AI governance has moved from voluntary guidance to enforceable obligation in less than two years. The EU AI Act came into force on 1 August 2024. NIST released its AI Risk Management Framework (AI 100-1) in January 2023. ISO/IEC 42001, the first ISO standard for an AI management system, was published in December 2023.

For CISSP holders, the practical questions are how they fit together and what existing ISO 27001 work actually transfers. In this article, we dive into a comparison of NIST AI RMF and ISO/IEC 42001: how they differ, where they overlap, and which fits which use case.

The two frameworks at a glance

NIST AI RMF (AI 100-1). Published January 2023 by the U.S. National Institute of Standards and Technology (NIST). Four core functions: Govern, Map, Measure, and Manage. Seven trustworthiness characteristics. Four implementation Tiers. The Playbook companion document elaborates on 72 subcategories with suggested actions. NIST AI 600-1 (July 2024) introduces a Generative AI Profile that includes 12 GAI-specific risks. Voluntary, non-certifiable, free to download.

ISO/IEC 42001:2023. The AI version of ISO 27001. Published December 2023, it follows the same management system pattern that any 27001-certified organization already operates: leadership commitment, risk assessment, controls, internal audit, management review, and continual improvement. Clauses 4 through 10 are identical in structure to those in ISO 27001 and use the standard ISO management system template (i.e., “Annex SL-conformant”) as do other ISO management system standards. What’s new is the AI-specific control catalog in Annex A: 38 reference controls covering AI policy, roles, resources, system impact assessment, lifecycle management, data, transparency, intended use, and third-party relationships. As with 27001, you produce a Statement of Applicability (SoA) that lists every control and provides a written justification for its inclusion or exclusion. Unlike NIST AI RMF, you can earn a certificate through an accredited third-party audit. Note that reading the standard requires purchasing a license from ISO.

The two were designed to be readable together. ISO 42001 clause 4.1 NOTE 1 explicitly cross-references NIST AI RMF for AI role types and lifecycle stages.

What transfers from existing ISO 27001 work

If you have experience with ISO 27001, that muscle memory does most of the work. The ISO Survey 2024, published by ISO/IAF CASCO in September 2025, reports 96,709 ISO 27001 certificates and 179,877 sites globally. ISO 27001 ranks fourth among all ISO management system standards by certificate volume, behind only ISO 9001, ISO 14001, and ISO 45001. At a 179,877-to-96,709 ratio of sites to certificates, the average certified organization runs 1.86 sites under one certificate scope.

What that engagement gives you:

1. The audit cadence is identical. Stage 1 documentation review, Stage 2 on-site assessment, annual surveillance audits in years one and two, full recertification in year three. ISO 27001 audit capability (internal audits per clause 9.2, certification body relationships, surveillance preparation) transfers the management-system half of ISO 42001. The AI-specific half (model risk, AI System Impact Assessment, and the new control catalog) is a separate competency that typically requires AI domain expertise, which can be sourced internally or from specialists.

2. The Statement of Applicability is the document that gets audited. Both standards require it in the same form: a list of every Annex A control, justification for inclusion or exclusion, and management sign-off. ISO 42001 trades 27001’s 93 information security controls for 38 AI-specific ones. The document discipline transfers.

3. CISSP Domain 1 already covers both. ISC2’s Exam Guidance for AI (April 2026) cites NIST AI RMF and ISO 42001 as required compliance-tracking frameworks for AI governance professionals.

4. Top management commitment, internal audit, management review, and corrective action. Same wording in 27001, 42001, and other ISO management system standards. If you’ve run any of them, you already know these clauses.

5. A crosswalk already exists. NIST’s AI Resource Center hosts a community-submitted 72-row crosswalk pairing every NIST AI RMF subcategory with the relevant parts of ISO 42001. GOVERN maps to leadership and policy areas. MAP to context-setting and impact-assessment processes. MEASURE maps to monitoring and verification. MANAGE to management review and continual improvement. NIST hosts the crosswalk but doesn’t endorse it (the crosswalk’s page notes that inclusion doesn’t imply NIST endorsement of either framework’s coverage). Use it as a starting reference for your own verification work.

That covers maybe 60% of the work. Here’s where the muscle memory breaks.

What doesn’t transfer

NIST AI RMF asks for use-case-specific Profiles. An organization deploying both a recommendation engine and a clinical decision support system needs two different Profiles, not one. ISO 27001’s Statement of Applicability operates at the organizational level rather than on a per-use-case basis, so this is new ground for practitioners coming from ISO 27001.

ISO 42001 has an outward-facing AI System Impact Assessment (clause 6.1.4) with no clean 27001 analog. Internal risk assessment looks at consequences for the organization. Impact assessment looks at consequences for individuals, groups, and societies external to it. The closest 27001 analog is supplier risk, but it isn’t the same shape.

Annex A is leaner than 27001’s. 38 controls across 9 categories versus 27001’s 93. Lean by design, but it places more weight on the auditor's and implementer's judgment in the SoA. Two 42001-conformant organizations with identical risk profiles can end up with materially different control sets.

A climate change clause. ISO 42001 clause 4.1 requires the organization to determine whether climate change is a relevant issue. Inherited from a harmonized update that flowed through 27001, 9001, and other ISO management system standards in 2023 and 2024. The energy footprint of large-model training and inference makes this a real audit-interpretation question, not a paper one.

NIST has a dedicated Generative AI Profile (AI 600-1). ISO 42001 is a general-purpose standard. If your AI estate is mostly GenAI, AI 600-1’s 12 GAI-specific risks give you a more specific risk taxonomy than Annex A does.

Which to lead with

Lead with NIST AI RMF when your audience is the engineering organization, your regulatory exposure is U.S.-centric, or you want internal risk discipline before external proof. NIST is free, easy to adopt as a taxonomy, and doesn’t require a relationship with an audit body.

Lead with ISO 42001 when your audience includes procurement, customers, or regulators seeking third-party assurance. When your exposure is EU AI Act-adjacent. When you already have ISO 27001, 9001, or 14001 certified, the harmonized structure makes 42001 a meaningfully smaller delta than going greenfield. ISO 42001 is the path to a certificate. NIST AI RMF is the path to a self-attestation document.

The pattern teams might settle into is to implement NIST first to establish the taxonomy and lifecycle discipline, then layer ISO 42001 certification on top once the documentation work is complete. According to a Modulos vendor blog (April 2026), teams that go in this order find 42001 certification work substantially easier to land. Caveat worth flagging: Modulos sells an AI governance platform that supports both frameworks, so the framing is shaped by their product, but the structural claim still holds.

What doesn’t map cleanly?

NIST AI RMF cannot be audited. Self-attestation only. If a customer asks for proof, you have your documentation, not a certificate, and of course, ISO 42001 is the path to that certificate.

Both frameworks predate widespread agentic AI deployment, but their structure was built to flex. NIST AI 100-1 is January 2023. ISO 42001 is December 2023. Neither directly names the agent stack (multi-agent systems, persistent memory, tool-using agents). In practice, organizations map agentic behaviors onto existing requirements rather than waiting for explicit agent text. ISO 42001’s risk assessment (clause 6.1.2) and AI system impact assessment (clause 6.1.4) evaluate the degree of autonomy and identify agent-specific risks like prompt injection. Annex A.9 (Use of AI systems) covers responsible-use processes, including human-oversight controls for high-risk agentic workflows. A.6.2.8 (AI system recording of event logs) becomes the audit trail for agent reasoning. A.6.2.6 (AI system operation and monitoring) becomes the drift-detection discipline. Extension frameworks like CSA MAESTRO and the OWASP Agentic Top 10 add technical depth on agent-specific threats, but the management system architecture for governing them is already in 42001.

The decommissioning gap is the clearest difference. NIST AI RMF treats the safe retirement of AI systems as a separate step. ISO 42001 doesn’t have a dedicated decommissioning control. End-of-life gets folded into broader operation and monitoring work. If you run AI systems where retirement has real consequences (regulated industries, customer-facing deployments, and expensive trained models), you’ll need to build your own decommissioning process beyond what Annex A asks for.

BS ISO/IEC 42006:2025 is the AI audit qualification standard. Published by BSI in July 2025. When selecting a certification body for ISO 42001, ask whether their auditors are qualified under 42006. For CISSPs considering an AI audit as a career path, this is the named qualification track.

Monday morning

If you have an existing ISO 27001 SoA template, pull it. Sit down with the ISO 42001 Annex A controls list. For each of the 38 controls, note “we do this already / we partially do this / we don’t do this.” That 30-minute paper exercise becomes the foundation for an eventual real SoA.

If you don’t have a 27001 SoA in your toolkit, start with NIST AI RMF. Read the four functions. Run a one-page self-assessment of where your organization sits on the four Tiers. Two hours of work that helps create a defensible baseline.

A common implementation failure is starting both frameworks at once and finishing neither. Pick one to lead with, document the decision, and revisit in six months.

Your CISSP doesn’t make you an AI governance expert. It makes you the person whose existing risk discipline transfers fastest to the new problem. The frameworks are different. The job is the same.

Sources

Primary standards and frameworks

• ISO/IEC 42001:2023, Information technology, Artificial intelligence, Management system. ISO/IEC JTC 1 / SC 42, December 2023. https://www.iso.org/standard/42001

• ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection, Information security management systems, Requirements. ISO/IEC JTC 1 / SC 27, October 2022. https://www.iso.org/standard/27001

• ISO/IEC 27006:2015 (and revisions), Requirements for bodies providing audit and certification of information security management systems. ISO/IEC JTC 1 / SC 27. https://www.iso.org/standard/27006

• ISO/IEC 42006:2025, Information technology, Artificial intelligence, Requirements for bodies providing audit and certification of artificial intelligence management systems. ISO/IEC JTC 1 / SC 42, published September 4, 2025. https://www.iso.org/standard/42006. National adoption available as BS ISO/IEC 42006:2025 via BSI: https://knowledge.bsigroup.com/products/information-technology-artificial-intelligence-requirements-for-bodies-providing-audit-and-certification-of-artificial-intelligence-management-systems

• NIST AI 100-1, Artificial Intelligence Risk Management Framework (AI RMF 1.0). National Institute of Standards and Technology, January 26, 2023. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf

• NIST AI RMF Playbook (companion to AI 100-1, 72 subcategories with suggested actions). https://airc.nist.gov/AI_RMF_Knowledge_Base/Playbook

• NIST AI 600-1, Generative AI Profile. NIST, July 2024. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf

• EU AI Act, Regulation (EU) 2024/1689. Entered into force 1 August 2024.

https://artificialintelligenceact.eu/

Survey and reference data

• ISO/IAF CASCO, The ISO Survey of Management System Standard Certifications, 2024, Explanatory Note. September 2025. https://iafcertsearch.org/services/iso-survey

• ISC2 Cybersecurity Workforce Study (2025) and Exam Guidance for AI (April 2, 2026), via ISC2 Insights. https://www.isc2.org/research

Secondary commentary (with vendor caveats)

• Modulos, NIST AI Risk Management Framework: the engineering spec for AI risk. Vendor blog, April 17, 2026. (Modulos sells an AI governance platform supporting both frameworks, and the framing reflects that.)

• NIST AI RMF to ISO/IEC FDIS 42001 AI Management system Crosswalk. Community-submitted, hosted on NIST AI Resource Center. PDF: https://airc.nist.gov/docs/NIST_AI_RMF_to_ISO_IEC_42001_Crosswalk.pdf. Listed on the AIRC crosswalks page: https://airc.nist.gov/airmf-resources/crosswalks/. NIST hosts but does not endorse the crosswalk. FDIS-stage clause references predate the December 2023 ISO/IEC 42001:2023 publication.