Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
We're exploring how organizations adapt IAM to AI. Take the AI Identity and Risk Readiness Survey by September 5 →

Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and the Roadmap to STAR for AI 42001

Published 08/20/2025

Home
Industry Insights
Announcing the AI Controls Matrix and ISO/IEC 42001 Mapping — and the Roadmap to STAR for AI 42001
Written by Jim Reavis, Co-founder and Chief Executive Officer, CSA.

Today, CSA is releasing the official mapping of the AI Controls Matrix (AICM v1.0) to ISO/IEC 42001:2023—with companion references to ISO/IEC 27001 and 27002. This practical guide helps organizations integrate AI-specific controls into existing ISMS programs, accelerate gap analysis, and build confidence in responsible AI.

At the same time, we’re unveiling the next evolution of assurance for AI: STAR for AI 42001—a pragmatic on-ramp to third-party assurance that meets organizations where they are while we continue to create innovative and robust STAR assurance solutions for AI.

 

What’s new today

AICM ↔ ISO/IEC 42001 mapping (available now)

A clear, control-by-control view of how AICM v1.0 aligns to ISO/IEC 42001:2023, with pointers to ISO/IEC 27001/27002 where compensating controls may close partial gaps. Use it to:

  • Spot AI governance gaps quickly
  • Integrate AI-specific policies, logging, data quality, and incident response into your ISMS
  • Save time with one authoritative reference across AICM, 42001, and 27001/27002

Get the Mapping

 

Introducing STAR for AI 42001 — a pragmatic on-ramp to AI assurance

Building on your ISO/IEC 42001 foundation, STAR for AI 42001 recognizes real progress while raising the AI bar with CSA’s artifacts and automation:

 

1) STAR for AI Level 1 (AI CAIQ Self-Assessment)

Release date: October 23, 2025

Publish your AI CAIQ self-assessment to the STAR Registry to establish transparent, standardized disclosures against the AICM.

 

2) ISO/IEC 42001 Document Support for STAR Registry

Release date: October 23, 2025

Organizations certified to ISO/IEC 42001 can upload their certificates to the STAR Registry. This creates early visibility and prepares you for STAR for AI 42001 recognition.

 

3) Valid-AI-ted for AI (Scored Self-Assessment)

Release date: November 20, 2025

Run your AI CAIQ through CSA’s Valid-AI-ted scoring engine for structured, explainable feedback and an overall score—bringing consistency and signal to self-assessments.

 

4) STAR for AI 42001 (Provisional Level 2)

Release date: November 20, 2025

For organizations certified to ISO/IEC 42001: publish your certificate (Step 2) and pair it with a Valid-AI-ted CAIQ (Step 3). You’ll earn STAR for AI 42001, a provisional Level 2 recognition that validates your 42001 AI-MS and makes your AI control posture transparent and comparable via CSA artifacts.

 

With the release of our AICM mapping to ISO/IEC 42001 and the launch of STAR for AI 42001, we are signaling more than just new tools — we are setting the direction for how trust in AI will be earned. The industry is hungry for clarity, and this roadmap gives organizations a way to demonstrate responsibility today while preparing for the assurance frameworks of tomorrow. By combining the discipline of international standards with CSA’s commitment to transparency and innovation, we are building a foundation for AI that is not only secure and compliant, but also trusted, explainable, and resilient.

StandardsComplianceCloud Controls MatrixSTARArtificial Intelligence

Share this content on your favorite social network today!

Cloud Assurance
Related Resources
STAR
The industry's standard for security assurance in the cloud.
Cloud Controls Matrix & CAIQ v4
The standard cybersecurity control framework.
Trusted Cloud Provider
Demonstrate your commitment to holistic security.
Latest from CSA
Register Now for CSA's Virtual AI Summit 2025
Secure IAM for Agentic AI Systems
Participate in the Data Security in AI Environments Peer Review
Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates

Audit Cloud Providers with Confidence & Enroll in STAR Lead Auditor Training
Related Articles:
Vulnerability Management Needs Agentic AI for Scale and Humans for Sense

Published: 08/22/2025

A Breakdown of the ISO 27001 Certification Process

Published: 08/21/2025

Securing the Agentic AI Control Plane: Announcing the MCP Security Resource Center

Published: 08/20/2025

The Definitive Catch-Up Guide to Agentic AI Authentication

Published: 08/18/2025