For Standards Bodies

# The reference implementation of the agent-credential nutrition label.

AiEGIS is the open contribution path for AI agent governance standards. We co-author dimensions in OWASP AIVSS (NIST Distinguished Review Board), submit case studies to the NIST AI RMF Profile track, and publish reference implementations for academic researchers, regulators, and standards-body members.







01 — Active Contributions

## AiEGIS contributions to standards bodies




Standard Contribution Status



**OWASP AIVSS Issue #31** *Runtime Enforcement Effectiveness*
Co-author of v1.0 working text on the `enforcement_effectiveness` dimension family (structural enforcement / empirical block-rate / time-to-enforce / enforcement_locus).
**Live** — reply posted 2026-05-08, public-repo route accepted at `aeoess/aivss-enforcement-effectiveness`. [Permalink](https://github.com/OWASP/www-project-artificial-intelligence-vulnerability-scoring-system/issues/31#issuecomment-4407373431)


**OWASP AIVSS Issue #32** *Multi-Agent Governance / Identity-Binding 5th Force-Multiplier*
Submitted Apr 14, 2026. Locked, awaiting Distinguished Review Board decision (Apostol Vassilev/NIST + Joyce ex-NSA + Clinton Anthropic CISO + Tran Duff Harvard).
Awaiting v1.0 release Q3-Q4 2026


**NIST AI RMF Profile** *Trustworthy AI in Critical Infrastructure*
Case study submitted to AIframework@nist.gov. 4-function (Govern/Map/Measure/Manage) mapping for healthcare and financial-services sectors.
Submission pending Trav signoff


**NIST AISIC** *AI Safety Institute Consortium*
Letter of interest filed for CRADA-style cooperative deployment.
Submission pending Trav signoff


**AIPMC**
Submission Apr 13, 2026 via eTenders.
Submitted (resourceId=7529072)


**OWASP Agentic AI WG**
Reference implementation submission queued.
Phase 3 (Day 43+ in current execution plan)







02 — Distinguished Review Board

## Why AIVSS matters for NIST



AIVSS is a NIST-board-reviewed standards effort. **Apostol Vassilev** (NIST — leads Trustworthy & Responsible AI program) sits on the Distinguished Review Board alongside Rob Joyce (formerly NSA), John Clinton (Anthropic CISO), and Tran Duff (Harvard). AiEGIS contributions to AIVSS v1.0 are reviewed by NIST in process.

This is independent of any direct NIST submission (AISIC consortium letter, AI RMF Profile case study). Both paths advance simultaneously.





03 — AI RMF Mapping

## How AiEGIS operationalizes AI RMF 1.0



AiEGIS encodes NIST AI RMF Govern / Map / Measure / Manage as runtime-enforced policies. The five jurisdictional Rego rule packs each map specific RMF subcategories to machine-checkable rules:


- Govern 1.1, 1.4, 1.5, 4.1, 5.1 — Legal / regulatory, enterprise risk integration, monitoring, organizational practices, decision accountability

- Map 1.1, 2.1, 3.4, 4.1, 5.1 — Categorization, risk identification, failure modes, time-tracked metrics, impact characterization

- Measure 1.1, 2.7, 2.8, 3.1, 4.2 — Effectiveness, trade-offs, privacy, performance, monitoring

- Manage 1.3, 2.2, 2.3, 4.3 — Risk resolution, resources, resilience, customer-facing surfaces



Full mapping document available on request and as part of the NIST AI RMF Profile case study submission.





04 — Open Contribution

## How to engage



Standards bodies, academic researchers, and regulators are welcome to contribute to AgenticOS development. Channels:


- OWASP AIVSS working group — co-author on dimension proposals (Issues #31, #32). Public GitHub.

- Schema contributions — agent passport schema is published at /docs/agent-passport-schema/. Issue feedback welcome.

- Jurisdictional rule pack co-authoring — for sovereign regulators: contact us about authoring your jurisdiction's rule pack as part of a CRADA-style cooperation.

- Witness federation — for permanent-class agent credentials, AiEGIS supports a 3-of-N witness federation. We're recruiting initial witnesses among standards bodies.


[Talk to us](/#talk)
[Read the explainer](/agent-passport.html)