← Frameworks / AI Management

ISO/IEC 42001:2023

Artificial intelligence management system standard. Specifies requirements for establishing, implementing, maintaining and improving an AI management system, including responsible AI development, deployment and use.

Clauses: 37

Avg Coverage: 53.0%

Publisher: ISO/IEC Version: 2023

ISO 42001:2023 → SP 800-53 SP 800-53 → ISO 42001:2023 Coverage Analysis

Clause	Title	SP 800-53 Controls
A.2.2	AI policy	AC-01 PL-01 PL-02 PL-09
A.2.3	AI roles and responsibilities	AC-01 PL-01 PS-09
A.2.4	Monitoring, measurement, and review of AI systems	CA-07 PL-03 RA-04
A.3.2	AI roles, responsibilities, and authorities	AC-02 AC-05 AC-06 PS-01 PS-02 PS-04 PS-05 PS-09
A.3.3	Reporting AI incidents and concerns	AT-05 IR-04 IR-06 PS-08 SI-05 IR-09
A.4.2	AI system inventory and documentation	CM-01 CM-02 CM-06 CM-08 CM-12
A.4.3	Data management for AI systems	CP-09 MP-01 MP-02 MP-04 MP-05 MP-06 CM-13
A.4.4	Technology resource management for AI	CM-08 MA-03 SA-06 SA-07
A.4.5	AI system continuity and resilience	CP-01 CP-02 CP-07 CP-10 PE-18 SA-02 SC-06 SC-24
A.4.6	AI competence, awareness, and training	AT-01 AT-02 AT-03 AT-04 PS-01 PS-03 AT-06
A.5.2	AI risk assessment	CA-01 CA-02 CA-06 PL-05 RA-01 RA-02 RA-03 RA-04 RA-07 RA-08 RA-09
A.5.3	AI risk treatment	CA-02 CA-05 PL-05 RA-03 RA-07
A.5.4	AI impact assessment	PL-05 PT-01 PT-02 PT-03 PT-07 PT-08 RA-03 RA-08
A.5.5	AI system risk documentation	PL-05 RA-03
A.6.1.2	AI system design and architecture	PL-06 SA-01 SA-03 SA-08
A.6.1.3	AI system development practices	SA-03 SA-08 SA-10
A.6.2.2	AI system acquisition requirements	SA-04
A.6.2.3	AI system configuration and deployment	CM-02 CM-06 SA-05 SA-10
A.6.2.4	AI system testing and validation	CA-02 RA-05 SA-11 SI-06 SI-07 SR-10
A.6.2.5	AI system change management	CM-03 CM-05
A.6.2.6	AI system maintenance and monitoring	AC-13 AU-06 CA-07 CM-04 MA-02 MA-06 SI-01 SI-02 SI-04 SI-07
A.6.2.7	AI system documentation	PL-02 SA-05
A.6.2.8	AI system logging and audit trails	AU-01 AU-02 AU-03 AU-06 AU-07 AU-09 AU-11 CM-13
A.7.2	Data quality for AI	SI-10
A.7.3	Data provenance and lineage for AI	PT-02 PT-04 PT-07 CM-12 CM-13
A.7.4	Data labelling and annotation	AC-15 AC-16 MP-03 SI-09 SI-10
A.7.5	Data integrity and authenticity for AI	AC-16 AU-10 SR-04 SR-11 CM-14
A.8.2	AI system transparency	PT-05 SA-05
A.8.3	AI system reporting to stakeholders	IR-06
A.8.4	AI incident management	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 SR-08 IR-09
A.8.5	AI system record keeping	PT-05 PT-06 SI-12
A.9.2	Human oversight of AI systems	AC-01 AC-03 AC-06 AT-02 PL-04 PS-06
A.9.3	AI system user interaction	PL-01
A.9.4	Restriction of AI system autonomy	AC-03 AC-04 CM-07 PL-04 PT-03 SA-07
A.10.2	Third-party AI components and services	AC-20 CA-03 PS-07 SA-09 SR-01 SR-02
A.10.3	AI supply chain risk management	SA-04 SR-01 SR-02 SR-03 SR-05 SR-06 SR-07 SR-08
A.10.4	Third-party monitoring for AI	SA-09