Skip to content

Control Mapping

Complete mapping of the FSI Agent Governance Framework controls to implementing solutions. 39 of 78 controls have at least one solution; remaining controls show No solution yet.

Pillar 1 — Security

Control Description Solutions
1.1 Restrict Agent Publishing by Authorization Cross-Tenant External Sharing Governance, Unrestricted Agent Sharing Detector
1.2 Agent Registry and Integrated Apps Management Agent 365 Lifecycle Governance, Agent Intake, Agent Registry Automation, Model Risk Management Automation
1.3 SharePoint Content Governance and Permissions No solution yet
1.4 Advanced Connector Policies (ACP) Agent Knowledge Source Scanner, Credential Oversharing Detector, File Upload Security, Scope Drift Monitor
1.5 Data Loss Prevention (DLP) and Sensitivity Labels Agent Knowledge Source Scanner, Deny Event Correlation Report, MIME Type Restrictions for File Uploads, Scope Drift Monitor
1.6 Microsoft Purview DSPM for AI No solution yet
1.7 Comprehensive Audit Logging and Compliance Agent Intake, Agent Observability Foundation, Agent Registry Automation, Audit Compliance Manager, Cross-Solution Integration, Cross-Tenant External Sharing Governance, Deny Event Correlation Report, Environment Lifecycle Management, FINRA Supervision Workflow, RAG Source Validator
1.8 Runtime Protection and External Threat Detection Content Moderation Monitor, Cross-Solution Integration, Deny Event Correlation Report, File Upload Security
1.9 Data Retention and Deletion Policies DR Testing Framework
1.10 Communication Compliance Monitoring Action Confirmation Auditor, FINRA Supervision Workflow, HITL Workflow Governance
1.11 Conditional Access and Phishing-Resistant MFA Agent 365 Lifecycle Governance, Conditional Access Automation, Cross-Solution Integration, Cross-Tenant External Sharing Governance, Session Security Configurator
1.12 Insider Risk Detection and Response No solution yet
1.13 Sensitive Information Types (SITs) and Pattern Recognition MIME Type Restrictions for File Uploads
1.14 Data Minimization and Agent Scope Control Credential Oversharing Detector, Cross-Solution Integration, File Upload Security, Scope Drift Monitor
1.15 Encryption: Data in Transit and at Rest No solution yet
1.16 Information Rights Management (IRM) for Documents No solution yet
1.17 Endpoint Data Loss Prevention (Endpoint DLP) No solution yet
1.18 Application-Level Authorization and Role-Based Access Control (RBAC) Agent Sharing Access Restriction Detector, Conditional Access Automation, Credential Oversharing Detector, Cross-Solution Integration, Cross-Tenant External Sharing Governance
1.19 eDiscovery for Agent Interactions No solution yet
1.20 Network Isolation and Private Connectivity No solution yet
1.21 Adversarial Input Logging No solution yet
1.22 Information Barriers for AI Agents No solution yet
1.23 Step-Up Authentication for AI Agent Operations Conditional Access Automation, Cross-Solution Integration, Inactivity Timeout Enforcement, Session Security Configurator
1.24 Defender AI Security Posture Management (AI-SPM) No solution yet
1.25 MIME Type Restrictions for File Uploads MIME Type Restrictions for File Uploads
1.26 Agent File Upload and File Analysis Restrictions No solution yet
1.27 AI Agent Content Moderation Enforcement Content Moderation Monitor
1.28 Policy-Based Agent Publishing Restrictions No solution yet
1.29 Global Secure Access: Network Controls for Copilot Studio Agents No solution yet

Pillar 2 — Management

Control Description Solutions
2.1 Managed Environments Agent 365 Lifecycle Governance, Agent Intake, Agent Registry Automation, Cross-Tenant External Sharing Governance, DR Testing Framework, Environment Lifecycle Management, Pipeline Governance Cleanup, Segregation of Duties Detector
2.2 Environment Groups and Tier Classification Environment Lifecycle Management
2.3 Change Management and Release Planning Agent 365 Lifecycle Governance, Message Center Monitor, Pipeline Governance Cleanup, Segregation of Duties Detector
2.4 Business Continuity and Disaster Recovery DR Testing Framework
2.5 Testing, Validation, and Quality Assurance Conflict of Interest Testing, Model Risk Management Automation
2.6 Model Risk Management (OCC 2011-12/SR 11-7) Model Risk Management Automation
2.7 Vendor and Third-Party Risk Management No solution yet
2.8 Access Control and Segregation of Duties Agent 365 Lifecycle Governance, Agent Observability Foundation, Agent Sharing Access Restriction Detector, Cross-Tenant External Sharing Governance, Environment Lifecycle Management, Segregation of Duties Detector
2.9 Agent Performance Monitoring and Optimization Agent Observability Foundation, Hallucination Feedback Tracker, Model Risk Management Automation
2.10 Patch Management and System Updates No solution yet
2.11 Bias Testing and Fairness Assessment Conflict of Interest Testing, Model Risk Management Automation
2.12 Supervision and Oversight (FINRA Rule 3110) Action Confirmation Auditor, Agent 365 Lifecycle Governance, FINRA Supervision Workflow, Hallucination Feedback Tracker, HITL Workflow Governance
2.13 Documentation and Record Keeping Agent Intake, Agent Registry Automation, Model Risk Management Automation, RAG Source Validator
2.14 Training and Awareness Program No solution yet
2.15 Environment Routing and Auto-Provisioning No solution yet
2.16 RAG Source Integrity Validation RAG Source Validator
2.17 Multi-Agent Orchestration Limits Agent Communication Restriction Detector, HITL Workflow Governance
2.18 Automated Conflict of Interest Testing Conflict of Interest Testing
2.19 Customer AI Disclosure and Transparency No solution yet
2.20 Adversarial Testing and Red Team Framework No solution yet
2.21 AI Marketing Claims and Substantiation No solution yet
2.22 Inactivity Timeout Enforcement Inactivity Timeout Enforcement
2.23 User Consent and AI Disclosure Enforcement No solution yet
2.24 Agent Feature Enablement and Restriction Governance Generative AI Config Auditor
2.25 Microsoft Agent 365 — Admin Center Governance Console No solution yet
2.26 Entra Agent ID — Identity Governance for Agents No solution yet

Pillar 3 — Reporting

Control Description Solutions
3.1 Agent Inventory and Metadata Management Agent 365 Lifecycle Governance, Agent Intake, Compliance Dashboard, Model Risk Management Automation
3.2 Usage Analytics and Activity Monitoring Agent Observability Foundation, Compliance Dashboard, Copilot Studio Analytics
3.3 Compliance and Regulatory Reporting Compliance Dashboard, MIME Type Restrictions for File Uploads
3.4 Incident Reporting and Root Cause Analysis Compliance Dashboard, Deny Event Correlation Report
3.5 Cost Allocation and Budget Tracking No solution yet
3.6 Orphaned Agent Detection and Remediation No solution yet
3.7 PPAC Security Posture Assessment Inactivity Timeout Enforcement, MIME Type Restrictions for File Uploads
3.8 Copilot Hub and Governance Dashboard Agent Access Governance Monitor, Cross-Solution Integration, Inactivity Timeout Enforcement, Unrestricted Agent Sharing Detector
3.9 Microsoft Sentinel Integration No solution yet
3.10 Hallucination Feedback Loop Hallucination Feedback Tracker
3.11 Centralized Agent Inventory Enforcement No solution yet
3.12 Agent Governance Exception and Override Management No solution yet
3.13 Agent 365 Admin Center Analytics and Reporting No solution yet
3.14 Agent 365 Observability SDK and Custom Agent Telemetry No solution yet

Pillar 4 — Governance

Control Description Solutions
4.1 SharePoint Information Access Governance (IAG) / Restricted Content Discovery No solution yet
4.2 Site Access Reviews and Certification No solution yet
4.3 Site and Document Retention Management Agent Knowledge Source Scanner
4.4 Guest and External User Access Controls No solution yet
4.5 SharePoint Security and Compliance Monitoring No solution yet
4.6 Grounding Scope Governance No solution yet
4.7 Microsoft 365 Copilot Data Governance No solution yet
4.8 Item-Level Permission Scanning for Agent Knowledge Sources No solution yet
4.9 Embedded File Content Governance No solution yet

Coverage Summary

  • Controls with implementations: 39 of 78
  • Solution inventory: 36 solutions (35 live, 1 preview)
  • Controls per solution (avg): 3.2

Framework Reference

Full control specifications are available in the FSI Agent Governance Framework.