ISO/IEC 42001:2023 — SP 800-53 Coverage
How well do NIST SP 800-53 Rev 5 controls address each ISO 42001:2023 requirement? This analysis maps from framework clauses back to SP 800-53, with expert coverage weightings and gap identification.
Clause-by-Clause Analysis
Sorted by clauseA.2.2 AI policy
Rationale
AC-01 and PL-01/PL-02 cover security policy and planning. PL-09 (new in Rev 5) central management provides a unified policy administration mechanism that could extend to AI governance policy coordination.
Gaps
ISO 42001 A.2.2 requires an AI-specific policy covering responsible AI principles, ethical use, and AI governance. SP 800-53 policies are security/privacy-focused. PL-09 improves central policy coordination but does not address AI ethics, fairness, or responsible AI commitments.
A.2.3 AI roles and responsibilities
Rationale
AC-01 and PL-01 assign security roles and responsibilities. PS-09 (new in Rev 5) position descriptions formalises the documentation of security-related duties within job descriptions, applicable to defining AI-related role responsibilities.
Gaps
ISO 42001 requires AI-specific roles such as AI system owner, AI ethics officer, and AI risk manager. PS-09 improves role definition but SP 800-53 does not address AI governance, AI ethics, or AI-specific accountability structures.
A.2.4 Monitoring, measurement, and review of AI systems
Rationale
CA-07 continuous monitoring; PL-03 plan update; RA-04 risk assessment update. These cover security monitoring and review cycles.
Gaps
ISO 42001 requires monitoring AI system performance, bias drift, model accuracy, and fairness metrics over time. SP 800-53 monitoring focuses on security events and vulnerabilities, not AI-specific performance degradation, concept drift, or fairness metrics.
A.3.2 AI roles, responsibilities, and authorities
Rationale
AC-02 account management; AC-05 separation of duties; AC-06 least privilege; PS family personnel security. PS-09 (new in Rev 5) position descriptions strengthens role documentation for AI-related positions.
Gaps
ISO 42001 requires AI-specific role definitions including those responsible for AI ethics, bias review, and AI lifecycle management. PS-09 improves position documentation but AI-specific authority structures remain unaddressed.
A.3.3 Reporting AI incidents and concerns
Rationale
IR-04 incident handling; IR-06 incident reporting; SI-05 security alerts; PS-08 personnel sanctions; AT-05 contacts with security groups. IR-09 (new in Rev 5) information spillage response adds handling for data exposure incidents, partially relevant to AI training data incidents.
Gaps
ISO 42001 requires reporting of AI-specific incidents including bias events, unintended AI behaviours, ethical concerns, and AI safety events. IR-09 addresses data spillage but AI-specific incident taxonomy, ethical concern escalation, and AI safety reporting channels are not covered.
A.4.2 AI system inventory and documentation
Rationale
CM-01/CM-02 configuration management; CM-06 configuration settings; CM-08 component inventory. CM-12 (new in Rev 5) information location tracks where data and systems reside, applicable to AI system inventory across environments.
Gaps
ISO 42001 requires an AI-specific system inventory documenting AI purpose, data used, model type, deployment context, and impact level. CM-12 improves system location tracking but AI-specific attributes such as model type, training data provenance, or intended use documentation are not addressed.
A.4.3 Data management for AI systems
Rationale
CP-09 backup; MP family media protection and handling. CM-13 (new in Rev 5) data action mapping provides visibility into data processing actions, partially relevant to AI data management and data lifecycle tracking.
Gaps
Significant gap. ISO 42001 requires AI-specific data management including training data quality assessment, data bias analysis, data lineage, and representativeness validation. CM-13 improves data action visibility but AI training data quality, bias in data, or data fitness-for-purpose assessment are not addressed.
A.4.4 Technology resource management for AI
Rationale
CM-08 component inventory; MA-03 maintenance tools; SA-06 software usage restrictions; SA-07 user-installed software. General technology management applies.
Gaps
ISO 42001 requires management of AI-specific technology resources including compute infrastructure, ML frameworks, model registries, and AI development environments. SP 800-53 covers general IT resource management but not AI-specific compute, GPU/TPU management, or ML pipeline infrastructure.
A.4.5 AI system continuity and resilience
Rationale
CP-01/CP-02 contingency planning; CP-07 alternate processing; CP-10 recovery; PE-18 component location; SA-02 resource allocation; SC-06 resource priority. SC-24 (new in Rev 5) fail in known state supports graceful degradation, partially relevant to AI system fallback strategies.
Gaps
ISO 42001 requires AI-specific continuity including model fallback strategies, graceful degradation for AI decisions, and AI system recovery priorities. SC-24 provides fail-safe concepts but does not address AI-specific failover (e.g., reverting to non-AI decision paths).
A.4.6 AI competence, awareness, and training
Rationale
AT-01 through AT-04 training policy, awareness, training, and records; PS-01 personnel security; PS-03 screening. AT-06 (new in Rev 5) training feedback provides mechanisms for evaluating training effectiveness, applicable to assessing AI competency programme outcomes.
Gaps
ISO 42001 requires AI-specific competency including ML/AI technical skills, AI ethics training, responsible AI awareness, and AI risk assessment capabilities. AT-06 improves training evaluation but AI-specific competencies and responsible AI skills are not addressed.
A.5.2 AI risk assessment
Rationale
CA-01/CA-02 assessment policy and assessments; CA-06 authorization; PL-05 privacy impact; RA-01 through RA-04 risk assessment family. RA-07 (new in Rev 5) risk response adds structured treatment actions; RA-08 (new in Rev 5) privacy impact assessments strengthens privacy risk analysis; RA-09 (new in Rev 5) criticality analysis identifies critical components for risk prioritisation.
Gaps
Significant gap. ISO 42001 requires AI-specific risk assessment covering bias risk, fairness risk, transparency risk, AI safety risk, and societal impact. RA-07/RA-08/RA-09 improve risk response, privacy assessment, and criticality analysis but AI-specific risks such as algorithmic bias, model explainability gaps, or unintended societal consequences are not addressed.
A.5.3 AI risk treatment
Rationale
CA-02 assessments; CA-05 POA&M; PL-05 privacy impact; RA-03 risk assessment. RA-07 (new in Rev 5) risk response adds structured risk treatment actions.
Gaps
ISO 42001 requires AI-specific risk treatment including bias mitigation techniques, fairness interventions, explainability enhancements, and human oversight mechanisms. RA-07 improves risk treatment actions but AI-specific mitigations such as debiasing algorithms or fairness constraints are not addressed.
A.5.4 AI impact assessment
Rationale
PL-05 privacy impact assessment; PT family PII processing; RA-03 risk assessment. RA-08 (new in Rev 5) privacy impact assessments strengthens privacy risk analysis relevant to AI data processing impacts.
Gaps
Significant gap. ISO 42001 requires comprehensive AI impact assessment covering human rights, societal impact, environmental impact, and affected stakeholder analysis. RA-08 improves privacy impact assessment but broader AI impact for human rights, discrimination, environmental cost, or societal implications is not addressed.
A.5.5 AI system risk documentation
Rationale
PL-05 privacy impact documentation; RA-03 risk assessment documentation. General risk documentation applies.
Gaps
ISO 42001 requires AI-specific risk documentation including model cards, AI system transparency reports, and risk registers with AI-specific risk categories. SP 800-53 covers security risk documentation but not AI-specific artefacts such as model cards, datasheets for datasets, or AI transparency reports.
A.6.1.2 AI system design and architecture
Rationale
PL-06 security-related activity planning; SA-01 acquisition policy; SA-03 lifecycle support; SA-08 security engineering principles.
Gaps
ISO 42001 requires AI-specific design principles including explainability by design, fairness by design, and human-centred AI architecture. SP 800-53 covers security engineering principles but not AI-specific design requirements such as interpretability, fairness constraints, or human-in-the-loop architectures.
A.6.1.3 AI system development practices
Rationale
SA-03 lifecycle support; SA-08 security engineering; SA-10 developer configuration management.
Gaps
ISO 42001 requires AI-specific development practices including responsible AI development methodologies, model validation protocols, and AI testing for bias and fairness. SP 800-53 covers secure development but not AI-specific development practices such as ML experimentation governance or model validation frameworks.
A.6.2.2 AI system acquisition requirements 55%
Rationale
SA-04 acquisitions. General acquisition security requirements apply.
Gaps
ISO 42001 requires AI-specific acquisition criteria including model transparency, training data provenance, bias assessment reports, and responsible AI commitments from vendors. SP 800-53 SA-04 covers security requirements in acquisitions but not AI-specific procurement criteria.
Mapped Controls
A.6.2.3 AI system configuration and deployment
Rationale
CM-02 baseline configuration; CM-06 configuration settings; SA-05 documentation; SA-10 developer configuration management.
Gaps
ISO 42001 requires AI-specific deployment considerations including model deployment validation, production monitoring setup, and AI-specific configuration (hyperparameters, thresholds). SP 800-53 covers general configuration management well but not AI-specific deployment validation or model configuration.
A.6.2.4 AI system testing and validation
Rationale
CA-02 assessments; RA-05 vulnerability scanning; SA-11 developer security testing; SI-06 security function verification; SI-07 software integrity; SR-10 inspection.
Gaps
ISO 42001 requires AI-specific testing including bias testing, fairness validation, robustness testing, and adversarial testing of AI models. SP 800-53 covers security testing and vulnerability assessment but not AI-specific testing such as model accuracy validation, bias benchmarking, or adversarial robustness evaluation.
A.6.2.5 AI system change management
Rationale
CM-03 configuration change control; CM-05 access restrictions for change. Strong change management controls.
Gaps
Minor gap. ISO 42001 requires AI-specific change management including model retraining governance, data pipeline changes, and model version control. SP 800-53 CM family covers change management well; minor gap around AI-specific model versioning and retraining governance.
A.6.2.6 AI system maintenance and monitoring
Rationale
AC-13 supervision and review; AU-06 audit review; CA-07 continuous monitoring; CM-04 monitoring configuration changes; MA-02/MA-06 maintenance; SI-01/SI-02 system integrity and flaw remediation; SI-04 monitoring; SI-07 software integrity.
Gaps
ISO 42001 requires AI-specific maintenance including model performance monitoring, bias drift detection, data quality monitoring, and model retraining triggers. SP 800-53 covers security monitoring and system maintenance but not AI-specific monitoring such as model accuracy degradation, concept drift, or feature distribution shifts.
A.6.2.7 AI system documentation
Rationale
PL-02 system security plan; SA-05 system documentation. General system documentation applies.
Gaps
ISO 42001 requires AI-specific documentation including model cards, training data documentation, AI decision logic documentation, and user-facing AI transparency documentation. SP 800-53 covers security documentation but not AI-specific artefacts such as model cards, datasheets for datasets, or algorithmic impact assessments.
A.6.2.8 AI system logging and audit trails
Rationale
AU-01 through AU-11 audit family provides comprehensive logging, audit trail, and record retention. CM-13 (new in Rev 5) data action mapping adds visibility into data processing actions, strengthening audit trails for AI data pipeline operations.
Gaps
Minor gap. ISO 42001 requires AI-specific logging including AI decision logs, model input/output logging, and audit trails for AI decision rationale. CM-13 improves data action audit trails but AI-specific decision logging and explainability audit trails remain a gap.
A.7.2 Data quality for AI 30%
Rationale
SI-10 information accuracy, completeness, validity. Addresses input validation but not AI data quality.
Gaps
Major gap. ISO 42001 A.7.2 requires AI data quality management including training data completeness, representativeness, accuracy assessment, and data quality metrics. SP 800-53 SI-10 covers input validation but not AI-specific data quality concepts such as dataset bias assessment, feature completeness, or training data representativeness.
Mapped Controls
A.7.3 Data provenance and lineage for AI
Rationale
PT-02 authority to process PII; PT-04 consent; PT-07 specific categories of PII. CM-12 (new in Rev 5) information location and CM-13 (new in Rev 5) data action mapping provide some data tracking capabilities relevant to provenance.
Gaps
Major gap. ISO 42001 requires comprehensive data provenance including training data sourcing, data transformations, data lineage tracking, and data rights management. CM-12/CM-13 improve data location and action tracking but general AI data provenance, training data lineage, or data sourcing documentation are not addressed.
A.7.4 Data labelling and annotation
Rationale
AC-15/AC-16 automated marking/labelling; MP-03 media labelling; SI-09/SI-10 information input restrictions and accuracy. Very limited applicability.
Gaps
Major gap. ISO 42001 requires AI data labelling governance including annotation quality, inter-annotator agreement, labelling guidelines, and annotator competency. SP 800-53 labelling controls address security classification labelling, not AI training data annotation. No SP 800-53 controls address ML data labelling quality or annotation governance.
A.7.5 Data integrity and authenticity for AI
Rationale
AC-16 automated labelling; AU-10 non-repudiation; SR-04 provenance; SR-11 component authenticity. CM-14 (new in Rev 5) signed components provides cryptographic integrity verification applicable to AI model and data artefact integrity.
Gaps
ISO 42001 requires AI-specific data integrity including training data tampering detection, data poisoning prevention, and AI dataset authenticity verification. CM-14 strengthens component integrity but AI-specific threats such as training data poisoning or adversarial data manipulation are not addressed.
A.8.2 AI system transparency
Rationale
PT-05 privacy notice; SA-05 system documentation. Very limited applicability to AI transparency.
Gaps
Major gap. ISO 42001 requires AI transparency including disclosure that AI is being used, explanation of AI decision logic, and transparency about AI limitations. SP 800-53 does not address AI transparency, explainability, or the right to know that AI is making decisions. No controls cover algorithmic transparency or model explainability.
A.8.3 AI system reporting to stakeholders 30%
Rationale
IR-06 incident reporting. General incident reporting applicable.
Gaps
ISO 42001 requires regular reporting to stakeholders on AI system performance, impact, and risk. SP 800-53 IR-06 covers security incident reporting but not AI-specific stakeholder reporting on model performance, bias metrics, or societal impact.
Mapped Controls
A.8.4 AI incident management
Rationale
IR-01 through IR-07 incident response family; SR-08 notification agreements. IR-09 (new in Rev 5) information spillage response adds handling for data exposure incidents, relevant to AI training data breaches and model extraction incidents.
Gaps
ISO 42001 requires AI-specific incident classification including bias incidents, AI safety events, and unintended AI behaviour. IR-09 improves data spillage response but AI-specific incident taxonomy and AI safety incident response procedures need supplementation.
A.8.5 AI system record keeping
Rationale
PT-05/PT-06 privacy notice and system of records; SI-12 information output handling and retention.
Gaps
ISO 42001 requires AI-specific records including AI decision logs, model training records, bias assessment results, and AI impact assessment archives. SP 800-53 covers general record keeping but not AI-specific records such as model experiment logs, training run records, or AI ethics review documentation.
A.9.2 Human oversight of AI systems
Rationale
AC-01/AC-03 access control; AC-06 least privilege; AT-02 security awareness; PL-04 rules of behaviour; PS-06 access agreements.
Gaps
Significant gap. ISO 42001 requires human oversight mechanisms including human-in-the-loop decision points, human override capabilities, and human review of high-risk AI decisions. SP 800-53 covers access control and behavioural rules but not AI-specific human oversight requirements such as human review of automated decisions or human override mechanisms.
A.9.3 AI system user interaction 30%
Rationale
PL-01 security planning policy. Very limited applicability.
Gaps
Major gap. ISO 42001 requires AI user interaction design including user notification of AI involvement, user ability to contest AI decisions, and appropriate user expectations management. SP 800-53 does not address AI user interaction, contestability of AI decisions, or user-facing AI transparency requirements.
Mapped Controls
A.9.4 Restriction of AI system autonomy
Rationale
AC-03/AC-04 access enforcement and information flow; CM-07 least functionality; PL-04 rules of behaviour; PT-03 processing purposes; SA-07 user-installed software.
Gaps
Significant gap. ISO 42001 requires explicit boundaries on AI system autonomy including decision scope limitations, automated action restrictions, and escalation thresholds. SP 800-53 covers access restrictions and least functionality but not AI-specific autonomy boundaries such as decision confidence thresholds or automated action limits.
A.10.2 Third-party AI components and services
Rationale
AC-20 external systems; CA-03 system connections; PS-07 third-party personnel; SA-09 external services; SR-01/SR-02 supply chain policy and plan.
Gaps
ISO 42001 requires assessment of third-party AI components including pre-trained model evaluation, third-party AI bias assessment, and AI supply chain transparency. SP 800-53 covers third-party risk management but not AI-specific third-party assessment such as pre-trained model bias evaluation or AI vendor responsible AI practices.
A.10.3 AI supply chain risk management
Rationale
SA-04 acquisitions; SR-01 through SR-08 supply chain risk management family. Comprehensive supply chain controls.
Gaps
ISO 42001 requires AI-specific supply chain considerations including training data sourcing risk, pre-trained model provenance, and AI component transparency. SP 800-53 SR family covers supply chain risk well; gap around AI-specific supply chain risks such as training data licensing, model weight provenance, or pre-trained model bias inheritance.
A.10.4 Third-party monitoring for AI 40%
Rationale
SA-09 external information system services. General third-party monitoring applies.
Gaps
ISO 42001 requires ongoing monitoring of third-party AI services including monitoring for AI model updates, bias changes, and performance degradation in third-party AI components. SP 800-53 SA-09 covers external service monitoring but not AI-specific third-party monitoring such as model version tracking or third-party AI performance drift.
Mapped Controls
Methodology and Disclaimer
This coverage analysis maps from ISO 42001:2023 clauses/requirements back to NIST SP 800-53 Rev 5 controls, assessing how well the SP 800-53 control set addresses each framework requirement.
Coverage weighting represents an informed estimate based on control-objective alignment, not a definitive compliance determination. Weightings consider whether SP 800-53 controls address the intent of each framework requirement, even where terminology and structure differ.
This analysis should be validated by qualified assessors for use in compliance or audit activities. The authoritative source for any compliance determination is always the framework itself.