§ I · The Standard

Edition: v.1.2
Status: Public review
Issued by: Human Intelligence

HI-AAF, the Agent Assurance Framework.

HI-AAF is a structured framework for assessing whether an autonomous AI agent is fit to be trusted in production. It describes 9 domains of agent behavior, breaks each domain into a set of testable controls (94 in total at this edition), and grades implementation against a five-level maturity ladder.

The framework is intentionally domain-bounded: it does not attempt to govern the underlying model, the training pipeline, or the application code that surrounds the agent. Those are addressed by adjacent standards (NIST AI RMF, ISO 42001, OWASP LLM Top 10). HI-AAF addresses the agent in production — the place where behavior under uncertainty is the question that actually matters.

Maturity ladder Mappings to other frameworks Glossary Methodology Version history

Table 1 · HI-AAF Domains · v.1.294 controls · 9 domains

GOV11 controls

Governance & Accountability

Ownership, policy, and risk-management discipline for every agent in production.

Read domain

SPC9 controls

Agent Specification & Pre-Deployment Assurance

Behavior, capabilities, and constraints validated before deployment and on material change.

Read domain

IAM8 controls

Identity, Access & Authorization

Scoped identity, least-privilege credentials, and clean attribution for every agent action.

Read domain

INP10 controls

Input & Prompt Security

Defense against direct and indirect prompt injection, including through memory and retrieval.

Read domain

ACT9 controls

Action & Tool Use Controls

Tool allowlists, blast-radius limits, and pre-execution review for irreversible actions.

Read domain

DAT13 controls

Data Protection & Privacy

Classification, isolation, and lifecycle of data across prompts, memory, and retrieval.

Read domain

OUT14 controls

Output Integrity & Supply Chain

Groundedness, safety, fairness, and provenance of outputs — and trust in upstream providers.

Read domain

MON11 controls

Continuous Monitoring & Human Oversight

Per-step logging, drift detection, and a qualified human review queue with documented SLAs.

Read domain

MAS9 controls

Multi-Agent Systems

Cross-agent identity, authorization, blast radius, and propagation of suspend across the chain.

Read domain

GOVGovernance & Accountability11 controlsOwnership, policy, and risk-management discipline for every agent in production.Read domain

SPCAgent Specification & Pre-Deployment Assurance9 controlsBehavior, capabilities, and constraints validated before deployment and on material change.Read domain

IAMIdentity, Access & Authorization8 controlsScoped identity, least-privilege credentials, and clean attribution for every agent action.Read domain

INPInput & Prompt Security10 controlsDefense against direct and indirect prompt injection, including through memory and retrieval.Read domain

ACTAction & Tool Use Controls9 controlsTool allowlists, blast-radius limits, and pre-execution review for irreversible actions.Read domain

DATData Protection & Privacy13 controlsClassification, isolation, and lifecycle of data across prompts, memory, and retrieval.Read domain

OUTOutput Integrity & Supply Chain14 controlsGroundedness, safety, fairness, and provenance of outputs — and trust in upstream providers.Read domain

MONContinuous Monitoring & Human Oversight11 controlsPer-step logging, drift detection, and a qualified human review queue with documented SLAs.Read domain

MASMulti-Agent Systems9 controlsCross-agent identity, authorization, blast radius, and propagation of suspend across the chain.Read domain

Table 2 · Maturity ladder · v.1.25 levels · applied per control

Ad hoc

Controls exist informally; documentation is incomplete; no consistent review.

Documented

Controls are written down; ownership is assigned; review cadence is defined.

Operated

Controls are followed in practice; evidence is collected; deviations are tracked.

Measured

Control effectiveness is measured against documented thresholds; trends are reported.

Continuously Improved

Controls evolve based on incident learning; maturity gains are evidenced over time.

L1Ad hocControls exist informally; documentation is incomplete; no consistent review.

L2DocumentedControls are written down; ownership is assigned; review cadence is defined.

L3OperatedControls are followed in practice; evidence is collected; deviations are tracked.

L4MeasuredControl effectiveness is measured against documented thresholds; trends are reported.

L5Continuously ImprovedControls evolve based on incident learning; maturity gains are evidenced over time.

Notice

HI-AAF v1.2 is an independent framework published by Human Intelligence. It is not affiliated with NIST, ISO, AICPA, or any government or accreditation body. The framework is offered openly for review during the current draft cycle.