The table below shows the stats for all of the mappings across all of the documents mapped. For each document, you can see how many of it’s recommendations/requirements were mapped to each principle plus how many were outliers. Totals are also included.
| Document | Total Mapped | Principle | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | ||
| ETSI – EN 304 223 – Securing Artificial Intelligence (SAI); Baseline Cyber Security Requirements for AI Models and Systems | 72 | 5 | 9 | 7 | 5 | 7 | 6 | 6 | 6 | 6 | 5 | 4 | 4 | 2 |
| ETSI – TR 104 128 – Securing Artificial Intelligence (SAI); Guide to Cyber Security for AI Models and Systems | 72 | 5 | 9 | 7 | 5 | 7 | 6 | 6 | 6 | 6 | 5 | 4 | 4 | 2 |
| ETSI – TS 104 224 – Securing Artificial Intelligence (SAI); Explicability and transparency of AI processing | 6 | 0 | 0 | 0 | 0 | 3 | 0 | 0 | 3 | 0 | 0 | 0 | 0 | 0 |
| ETSI – TR 104 048 – Securing Artificial Intelligence (SAI); Data Supply Chain Security | 18 | 1 | 0 | 1 | 0 | 3 | 6 | 4 | 0 | 0 | 0 | 1 | 2 | 0 |
| ETSI – TR 104 222 – Securing Artificial Intelligence; Mitigation Strategy Report | 50 | 0 | 42 | 0 | 0 | 3 | 0 | 1 | 0 | 1 | 0 | 0 | 3 | 0 |
| NIST – AI RMF 1.0 | 72 | 5 | 8 | 19 | 4 | 2 | 0 | 3 | 5 | 11 | 4 | 4 | 4 | 1 |
| OWASP – OWASP Top 10 for Agentic Applications for 2026 | 86 | 0 | 16 | 0 | 9 | 5 | 31 | 4 | 0 | 4 | 2 | 1 | 14 | 0 |
| OWASP – LLM Top 10 | 85 | 0 | 16 | 0 | 2 | 15 | 17 | 6 | 2 | 5 | 7 | 1 | 7 | 0 |
| OWASP – OWASP Model Context Protocol (MCP) Top 10 | 88 | 1 | 14 | 0 | 7 | 12 | 24 | 3 | 2 | 1 | 0 | 3 | 16 | 0 |
| OWASP – AI Exchange | 18 | 3 | 4 | 0 | 1 | 4 | 0 | 0 | 0 | 2 | 2 | 0 | 0 | 0 |
| MITRE – ATLAS Framework | 35 | 1 | 10 | 0 | 1 | 7 | 9 | 1 | 1 | 1 | 0 | 0 | 1 | 0 |
| MITRE – SAFE-AI | 40 | 0 | 9 | 1 | 0 | 10 | 10 | 6 | 0 | 0 | 0 | 2 | 1 | 0 |
| Multi Agency – Guidelines for secure AI system development | 17 | 1 | 3 | 1 | 0 | 1 | 3 | 1 | 1 | 1 | 1 | 1 | 2 | 0 |
| European Commission – Assessment List for Trustworthy Artificial Intelligence (ALTAI) | 7 | 0 | 2 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
| European Commission – Ethics guidelines for trustworthy AI | 35 | 1 | 3 | 3 | 2 | 1 | 2 | 0 | 5 | 3 | 2 | 0 | 0 | 0 |
| Personal Data Protection Commission Singapore (PDPC) – Model Artificial Intelligence Governance Framework Second Edition | 35 | 4 | 1 | 4 | 3 | 1 | 0 | 0 | 3 | 6 | 6 | 0 | 4 | 0 |
| Google – Secure AI Framework | 24 | 1 | 4 | 1 | 1 | 3 | 2 | 2 | 0 | 3 | 3 | 0 | 3 | 0 |
| CoSAI – Establish Risks and Controls for the AI Supply Chain | 36 | 0 | 2 | 0 | 0 | 10 | 7 | 6 | 4 | 4 | 0 | 0 | 3 | 0 |
| CoSAI – AI Incident Response Framework | 23 | 1 | 0 | 1 | 1 | 3 | 3 | 0 | 1 | 1 | 2 | 1 | 5 | 0 |
| CoSAI – Model Context Protocol (MCP) Security | 14 | 0 | 1 | 0 | 1 | 2 | 6 | 1 | 1 | 0 | 1 | 0 | 1 | 0 |
| Microsoft – Cloud Adoption Framework – Secure AI | 13 | 2 | 1 | 1 | 0 | 3 | 3 | 0 | 0 | 1 | 0 | 0 | 2 | 0 |
| Microsoft – Responsible AI Standard | 87 | 0 | 11 | 11 | 5 | 2 | 0 | 2 | 17 | 21 | 8 | 0 | 2 | 0 |
| IBM – IBM Framework for Securing Generative AI | 5 | 0 | 1 | 0 | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
| Cloud Security Alliance (CSA) – AI Controls Matrix | 243 | 7 | 16 | 25 | 8 | 37 | 50 | 8 | 14 | 10 | 6 | 6 | 22 | 3 |
| OpenAI – Preparedness Framework | 11 | 0 | 5 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
| OpenAI – Safety Best Practices | 8 | 0 | 3 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 1 | 0 |
| Model Context Protocol – Security Best Practices | 6 | 0 | 0 | 0 | 0 | 0 | 6 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| NIST – SP 800-218A | 48 | 5 | 3 | 2 | 2 | 8 | 3 | 3 | 6 | 8 | 1 | 1 | 4 | 0 |
| Atlantic Council – Securing data in the AI supply chain | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 3 | 0 | 0 | 0 | 0 | 0 | 0 |
| NIST – AI 800-1 | 94 | 2 | 11 | 25 | 0 | 1 | 9 | 0 | 3 | 17 | 9 | 0 | 5 | 0 |
| ETSI – SAI 002 – Securing Artificial Intelligence (SAI); Data Supply Chain Security | 18 | 1 | 3 | 2 | 0 | 2 | 4 | 3 | 0 | 0 | 0 | 1 | 2 | 0 |
| CISA – Principles for the Secure Integration of Artificial Intelligence in Operational Technology | 42 | 1 | 14 | 4 | 3 | 2 | 4 | 4 | 1 | 1 | 2 | 3 | 2 | 0 |
| NCSC/NSA/CISA etc – AI Data Security | 44 | 0 | 1 | 1 | 0 | 12 | 4 | 10 | 10 | 1 | 0 | 2 | 1 | 1 |
| SANS – Critical AI Security Guidelines | 30 | 0 | 3 | 2 | 0 | 10 | 4 | 2 | 1 | 1 | 0 | 0 | 4 | 0 |
| OECD – Due Diligence Guidance for Responsible AI | 12 | 0 | 2 | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 0 |
| IETF – Security Requirements for AI Agents | 13 | 0 | 1 | 0 | 0 | 0 | 12 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| TAIBOM – Bringing Trustworthiness to AI-Enabled Systems | 4 | 0 | 0 | 0 | 0 | 3 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| IMDA – Model AI Governance Framework for Agentic AI | 17 | 1 | 2 | 1 | 3 | 0 | 1 | 0 | 0 | 1 | 4 | 1 | 3 | 0 |
| SDAIA (Saudi Arabia) – AI Ethics Principles | 49 | 0 | 10 | 2 | 8 | 9 | 1 | 0 | 3 | 5 | 5 | 0 | 5 | 0 |
| SDAIA (Saudi Arabia) – Generative AI Guidelines | 5 | 0 | 1 | 2 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| SDAIA (Saudi Arabia) – AI Adoption Framework | 4 | 0 | 1 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
| Cyber Security Council (UAE) – National Cyber Security Policy for Artificial Intelligence | 131 | 9 | 21 | 13 | 3 | 13 | 30 | 8 | 1 | 10 | 2 | 5 | 12 | 1 |
| Smart Dubai (UAE) – AI Ethics Principles & Guidelines | 42 | 1 | 2 | 2 | 6 | 1 | 0 | 1 | 2 | 3 | 9 | 0 | 2 | 0 |
| UAE Ministry of Cabinet Affairs – The UAE Charter for the Development and Use of Artificial Intelligence | 12 | 0 | 0 | 0 | 2 | 1 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
| Central Bank of the UAE – Guidance Note on the Consumer Protection and Responsible Adoption and Use of Artificial Intelligence and Machine Learning by Licensed Financial Institutions in the U.A.E | 38 | 1 | 2 | 5 | 7 | 4 | 1 | 3 | 1 | 3 | 2 | 0 | 2 | 0 |
| Qatar Central Bank – Artificial Intelligence Guidelines | 139 | 3 | 12 | 20 | 18 | 7 | 2 | 2 | 9 | 8 | 10 | 2 | 11 | 0 |
| MIC/METI (Japan) – AI Guidelines for Business | 57 | 2 | 5 | 7 | 5 | 1 | 0 | 1 | 2 | 2 | 11 | 1 | 2 | 0 |
| METI (Japan) – Governance Guidelines for Implementation of AI Principles | 21 | 5 | 2 | 4 | 0 | 1 | 0 | 0 | 0 | 1 | 2 | 0 | 1 | 0 |
| EU – EU AI Act | 79 | 0 | 8 | 10 | 6 | 4 | 0 | 0 | 8 | 3 | 11 | 2 | 11 | 0 |
| ISO/IEC – DIS 27090 | 8 | 0 | 1 | 1 | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 1 | 1 | 0 |
| ISO/IEC – TR 27563:2023 | 7 | 1 | 1 | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| ISO/IEC – DIS 5181 | 4 | 0 | 0 | 0 | 0 | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| ISO/IEC – TR 27091 | 4 | 1 | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| ISO/IEC – DIS 24970 | 11 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 10 | 0 |
| ISO/IEC – TS 42119-2:2025 | 14 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 12 | 0 | 0 | 0 | 0 |
| CEN/CENELEC – prEN 40000-1-1 | 6 | 0 | 1 | 2 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 |
| CEN/CENELEC – prEN 40000-1-2: Cybersecurity requirements for products with digital elements – Part 1-2: Principles for cyber resilience | 20 | 0 | 6 | 5 | 0 | 3 | 1 | 0 | 1 | 1 | 0 | 0 | 2 | 1 |
| NIST – IR 8596: Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile): NIST Community Profile | 106 | 6 | 3 | 20 | 4 | 10 | 19 | 11 | 2 | 3 | 6 | 10 | 12 | 0 |
| Databrick – The Databricks AI Security Framework | 73 | 2 | 6 | 0 | 0 | 14 | 23 | 3 | 0 | 5 | 0 | 1 | 10 | 0 |
| World Economic Forum – Presidio AI Framework: Towards Safe Generative AI Models | 6 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 1 | 2 | 0 | 0 | 1 | 0 |
| ENISA – Multilayer Framework for Good Cybersecurity Practices for AI | 33 | 9 | 2 | 1 | 0 | 0 | 3 | 0 | 0 | 6 | 3 | 0 | 6 | 0 |
| NIST – AI 100-2e2025: Adversarial Machine Learning A Taxonomy and Terminology of Attacks and Mitigations | 26 | 0 | 11 | 0 | 0 | 0 | 2 | 4 | 0 | 2 | 0 | 0 | 2 | 0 |
| U.S. Department of Health & Human Services – Trustworthy AI (TAI) Playbook: Executive Summary | 6 | 0 | 1 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
| Federal Office for Information Security – AI Security Concerns in a Nutshell | 13 | 0 | 3 | 0 | 0 | 5 | 0 | 3 | 0 | 1 | 0 | 1 | 0 | 0 |
| ICO – Guidance on the AI Auditing Framework – Draft guidance for consultation | 35 | 4 | 7 | 7 | 0 | 2 | 2 | 3 | 3 | 1 | 1 | 1 | 3 | 0 |
| ISO – 42001:2023 – Information technology — Artificial intelligence — Management system | 24 | 1 | 4 | 5 | 2 | 1 | 0 | 0 | 2 | 2 | 2 | 3 | 2 | 0 |
| Total | 2504 | 93 | 344 | 238 | 130 | 266 | 321 | 125 | 128 | 188 | 139 | 65 | 220 | 11 |