🤖

AI Workload Compliance — NIST AI-RMF + EU AI Act + ISO 42001 + MITRE ATLAS

Industry-first productized AI governance framework. Maps NIST AI-RMF, EU AI Act Articles 9/15/16/17, ISO/IEC 42001, and MITRE ATLAS to the live Kubernetes AI/ML workload inventory captured by the Tier 3 watcher (KServe InferenceService, Kubeflow Notebook, Argo Rollouts, KubeRay RayCluster, Seldon SeldonDeployment, Run:ai RunaiJob).

3 critical5 high1 medium

AIRMF-MAP-1.1AIRMF-001high

AI System Inventory

Document and continuously map AI systems in use (NIST AI-RMF MAP 1.1). EchelonGraph's first-class CRD watch surfaces every shadow AI workload deployed to your cluster — the data-science team's GPU pod that bypassed your CI gate now appears in the Asset Inventory.

→

AIRMF-MEASURE-2.7AIRMF-002high

AI Continuous Monitoring

Measure AI system performance and risk on an ongoing basis (NIST AI-RMF MEASURE 2.7). The Tier 3 watcher emits AI workload events on every CRD change, feeding the live compliance dashboard within ≤30s.

→

EU-AIACT-ART9AIACT-001critical

AI Risk Management System

Risk management system established and maintained for high-risk AI systems (EU AI Act Article 9). EchelonGraph correlates the AI workload inventory with NetworkPolicy / RBAC / Secret posture to flag high-risk gaps.

→

EU-AIACT-ART15AIACT-002critical

AI Cybersecurity Resilience

High-risk AI systems shall be resilient to cybersecurity threats (EU AI Act Article 15). EchelonGraph's strict-ZK Secret inventory + customer-managed encryption + RBAC posture data feed this control directly.

→

EU-AIACT-ART16AIACT-003high

AI Access Control

High-risk AI systems must enforce least-privilege access (EU AI Act Article 16). EchelonGraph's K8s broad-RBAC detection flags ClusterRoleBindings to AI namespaces granting cluster-admin to non-system subjects.

→

EU-AIACT-ART17AIACT-004critical

AI Audit Logging

High-risk AI systems shall record events relevant to risk assessment (EU AI Act Article 17). EchelonGraph verifies cloud audit logging is enabled (CloudTrail / Cloud Audit Logs / Activity Log) on the cloud hosting the AI namespace.

→

ISO42001-7.4ISO-001medium

AI Management System Documentation

Documented AI management system per ISO/IEC 42001:2023 §7.4. EchelonGraph provides the live inventory; you provide the policy + roles documentation.

→

ISO42001-8.2ISO-002high

AI Workload RBAC

AI workloads operated under least-privilege RBAC (ISO/IEC 42001:2023 §8.2). Same evaluator as EU AI Act Article 16 — enforces correlated reasoning across frameworks.

→

MITRE-ATLAS-AML.T0011ATLAS-001high

Shadow AI Detection

Detect unauthorised / undocumented AI workloads (MITRE ATLAS AML.T0011 — User Execution). The Tier 3 watcher's first-class CRD watch turns shadow AI from an audit-week panic into a real-time signal.

→