Frameworks · 5 shipped, 1 provisional
Voluntary best-practice standards mapped to the Regulus audit chain.
Frameworks differ from regulations. Regulations are mandatory and jurisdiction-specific. Frameworks are voluntary, globally adopted best-practice standards. Internal-audit teams use them to demonstrate maturity to stakeholders, ratings agencies, and certification bodies.
- NIST
NIST AI RMF 1.0
US National Institute of Standards and Technology Artificial Intelligence Risk Management Framework — GOVERN, MAP, MEASURE, MANAGE functions.
- NIST
NIST AI RMF 600-1 GenAI Profile
NIST's Generative AI profile (NIST.AI.600-1) adding 12 GenAI-specific risks layered on top of the AI RMF core functions.
- NIST Provisional
NIST AI RMF Agent Interop Profile
NIST's draft AI RMF profile for agent interoperability. Provisional in Regulus — uses April 2026 concept IDs; v1.0 GA expected Q4 2026.
- ISO/IEC
ISO/IEC 42001:2023
Certifiable management-system standard for AI — clauses 4–10 + Annex A controls. Regulus ships a Statement of Applicability (SoA) generator.
- ISO/IEC
ISO/IEC 23894:2023
AI risk-management guidance — companion to ISO 31000, focused on AI lifecycle risks. Mapped to Regulus model-risk + audit controls.
- ISO/IEC
ISO/IEC 23053:2022
Framework for AI systems using machine learning — terminology and lifecycle. Used as the conceptual model behind Regulus's model-risk taxonomy.
How frameworks pair with regulations
Activate a framework alongside one or more regulations.
Framework citations land in the audit envelope on every event,
next to the regulation citation. Example: an EU AI Act DENY
decision carries eu-ai-act:Article-9.4 alongside
nist-ai-rmf:MANAGE-2.1 and iso-42001:8.4.
Your internal-audit team filters by either citation set to build
the coverage report.