Skip to content

SDOS Runtime Governance Framework — ISO 42001 Alignment

Control Mapping to ISO/IEC 42001:2023

SDOS Version: 1.9
Standard: ISO/IEC 42001:2023 — Artificial Intelligence Management System
Published: December 2023
Document Date: 2026-05-03
Authoring Organization: AAM Cyber (aamcyber.com)
Inventor: Pharns Genece

SDOS Control Catalog: View full control definitions


Purpose

This document maps the controls of the SDOS Runtime Governance Framework to ISO/IEC 42001:2023. It is intended to assist AI governance leads, CISOs, and quality management teams evaluating SDOS as a technical control layer within an ISO 42001 Artificial Intelligence Management System (AIMS).

This is an informative alignment document. It does not constitute an ISO 42001 certification assessment or a determination of AIMS conformance. Organizations must engage accredited certification bodies for formal ISO 42001 certification audits.


Applicability

This document applies to organizations building or operating an ISO 42001 AIMS that includes agentic AI workflows. It is relevant when:

  • The organization is implementing Clause 8 (Operation) controls that address AI system deployment and monitoring, or
  • The AIMS scope includes agentic AI systems where runtime enforcement is required, or
  • A conformance team is documenting how technical controls satisfy ISO 42001 Annex A objectives.

This document focuses on ISO 42001's operational and technical clauses. Management system clauses addressing leadership, context of the organization, and planning (Clauses 4–6) are largely organizational obligations outside the operational boundary of a runtime governance framework.

SDOS Control Catalog Summary

The full control catalog with per-control descriptions, evidence types, and related control dependencies is published at /sdos/reference/v1/. The 24 SDOS controls comprising the public runtime control set are:

Control ID Title
SDOS-GV-01 Configuration-Governed Module Activation
SDOS-GV-02 Governance-Tiered Model Selection
SDOS-GV-03 Default-Deny Pre-Admission Policy
SDOS-GV-04 Cross-Module Governance Continuity
SDOS-GV-05 Model-Alignment-Independent Policy Enforcement
SDOS-RM-01 Dispatch-Time Risk Classification
SDOS-RM-02 Complexity-Tiered Resource Allocation
SDOS-RM-03 Risk-Floor Model Binding
SDOS-AD-01 Default-Deny Agent Pre-Admission
SDOS-IA-01 Attested Agent Identity
SDOS-IA-02 Attested Module Identity
SDOS-IN-01 Governance Baseline Integrity Verification
SDOS-IN-02 Baseline Drift Detection and System Halt
SDOS-IN-03 Module Manifest Integrity
SDOS-EN-01 Pre-Egress Policy Enforcement
SDOS-EN-02 Subordinate-Side Enforcement Gate
SDOS-EN-03 Fail-Closed Degradation
SDOS-EN-04 Governed Egress with Tamper-Evident Audit
SDOS-AU-01 Per-Invocation Audit Record
SDOS-AU-02 Append-Only Audit Log Integrity
SDOS-AU-03 Dual Audit Trail
SDOS-DE-01 Governed Multi-Agent Deliberation
SDOS-DE-02 Convergence-Based Decision Record
SDOS-RS-01 Governed Return on Safety Investment (ROSI) Evaluation

How to Use This Document

Assessor Use Notice

Mapping strength reflects the framework's design coverage of the cited requirement. Operating effectiveness is a property of a specific deployment and must be tested per engagement. Assessors should treat all mappings as control-design assertions requiring implementation verification — including evidence collection, sample selection, and testing against the assessor's own audit objective. The strength rating is the starting point for an assessor's testing plan, not a substitute for it.

Mapping Strength Legend

Rating Meaning
Strong SDOS provides a direct, mechanism-specific technical implementation of the ISO 42001 control.
Partial — [qualifier] SDOS addresses a defined subset. The qualifier identifies what is covered and what requires additional controls.
Weak — Substrate Only SDOS produces data or infrastructure that enables conformance but does not itself satisfy the control.
Out of Scope The control falls entirely outside the operational boundary of a runtime governance framework.

ISO 42001 Structure Reference

ISO 42001 is organized as a management system standard following the ISO High-Level Structure (HLS):

Section Content
Clauses 4–6 Context, Leadership, Planning — organizational obligations
Clause 7 Support — resources, competence, awareness, documentation
Clause 8 Operation — AI system lifecycle, risk treatment, deployment
Clause 9 Performance Evaluation — monitoring, audit, review
Clause 10 Improvement — nonconformity, corrective action
Annex A AI controls (A.2–A.10) — referenced in Clause 6.1 risk treatment

Glossary

Term Definition
AIMS Artificial Intelligence Management System — the ISO 42001 framework for governing AI development and use
AI system An engineered system that generates outputs such as predictions, recommendations, decisions, or content
AI system impact assessment ISO 42001's structured process for evaluating AI system effects on individuals and society
Point of dispatch The moment a task is assigned to an agent before tool execution; the primary SDOS enforcement boundary
Governed egress Outbound operations subject to pre-execution policy enforcement before results are returned
Fail-closed degradation SDOS-EN-03 defines three failure modes: (1) infrastructure unavailability — pre-authorized operations may continue under a documented degradation policy; (2) baseline integrity failure — all governed operations halt immediately; (3) partial-degradation states governed by an integrity-verified degradation policy. See EN-03 control definition.

Scope Statement

SDOS operates at the point of dispatch. In an ISO 42001 AIMS context, SDOS implements the operational and technical controls required by Clause 8 and Annex A — specifically those governing how AI systems are deployed, what they are permitted to do, and how their operations are recorded.

Within scope: AI system operational controls (Clause 8), monitoring and measurement (Clause 9.1), and Annex A technical controls (A.6 Data, A.7 Information for Interested Parties, A.8 Use of AI Systems, A.9 Human Oversight, A.10 Documentation and Configuration).

Outside SDOS Operational Boundary (must be addressed by complementary organizational controls):

Clause / Annex Content Why Out of Scope
Clause 4 Context of the organization Organizational/governance obligation
Clause 5 Leadership Executive and board-level obligation
Clause 6 Planning Risk planning — pre-deployment
Clause 7 Support Competence, resources, communication
Annex A.3 Responsibilities for AI systems Accountability assignment — organizational
Annex A.4 Impact assessment Risk assessment process — pre-deployment
Annex A.5 AI system lifecycle SDLC controls — pre-deployment

Strongest Alignment: Clause 8 and Annex A.6.2 / A.9

Clause 8.4 — AI System Operation

ISO 42001 Clause 8.4 requires that organizations implement controls to ensure AI systems operate within defined boundaries and that outputs are monitored. SDOS directly implements this at the dispatch layer:

  • SDOS-GV-01 ensures AI systems operate only within explicitly configured module boundaries.
  • SDOS-EN-01 and SDOS-EN-02 enforce operational boundaries at the pre-egress and subordinate module levels.
  • SDOS-GV-05 ensures enforcement is independent of model alignment — policy applies regardless of AI behavior.

Annex A.9 — Use of AI Systems

Annex A.9 controls require that AI systems are used within their intended purpose and that deviations are detected. SDOS implements:

  • SDOS-RM-01 classifies every task at dispatch against defined risk tiers, providing a continuous intended-purpose boundary check.
  • SDOS-GV-03 and SDOS-AD-01 enforce that only registered, admitted agents operate — preventing use outside intended scope.
  • SDOS-IN-01 and SDOS-IN-02 detect drift from the governance baseline, surfacing deviations before they propagate.

Annex A.6.2 — AI System Lifecycle (Verification and Operation)

Annex A.6.2 requires verification, validation, deployment, operation, and event-log recording controls. SDOS provides:

  • SDOS-EN-03 implements fail-closed degradation — when governance infrastructure is unavailable, operations halt rather than continuing unmonitored.
  • SDOS-AU-01, SDOS-AU-02, and SDOS-AU-03 produce tamper-evident audit records that enable human review of all AI agent operations.
  • SDOS-DE-01 (Deliberation domain) provides governed multi-agent deliberation — structured evaluation by multiple agents with panel composition defined by governance policy rather than agent self-selection. Convergence is a deliberation signal, not a human oversight substitute; DE-01 supports but does not replace the human oversight obligations in A.9.

Clause 9.1 — Monitoring, Measurement, Analysis, and Evaluation

Clause 9.1 requires continuous monitoring of AI system performance and conformance. SDOS provides:

  • SDOS-AU-01 generates per-invocation records that feed monitoring and measurement workflows.
  • SDOS-IN-01 and SDOS-IN-02 provide automated baseline integrity verification with halt response on detected drift.
  • SDOS-RM-01 and SDOS-RM-02 provide continuous dispatch-time risk classification data.

Full Mapping Table

Note: Annex A sub-clause numbers (A.6.2.x, A.7.x, A.8.x, A.9.x) reflect the ISO/IEC 42001:2023 structure as applied during the v1.1 alignment pass. Organizations conducting formal AIMS conformance assessments should verify Annex A sub-clause numbers against their licensed copy of the standard, as sub-clause numbering is not reproduced in public-access sources.

ISO 42001 Clause / Annex SDOS Controls Mapping Strength Notes
8.3 AI risk treatment RM-01, RM-02, RM-03 Partial — Runtime Treatment Measures Dispatch-time risk classification (RM-01), complexity-tiered resource allocation (RM-02), and risk-floor binding (RM-03) implement risk treatment measures at execution. Clause 8.3's treatment planning obligations — identifying treatment options, evaluating alternatives, documenting treatment plans — are organizational processes that precede and surround runtime enforcement.
8.4 AI system operation GV-01, EN-01, EN-02, GV-05 Strong Config-governed activation + pre-egress enforcement + model-alignment-independent policy = operational boundary enforcement. Clause 8.4 is the tightest ISO 42001 fit for SDOS: runtime enforcement of operational boundaries is the core SDOS function.
8.5 AI system documented information AU-01, AU-02, AU-03 Partial — Operational Event Records Per-invocation audit records (AU-01), append-only integrity (AU-02), and dual trail (AU-03) produce the operational event logs required by Clause 8.5. Clause 8.5's full documented information obligation spans procedure documentation, AI system documentation, and records across the AIMS lifecycle — SDOS satisfies the operational event-record component.
9.1 Monitoring, measurement, analysis, evaluation AU-01, IN-01, IN-02, RM-01 Strong Continuous audit generation + baseline drift detection + dispatch-time classification = monitoring substrate
9.2 Internal audit AU-01, AU-02, IN-01 Partial — audit data SDOS generates auditable records and baseline state; formal internal audit program is an organizational obligation
9.3 Management review AU-01, AU-03, IN-01 Weak — Substrate Only SDOS provides evidence for management review; the review process itself is organizational
10.2 Nonconformity and corrective action IN-02, EN-03, AU-01 Partial — detection scope Baseline drift detection + fail-closed halt = nonconformity detection; corrective action process is organizational
A.7.2 Data for AI systems GV-01, EN-01, AU-01 Partial — dispatch scope Dispatch-time access policy + pre-egress enforcement cover AI agent data access; data storage governance is out of scope
A.7.3 Acquisition of data AU-01, RM-01 Weak — Substrate Only SDOS logs data access at dispatch; risk classification identifies tasks where data quality is high-impact but does not assess or validate data quality directly. Data quality and acquisition governance are pre-deployment obligations.
A.7.4 Quality of data for AI systems AU-01, RM-01 Weak — Substrate Only SDOS does not assess or validate data quality. Quality controls operate pre-deployment.
A.6.2.4 Verification and validation of the AI system IN-01, IN-02, IN-03 Strong Governance baseline integrity + drift detection + module manifest integrity = operational verification at dispatch
A.6.2.6 AI system deployment GV-01, GV-03, AD-01 Strong Configuration-governed activation + default-deny admission = governed deployment behavior
A.6.2.8 AI system recording of event logs AU-01, AU-02, AU-03, EN-04 Strong Per-invocation records + append-only integrity + tamper-evident egress audit = complete operation log substrate
A.9.2 Processes for responsible use of AI systems RM-01, GV-03, AD-01 Partial — Runtime Enforcement Layer Dispatch-time risk classification (RM-01) and default-deny admission (GV-03, AD-01) provide the runtime enforcement layer for A.9.2's responsible-use requirement. A.9.2's full scope includes acceptable-use policy definition and user training — organizational obligations outside SDOS boundary.
A.9.3 Objectives for responsible use of AI systems EN-03, AU-01, AU-02 Partial — Technical Measures Fail-closed degradation + tamper-evident audit support responsible-use objectives; the objectives themselves are organizational
A.9.4 Intended use of the AI system RM-01, GV-01, GV-02 Strong Dispatch-time risk classification + configuration-governed module activation enforce intended-use boundaries at runtime
A.8.2 External reporting AU-01, AU-02, AU-03 Partial — audit scope Tamper-evident audit records provide evidence for external reporting; communication obligations are organizational
A.8.3 Communication of incidents AU-01, IN-01, IN-02 Weak — Substrate Only SDOS produces detection signals; communication procedures and channels are organizational
A.10 Documentation of AI systems AU-01, AU-02, AU-03, GV-01 Partial — Operational Records A.10 requires documentation of AI systems including their purpose, design characteristics, and operational logs. SDOS produces the operational event-record layer (AU-01/02/03) and configuration documentation (GV-01); AI system design documentation and purpose records are pre-deployment organizational obligations outside SDOS scope.

Mapping by SDOS Domain

Governance (GV)

Control ISO 42001 Relevance
SDOS-GV-01 — Configuration-Governed Module Activation Clause 8.4: AI system operation within defined boundaries; A.6.2.6: deployment governance
SDOS-GV-02 — Governance-Tiered Model Selection A.9.2/A.9.4: intended-use tiering
SDOS-GV-03 — Default-Deny Pre-Admission Policy A.9.2: intended-use boundary enforcement
SDOS-GV-04 — Cross-Module Governance Continuity A.6.2.6: deployment continuity across module boundaries
SDOS-GV-05 — Model-Alignment-Independent Policy Enforcement Clause 8.4: operational boundary enforcement independent of model behavior

Risk Management (RM)

Control ISO 42001 Relevance
SDOS-RM-01 — Dispatch-Time Risk Classification Clause 8.3: operational risk treatment; A.9.2/A.9.4: continuous intended-use verification
SDOS-RM-02 — Complexity-Tiered Resource Allocation Clause 8.3: risk-proportionate resource allocation
SDOS-RM-03 — Risk-Floor Model Binding A.9.2: minimum capability floor as risk treatment

Enforcement (EN)

Control ISO 42001 Relevance
SDOS-EN-01 — Pre-Egress Policy Enforcement Clause 8.4: operational boundary enforcement
SDOS-EN-02 — Subordinate-Side Enforcement Gate Clause 8.4: secondary boundary enforcement at module level
SDOS-EN-03 — Fail-Closed Degradation A.9.3: responsible-use technical measures
SDOS-EN-04 — Governed Egress with Tamper-Evident Audit A.6.2.8: event log recording for every governed output

Identity and Attestation (IA)

Control ISO 42001 Relevance
SDOS-IA-01 — Attested Agent Identity A.6.2.6: deployed agent identification; A.9.3: accountability chain
SDOS-IA-02 — Attested Module Identity A.6.2.6: module identity is verified before activation

Audit (AU)

Control ISO 42001 Relevance
SDOS-AU-01 — Per-Invocation Audit Record Clause 9.1: monitoring substrate; A.6.2.8: event log recording
SDOS-AU-02 — Append-Only Audit Log Integrity A.6.2.8: tamper-protection for operation logs
SDOS-AU-03 — Dual Audit Trail A.6.2.8/A.8.2: redundant logs for review and reporting

Integrity (IN)

Control ISO 42001 Relevance
SDOS-IN-01 — Governance Baseline Integrity Verification A.6.2.4: verification of governance configuration
SDOS-IN-02 — Baseline Drift Detection and System Halt Clause 10.2: nonconformity detection with halt response
SDOS-IN-03 — Module Manifest Integrity A.6.2.4: integrity verification before module activation

Deliberation (DE)

Control ISO 42001 Relevance
SDOS-DE-01 — Governed Multi-Agent Deliberation A.9.3: responsible-use technical measure (deliberation signal, not human oversight substitute)
SDOS-DE-02 — Convergence-Based Decision Record A.9.2/A.9.3: intended-use monitoring; Clause 9.1: performance evaluation

Admission (AD)

Control ISO 42001 Relevance
SDOS-AD-01 — Default-Deny Agent Pre-Admission A.9.2: default-deny as intended-use enforcement foundation

Risk Measurement (RS)

Control ISO 42001 Relevance
SDOS-RS-01 — Governed ROSI Evaluation Clause 9.1: monitoring, measurement, analysis, and evaluation — RS-01 provides quantified evidence that governance overhead produces measurable risk reduction, directly supporting the AIMS performance evaluation obligation; A.9.2: operational data supporting responsible-use process review

ISO 42001 Alignment Differentiated: The Deliberation Domain

ISO 42001 is the only framework in the SDOS alignment library where the Deliberation (DE) domain has a strong alignment path. Where CIS Controls v8, DORA, and PCI-DSS have no analog for multi-model deliberation, ISO 42001 Annex A.9 (Human Oversight) and A.8.2 (Intended Use) directly support DE domain controls.

This is architecturally significant: ISO 42001 was designed for AI systems specifically. Frameworks like PCI-DSS and HIPAA govern environments where AI might operate. ISO 42001 governs AI itself — creating a tighter fit with AI-native controls like deliberation, bias detection, and alignment-independent enforcement.


Relationship to Other Frameworks

SDOS is also mapped to NIST AI RMF 1.0, EU AI Act, DORA, HIPAA, PCI-DSS v4.0, and CIS Controls v8. For organizations pursuing multi-framework alignment, SDOS controls address overlapping technical requirements simultaneously.

ISO 42001 and the EU AI Act have significant structural overlap. Organizations subject to both should note that the EU AI Act's high-risk AI system requirements (Article 9 risk management, Article 12 logging, Article 14 human oversight) map to the same SDOS controls that satisfy ISO 42001 Clause 8 and Annex A.8/A.9.

Full NIST AI RMF mapping: SDOS Control Catalog and Reference Document v1.10


Architectural Positioning

SDOS operates at the dispatch-time enforcement layer — the moment immediately before an AI agent invokes a tool, makes a decision, or produces an output. The SDOS framework does not replace organizational, physical, or personnel cybersecurity controls. It provides a runtime layer that enforces governance policy at the boundary where AI agents act, adding an architectural layer of cybersecurity assurance for AI-augmented operations.

For alignment purposes, SDOS supports the operational and technical requirements addressing how AI-driven cyber operations are deployed, monitored, and audited. Requirements addressing the organizational, physical, or personnel layer fall outside the SDOS scope and require separate controls.

Maintenance

This document is maintained by AAM Cyber as part of the SDOS Reference Library. The library currently covers 17 framework alignments: NIST AI RMF 1.0, NIST CSF 2.0, NIST SP 800-53 Rev 5.2.0, NIST AI 600-1, EU AI Act, DORA, HIPAA, PCI-DSS v4.0, CIS Controls v8, ISO 42001, FedRAMP Rev 5, CMMC 2.0, SOC 2, NAIC MDL-668, NERC CIP, IEEE P2863 (draft), and FAA UAS/AAM (principles-mapped). Version history for every framework alignment is published at /sdos/reference/changelog/.

Subsequent updates to this alignment page will be issued when: (1) screening feedback from a recognized standards body requires revision, (2) the focal framework releases a revision requiring mapping review, or (3) SDOS controls are added or retired affecting the alignment.

Intellectual Property

The SDOS Runtime Governance Framework was invented by Pharns Genece. Aspects of the framework are the subject of pending U.S. Provisional Patent Applications 64/029,300, 64/049,300, 64/067,427, 64/069,200, and 64/076,620. The scope of pending claims is defined by the as-filed specifications and is not coextensive with the descriptions in this control catalog. AAM Cyber, all rights reserved unless otherwise indicated.

Patent inquiries should be directed to AAM Cyber at aamcyber.com.


Contact

AAM Cyber
aamcyber.com

Questions about SDOS framework alignment with ISO 42001 requirements: [email protected]


SDOS Runtime Governance Framework — ISO/IEC 42001:2023 Alignment. Version 1.3. Published 2026-05-03.

View library changelog →