Crosswalk Your AI Agent to the EU AI Act, NIST AI RMF and ISO 42001 in One Day

François B. Arthanas

Ph.D. Scholar, CISSP, CISA, AAIA™, CDPSE

Most AI governance programs fail because they stop at theory & principles.

Bring one AI agent. Leave with a practical governance crosswalk, risk profile, control-gap map, and 30-day action plan.

In this hands-on one-day cohort, you’ll map a real AI agent against three of the most important AI governance frameworks: the EU AI Act, NIST AI Risk Management Framework, and ISO/IEC 42001. You will translate abstract requirements into concrete controls, evidence, testing needs, monitoring practices, and next steps your team can actually execute.

This is not a lecture on AI policy. It is a working session designed to help you answer the questions enterprise buyers, security teams, auditors, legal teams, and regulators are starting to ask:

What does your agent do? What data does it touch? What can go wrong? What controls exist? What evidence proves it? What gaps need to be closed first?

What you’ll learn

Stop answering every AI framework from scratch. Build one control map for one agent that answers them all and find the gaps first.

  • Work on the Atlas Support Agent: it accesses customer data, calls tools, and issues refunds under limits.

  • Inventory its controls across six trust domains: data & privacy, security, safety, reliability, accountability, society.

  • Learn the rule that makes crosswalking possible: one control, many frameworks, one evidence source.

  • Walk the risk-classification ladder: minimal, limited, high, unacceptable and place the Atlas agent on it.

  • Map the agent's controls to the obligations its tier triggers: transparency, human oversight, logging, robustness.

  • Map the same control inventory to NIST's four functions: Govern, Map, Measure, Manage.

  • Cross to ISO/IEC 42001's management-system clauses and see how much you've already covered.

  • Assemble the one-page Compliance Readiness Brief: coverage by framework, top gaps, and recommended fixes.

  • Defend it in a mock audit Q&A facing auditor-, legal-, and buyer-style questions.

  • Leave with the reusable crosswalk matrix and templates ready to run on your organization's agent Monday.

Workshop agenda

  • 10:00 – 11:00 AM | The Framework Chaos Solved

    We open with the problem in miniature: the same question "can this agent take unauthorized actions?" asked five different ways by the EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP, and MITRE ATLAS.

  • 11:00 – 12:00 AM | Lab 1: Build the Control Inventory

    Using the provided case packet, you'll inventory the Atlas agent's controls across the six trust domains data & privacy, security, safety, reliability, accountability, society.

  • 12:00 – 1:00 PM | Lab 2: The EU AI Act Mapping

    Classify the agent on the EU AI Act risk ladder, then map its controls to the obligations that classification triggers transparency, human oversight, logging, accuracy, robustness.

  • 1:00 – 2:00 PM | Break

    To my overachiever you can use some of this time to refine your AI system description and prepare to turn your mapped concerns into measurable risks.

  • 2:00 – 3:00 PM | Lab 3: The NIST AI RMF Mapping

    Map the same inventory to Govern, Map, Measure, and Manage. This is the hour the method clicks: you'll watch most of your EU AI Act work satisfy NIST functions automatically.

  • 3:00 – 4:00 PM | Lab 4: ISO/IEC 42001

    Cross your map to ISO/IEC 42001's management-system clauses, then run the security spot-check: which OWASP Agentic Top 10 threats and MITRE ATLAS techniques does your control set actually mitigate?

  • 4:00 – 5:00 PM | The Readiness Report Brief & AMAs

    Turn your matrix and gap register into a one-page Compliance Readiness Brief: coverage by framework, top gaps, recommended fixes, and what you'd tell leadership.

Learn directly from François

François B. Arthanas

François B. Arthanas

Agentic AI Governance Practitioner | Ph.D. Candidate, CISSP, CISA, AAIA™, CDPSE

Centene
ISACA
Trenton Health Team
WGU
Cyber Pros Training
See all products from François B. Arthanas

Who this workshop is for

  • Anyone whose organization deployed an AI agent first and is asking compliance questions second. (That's most organizations.)

  • Risk, compliance, legal, privacy, security and internal audit teams

  • Consultants, advisors, procurement and vendor-risk teams

What's included

François B. Arthanas

Live sessions

Learn directly from François B. Arthanas in a real-time, interactive format.

Lifetime access

Go back to course content and recordings whenever you need to.

The Atlas Support Agent case packet

A realistic enterprise AI agent with architecture sketch, data sources, tool inventory, and starting control set

3 reusable, portfolio-ready templates

AI Agent Control Inventory worksheet, Master Crosswalk Matrix and EU AI Act risk-classification worksheet

Framework cheat sheets

Plain-language one-pagers for the EU AI Act, NIST AI RMF, ISO/IEC 42001, OWASP Agentic Top 10, and MITRE ATLAS

Community of peers

Stay accountable and share insights with like-minded professionals.

Certificate of completion

Share your new skills with your employer or on LinkedIn.

30-day action plan

You will leave with a practical roadmap for applying the workflow inside your organization.

Maven Guarantee

Your purchase is backed by the Maven Guarantee.

Frequently asked questions

Maven for Teams

Reimbursement

Get your company to pay

Everything L&D needs: email template, receipts, and certificate of completion.

Get reimbursed

Team discount

Learn with your teammates

Save 20%+ when 2 or more teammates enroll in the same cohort.

Save 20%+ with a team

Private cohort

Run a cohort for your org

A dedicated cohort with a custom schedule and curriculum, tailored to your team.

Book a private cohort

$297

USD

Oct 10
·

10am–4pm EDT

Enroll