Skip to content

Control Mapping

Complete mapping of the FSI Agent Governance Framework controls to implementing solutions. 39 of 78 controls have at least one solution; remaining controls show No solution yet.

Pillar 1 — Security

Control Description Solutions
1.1 Control 1.1: Restrict Agent Publishing by Authorization Cross-Tenant External Sharing Governance, Unrestricted Agent Sharing Detector
1.2 Control 1.2: Agent Registry and Integrated Apps Management Agent 365 Lifecycle Governance, Agent Registry Automation, Model Risk Management Automation
1.3 Control 1.3: SharePoint Content Governance and Permissions No solution yet
1.4 Control 1.4: Advanced Connector Policies (ACP) Agent Knowledge Source Scanner, Credential Oversharing Detector, File Upload Security, Scope Drift Monitor
1.5 Control 1.5: Data Loss Prevention (DLP) and Sensitivity Labels Agent Knowledge Source Scanner, Deny Event Correlation Report, MIME Type Restrictions for File Uploads, Scope Drift Monitor
1.6 Control 1.6: Microsoft Purview DSPM for AI No solution yet
1.7 Control 1.7: Comprehensive Audit Logging and Compliance Agent Observability Foundation, Agent Registry Automation, Audit Compliance Manager, Cross-Solution Integration, Deny Event Correlation Report, Environment Lifecycle Management, FINRA Supervision Workflow, RAG Source Validator
1.8 Control 1.8: Runtime Protection and External Threat Detection Content Moderation Monitor, Cross-Solution Integration, Deny Event Correlation Report, File Upload Security
1.9 Control 1.9: Data Retention and Deletion Policies DR Testing Framework
1.10 Control 1.10: Communication Compliance Monitoring Action Confirmation Auditor, FINRA Supervision Workflow, HITL Workflow Governance, MIME Type Restrictions for File Uploads
1.11 Control 1.11: Conditional Access and Phishing-Resistant MFA Agent 365 Lifecycle Governance, Conditional Access Automation, Cross-Solution Integration, Cross-Tenant External Sharing Governance, MIME Type Restrictions for File Uploads, Session Security Configurator
1.12 Control 1.12: Insider Risk Detection and Response No solution yet
1.13 Control 1.13: Sensitive Information Types (SITs) and Pattern Recognition MIME Type Restrictions for File Uploads
1.14 Control 1.14: Data Minimization and Agent Scope Control Content Moderation Monitor, Credential Oversharing Detector, Cross-Solution Integration, File Upload Security, MIME Type Restrictions for File Uploads, Scope Drift Monitor
1.15 Control 1.15: Encryption: Data in Transit and at Rest No solution yet
1.16 Control 1.16: Information Rights Management (IRM) for Documents No solution yet
1.17 Control 1.17: Endpoint Data Loss Prevention (Endpoint DLP) No solution yet
1.18 Control 1.18: Application-Level Authorization and Role-Based Access Control (RBAC) Agent Sharing Access Restriction Detector, Conditional Access Automation, Credential Oversharing Detector, Cross-Tenant External Sharing Governance
1.19 Control 1.19: eDiscovery for Agent Interactions No solution yet
1.20 Control 1.20: Network Isolation and Private Connectivity No solution yet
1.21 Control 1.21: Adversarial Input Logging No solution yet
1.22 Control 1.22: Information Barriers for AI Agents No solution yet
1.23 Control 1.23: Step-Up Authentication for AI Agent Operations Conditional Access Automation, Cross-Solution Integration, Inactivity Timeout Enforcement, Session Security Configurator
1.24 Control 1.24: Defender AI Security Posture Management (AI-SPM) No solution yet
1.25 Control 1.25: MIME Type Restrictions for File Uploads MIME Type Restrictions for File Uploads
1.26 Control 1.26: Agent File Upload and File Analysis Restrictions No solution yet
1.27 Control 1.27: AI Agent Content Moderation Enforcement No solution yet
1.28 Control 1.28: Policy-Based Agent Publishing Restrictions No solution yet
1.29 Control 1.29: Global Secure Access: Network Controls for Copilot Studio Agents No solution yet

Pillar 2 — Management

Control Description Solutions
2.1 Control 2.1: Managed Environments Agent 365 Lifecycle Governance, Agent Registry Automation, Cross-Tenant External Sharing Governance, DR Testing Framework, Environment Lifecycle Management, Pipeline Governance Cleanup, Segregation of Duties Detector
2.2 Control 2.2: Environment Groups and Tier Classification Environment Lifecycle Management
2.3 Control 2.3: Change Management and Release Planning Agent 365 Lifecycle Governance, Environment Lifecycle Management, Message Center Monitor, Pipeline Governance Cleanup, Segregation of Duties Detector
2.4 Control 2.4: Business Continuity and Disaster Recovery DR Testing Framework
2.5 Control 2.5: Testing, Validation, and Quality Assurance Conflict of Interest Testing, Model Risk Management Automation
2.6 Control 2.6: Model Risk Management (OCC 2011-12/SR 11-7) Model Risk Management Automation
2.7 Control 2.7: Vendor and Third-Party Risk Management No solution yet
2.8 Control 2.8: Access Control and Segregation of Duties Agent 365 Lifecycle Governance, Agent Observability Foundation, Agent Sharing Access Restriction Detector, Cross-Tenant External Sharing Governance, Environment Lifecycle Management, Segregation of Duties Detector
2.9 Control 2.9: Agent Performance Monitoring and Optimization Agent Observability Foundation, Hallucination Feedback Tracker, Model Risk Management Automation
2.10 Control 2.10: Patch Management and System Updates Message Center Monitor
2.11 Control 2.11: Bias Testing and Fairness Assessment Conflict of Interest Testing, Model Risk Management Automation
2.12 Control 2.12: Supervision and Oversight (FINRA Rule 3110) Action Confirmation Auditor, Agent 365 Lifecycle Governance, FINRA Supervision Workflow, Hallucination Feedback Tracker, HITL Workflow Governance
2.13 Control 2.13: Documentation and Record Keeping Agent Registry Automation, Model Risk Management Automation, RAG Source Validator
2.14 Control 2.14: Training and Awareness Program No solution yet
2.15 Control 2.15: Environment Routing and Auto-Provisioning No solution yet
2.16 Control 2.16: RAG Source Integrity Validation RAG Source Validator
2.17 Control 2.17: Multi-Agent Orchestration Limits Agent Communication Restriction Detector, HITL Workflow Governance
2.18 Control 2.18: Automated Conflict of Interest Testing Conflict of Interest Testing
2.19 Control 2.19: Customer AI Disclosure and Transparency No solution yet
2.20 Control 2.20: Adversarial Testing and Red Team Framework No solution yet
2.21 Control 2.21: AI Marketing Claims and Substantiation No solution yet
2.22 Control 2.22: Inactivity Timeout Enforcement Inactivity Timeout Enforcement
2.23 Control 2.23: User Consent and AI Disclosure Enforcement No solution yet
2.24 Control 2.24: Agent Feature Enablement and Restriction Governance Generative AI Config Auditor
2.25 Control 2.25: Microsoft Agent 365 — Admin Center Governance Console No solution yet
2.26 Control 2.26: Entra Agent ID — Identity Governance for Agents No solution yet

Pillar 3 — Reporting

Control Description Solutions
3.1 Control 3.1: Agent Inventory and Metadata Management Agent 365 Lifecycle Governance, Compliance Dashboard, Cross-Tenant External Sharing Governance, Model Risk Management Automation
3.2 Control 3.2: Usage Analytics and Activity Monitoring Agent Observability Foundation, Compliance Dashboard, Copilot Studio Analytics
3.3 Control 3.3: Compliance and Regulatory Reporting Compliance Dashboard, MIME Type Restrictions for File Uploads
3.4 Control 3.4: Incident Reporting and Root Cause Analysis Compliance Dashboard, Deny Event Correlation Report
3.5 Control 3.5: Cost Allocation and Budget Tracking No solution yet
3.6 Control 3.6: Orphaned Agent Detection and Remediation No solution yet
3.7 Control 3.7: PPAC Security Posture Assessment Inactivity Timeout Enforcement, MIME Type Restrictions for File Uploads
3.8 Control 3.8: Copilot Hub and Governance Dashboard Agent Access Governance Monitor, Cross-Solution Integration, Inactivity Timeout Enforcement, Unrestricted Agent Sharing Detector
3.9 Control 3.9: Microsoft Sentinel Integration No solution yet
3.10 Control 3.10: Hallucination Feedback Loop Hallucination Feedback Tracker
3.11 Control 3.11: Centralized Agent Inventory Enforcement No solution yet
3.12 Control 3.12: Agent Governance Exception and Override Management No solution yet
3.13 Control 3.13: Agent 365 Admin Center Analytics and Reporting No solution yet
3.14 Control 3.14: Agent 365 Observability SDK and Custom Agent Telemetry No solution yet

Pillar 4 — Governance

Control Description Solutions
4.1 Control 4.1: SharePoint Information Access Governance (IAG) / Restricted Content Discovery No solution yet
4.2 Control 4.2: Site Access Reviews and Certification No solution yet
4.3 Control 4.3: Site and Document Retention Management Agent Knowledge Source Scanner, MIME Type Restrictions for File Uploads
4.4 Control 4.4: Guest and External User Access Controls No solution yet
4.5 Control 4.5: SharePoint Security and Compliance Monitoring No solution yet
4.6 Control 4.6: Grounding Scope Governance No solution yet
4.7 Control 4.7: Microsoft 365 Copilot Data Governance No solution yet
4.8 Control 4.8: Item-Level Permission Scanning for Agent Knowledge Sources No solution yet
4.9 Control 4.9: Embedded File Content Governance No solution yet

Coverage Summary

  • Controls with implementations: 39 of 78
  • Live solution folders: 35
  • Controls per solution (avg): 3.3

Framework Reference

Full control specifications are available in the FSI Agent Governance Framework.