Free Resource · SCF 2026.1

The Secure Controls Framework, finally searchable

Search and filter every control in the Secure Controls Framework and see how each one maps across 290+ cybersecurity and privacy frameworks — ISO 27001, NIST CSF, SOC 2, PCI DSS and more. No spreadsheet gymnastics required.

Controls
1,468+
Domains
33+
Frameworks mapped
294+

1,468 controls

AAT-01Govern

Artificial Intelligence (AI) & Autonomous Technologies Governance

Mechanisms exist to ensure policies, processes, procedures and practices related to the mapping, measuring and managing of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent and implemented effectively.

Artificial Intelligence & Autonomous Technologies49 mappings
AAT-01.1Govern

AI & Autonomous Technologies-Related Legal Requirements Definition

Mechanisms exist to identify, understand, document and manage applicable statutory and regulatory requirements for Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies30 mappings
AAT-01.2Protect

Trustworthy AI & Autonomous Technologies

Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) are designed to be reliable, safe, fair, secure, resilient, transparent, explainable and data privacy-enhanced to minimize emergent properties or unintended consequences.

Artificial Intelligence & Autonomous Technologies41 mappings
AAT-01.3Identify

AI & Autonomous Technologies Value Sustainment

Mechanisms exist to sustain the value of deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies44 mappings
AAT-01.4Identify

AI Model & Agent Inventory & Lifecycle Management

Mechanisms exist to track the lifecycle of all AI models and AI agents, including ownership, intended purpose and status across: (1) Development; (2) Deployment; (3) Updates; and (4) Decommissioning.

Artificial Intelligence & Autonomous Technologies40 mappings
AAT-02Identify

Situational Awareness of AI & Autonomous Technologies

Mechanisms exist to develop and maintain an inventory of Artificial Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party).

Artificial Intelligence & Autonomous Technologies43 mappings
AAT-02.1Identify

AI & Autonomous Technologies Risk Mapping

Mechanisms exist to identify Artificial Intelligence (AI) and Autonomous Technologies (AAT) in use and map those components to potential legal risks, including statutory and regulatory compliance requirements.

Artificial Intelligence & Autonomous Technologies43 mappings
AAT-02.2Identify

AI & Autonomous Technologies Internal Controls

Mechanisms exist to identify and document internal security, compliance and resilience for Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies41 mappings
AAT-02.3Govern

Adequate Protections For AI & Autonomous Technologies

Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) include reasonable security, compliance and resilience protections that are commensurate with assessed risks and threats.

Artificial Intelligence & Autonomous Technologies40 mappings
AAT-02.4Govern

AI Threat Modeling & Risk Assessment

Mechanisms exist to conduct Artificial Intelligence (AI) and Autonomous Technologies (AAT)-specific threat modeling and risk assessments to address the following criteria across the lifecycle of the AAT: (1) Attack surfaces; (2) Adversarial threats; and (3) Abuse / misuse scenarios.

Artificial Intelligence & Autonomous Technologies41 mappings
AAT-03Identify

AI & Autonomous Technologies Context Definition

Mechanisms exist to establish and document the context surrounding Artificial Intelligence (AI) and Autonomous Technologies (AAT), including: (1) Intended purposes; (2) Potentially beneficial uses; (3) Context-specific laws and regulations; (4) Norms and expectations; and (5) Prospective settings in which the system(s) will be deployed.

Artificial Intelligence & Autonomous Technologies43 mappings
AAT-03.1Identify

AI & Autonomous Technologies Mission and Goals Definition

Mechanisms exist to define and document the organization's mission and defined goals for Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies41 mappings
AAT-03.2Govern

Model & AI Agent Documentation

Mechanisms exist to create, maintain and provide access to documentation artifacts for AI models and agents, including: (1) Data lineage; (2) Intended use; and (3) Limitations.

Artificial Intelligence & Autonomous Technologies40 mappings
AAT-04Identify

AI & Autonomous Technologies Business Case

Mechanisms exist to benchmark capabilities, targeted usage, goals and expected benefits and costs of Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies27 mappings
AAT-04.1Identify

AI & Autonomous Technologies Potential Benefits Analysis

Mechanisms exist to assess the potential benefits of proposed Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies40 mappings
AAT-04.2Identify

AI & Autonomous Technologies Potential Costs Analysis

Mechanisms exist to assess potential costs, including non-monetary costs, resulting from expected or realized Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related errors or system functionality and trustworthiness.

Artificial Intelligence & Autonomous Technologies42 mappings
AAT-04.3Identify

AI & Autonomous Technologies Targeted Application Scope

Mechanisms exist to specify and document the targeted application scope of the proposed use and operation of Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies40 mappings
AAT-04.4Identify

AI & Autonomous Technologies Cost / Benefit Mapping

Mechanisms exist to map risks and benefits for all components of Artificial Intelligence (AI) and Autonomous Technologies (AAT), including third-party software and data.

Artificial Intelligence & Autonomous Technologies27 mappings
AAT-05Identify

AI & Autonomous Technologies Training

Mechanisms exist to ensure personnel and external stakeholders are provided with position-specific risk management training for Artificial Intelligence (AI) and Autonomous Technologies (AAT).

Artificial Intelligence & Autonomous Technologies42 mappings
AAT-06Identify

AI & Autonomous Technologies Fairness & Bias

Mechanisms exist to prevent Artificial Intelligence (AI) and Autonomous Technologies (AAT) from unfairly identifying, profiling and/or statistically singling out a segmented population defined by race, religion, gender identity, national origin, religion, disability or any other politically-charged identifier.

Artificial Intelligence & Autonomous Technologies42 mappings

Showing 120 of 1,468

Data attribution

Control content is sourced from the Secure Controls Framework™ (SCF) version 2026.1, © Secure Controls Framework Council, LLC, licensed under CC BY-ND 4.0. RiskRegisterHQ is not affiliated with, endorsed by, or sponsored by the SCF Council. For the authoritative and most current version, visit securecontrolsframework.com.

From framework to action

Mapping controls is step one. RiskRegisterHQ helps you assign owners, track treatment, and keep an audit trail — without the spreadsheet chaos.