BBaselines
+
IISO
Integrating Governance
Management-system standards that set the baseline: NIST AI RMF, ISO 42001, ISO 27001, SOC 2.
Frameworks
BIDODI aligns with the frameworks that matter
We don't reinvent the wheel — we map your program to the standards regulators, customers, and auditors already trust. From AI-specific frameworks like NIST AI RMF, ISO 42001, and the CSA AI Controls Matrix, to enterprise standards like ISO 27001, SOC 2, and NIST 800-53.
BIDODI for frameworks
How the name reads against the standards
Baselines anchored in ISO, defense expressed through directives and control overlays, and trust secured by diligence and interoperability between frameworks.
DDirectives
+
OOverlays
Validating Defense
Threat catalogs, control overlays, and regulatory directives: OWASP, MITRE ATLAS, CSA AICM, EU AI Act.
DDiligence
+
IInteroperability
Securing Trust
Assurance and privacy regimes that map across one another: NIST 800-53, FedRAMP, HIPAA, GDPR.
Framework map
Standards, mapped to the three commitments
A consolidated view of the frameworks we work in, grouped by the commitment they serve.
| Commitment | Focus | Frameworks & standards |
|---|---|---|
| Integrating Governance | AI & security management systems, risk governance | NIST AI RMF (AI 100-1) ISO/IEC 42001 ISO/IEC 27001 SOC 2 NIST CSF 2.0 |
| Validating Defense | Threat models, adversarial testing, AI control overlays | OWASP Top 10 for LLM & GenAI OWASP Agentic Security MITRE ATT&CK MITRE ATLAS CSA AICM v1.0 NIST AI 600-1 (GenAI Profile) NIST COSAiS overlays |
| Securing Trust | Assurance, compliance, data protection & privacy | NIST 800-53 FedRAMP FIPS 200 / 140 HIPAA / HITRUST GDPR EU AI Act |
Threat modeling
Threat-modeling frameworks we apply
We choose the right lens for the system — extending classic models with AI-specific ones for agentic architectures.
Agentic AI · Featured
MAESTRO
A layered threat-modeling approach for agentic AI: it focuses on multi-agent and environment interactions, builds security into every layer of the architecture, and adds AI-specific threats such as adversarial ML and autonomy risk — all under a risk-based, continuously-monitored model.
General security
STRIDE
Classic spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege analysis.
Risk-centric
PASTA
A risk-centric, attacker-simulation methodology that ties threats to business impact.
Privacy
LINDDUN
A privacy-focused threat model surfacing linkability, identifiability, and disclosure risks.
Organizational risk
OCTAVE
An organizational, operations-driven approach to evaluating and managing security risk.
Adversarial ML
MITRE ATLAS
A knowledge base of real-world adversary tactics and techniques against machine-learning systems.
Put it to work
See how framework alignment becomes a concrete engagement.
We translate any of these frameworks into a prioritized, business-ready roadmap.
Review services