF is a voluntary US framework structured as four functions (Govern, Map, Measure, Manage) that describe what good AI risk management looks like, without certification. ISO/IEC 42001 is an international, certifiable AI management system standard — a third party audits you and issues a certificate — built around management-system clauses plus Annex A controls. Many organizations use the NIST AI RMF to shape their program and pursue ISO 42001 certification to prove it. Strac Comply maps your Strac controls to both.
Yes. The EU AI Act regulates AI systems by risk tier, and an AI agent that operates in a regulated domain (finance, healthcare, employment, critical infrastructure) can fall into the high-risk tier. High-risk systems carry binding obligations including data governance (Article 10), automatic record-keeping (Article 12), and human oversight (Article 14) — all of which apply to how an agent reads, acts on, and logs its handling of data.
A GRC or attestation tool documents controls — it stores your policies and AI risk assessments and answers questionnaires, but it has no presence in the data flow, so it can't actually inspect or stop what an agent does. An AI governance tool like Strac sits in the agent's data path and enforces the control — discovering agents, redacting sensitive data, gating high-risk actions, and logging every call — then produces the evidence as a byproduct. You need the enforcement to satisfy the frameworks; the documentation alone won't survive an audit that asks whether the control actually operated.
Yes — that's the point of the enforce-plus-prove model. Strac enforces the underlying technical controls once (discover agents, protect data, oversee actions, log everything), and Strac Comply maps that single set of controls to NIST AI RMF functions, ISO/IEC 42001 Annex A controls, and EU AI Act articles simultaneously, generating audit-ready evidence for each. It's framework-agnostic, so the same control set also covers SOC 2, ISO 27001, GDPR, HIPAA, and PCI.
No, but they're built to fit together. ISO 27001 is the management system for information security; ISO/IEC 42001 is the management system for AI, sharing the same clause structure but with an Annex A focused on AI-specific concerns — bias, transparency, explainability, human oversight, and data for AI systems. Organizations that already hold ISO 27001 often find 42001 a natural extension, and Strac Comply manages ISO 27001 and ISO 42001 evidence side by side.
Increasingly: an inventory of every AI agent and what data it can reach, proof that sensitive data is controlled before reaching a model, records of how high-risk actions are gated and overseen, and a complete, traceable log of every agent action (the EU AI Act Article 12 requirement). Strac produces all four automatically — discovery maps, redaction policies, oversight gates, and per-call audit logs — and Strac Comply packages them against the framework clause being audited.
The AI governance frameworks have converged. NIST AI RMF, ISO/IEC 42001, and the EU AI Act use different language and carry different legal weight, but they ask for the same things from your AI agents: know what they can reach, govern the data they touch, oversee what they do, and keep an auditable record of all of it.
The gap most teams hit is that those are technical controls, and most AI-governance tooling only produces paperwork. Strac is the layer that actually enforces them in the agent's data path — discover, protect, oversee, log — and Strac Comply turns that enforcement into audit-ready evidence mapped to every framework clause. Enforce the control and prove it, from one system.
If AI agents are reaching into your regulated data — or are about to — book a 30-minute demo. We'll map your specific agents against NIST AI RMF, ISO 42001, and the EU AI Act, and show you the controls and the evidence side by side.
For the broader program this sits inside, start with the AI Agent Governance hub and the AI Data Governance framework.
.avif){kind=icon}
.gif)
.webp)
