Skip to content

v0.1.4 — Content accuracy: NIST r3, OWASP Agentic 2026, nomenclature polish

Choose a tag to compare

View all tags
@jacobideji jacobideji released this 17 Jun 22:21
· 91 commits to main since this release
v0.1.4
3ec0272
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.1.4 — Content accuracy: NIST r3 + OWASP Agentic 2026 + nomenclature polish

Five citation/accuracy fixes surfaced during a deep content audit. No framework substance changes — the four MVO controls, Six Triage Questions, Kill-Switch Modes M0–M5, Minimum Evidence Set A–F, and four-level maturity model are byte-identical to v0.1.3.

What changed

  • NIST SP 800-61 r2 → r3 — NIST officially withdrew r2 in April 2025 and published r3 (Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile). README.md now cites r3 in three places (intro paragraph, diagram note, Related work). The r2 six-phase lifecycle diagram is retained as widely-understood operational shorthand; a full AI IR Overlay ↔ CSF 2.0 (Govern/Identify/Protect/Detect/Respond/Recover) crosswalk is planned for v0.2.
  • OWASP Top 10 split — OWASP Top 10 for LLM Applications (2025.1) and OWASP Top 10 for Agentic Applications 2026 (ASI01–ASI10, including the "Least Agency" principle) are separate publications. README.md now cites both. An AI IR Overlay ↔ OWASP Agentic Top 10 crosswalk is on the roadmap.
  • MVO-N nomenclatureframework/01-minimum-viable-overlay.md now defines the MVO-1MVO-4 shorthand explicitly, so downstream files (crosswalks/nist-ai-rmf.md, framework/03-maturity-roadmap.md) reference a canonical source.
  • CommonMark code-fence syntax — Removed stray text info strings from the closing fences in framework/03-maturity-roadmap.md and triage/six-questions-card.md (per CommonMark spec, closing fences must be bare).
  • CITATION.cff — Version bumped to 0.1.4 (both top-level and preferred-citation).

What did NOT change

  • The MVO controls (Inventory, Safe Modes, Minimum Evidence Set, Controlled Re-Enable)
  • The Six Triage Questions
  • The Kill-Switch Modes M0–M5 (definitions and TTA targets)
  • The Minimum Evidence Set A–F
  • The four-level Maturity Model
  • The NIST AI RMF crosswalk (already correctly cited)
  • ISO/IEC 42001:2023 and EU AI Act references (already correctly cited)

Cite this release

Ideji, J. (2026). The AI IR Overlay Framework (v0.1.4). https://github.com/jacobideji/aiiroverlay

Next

v0.2.0 ships Playbook 1 — the first practitioner playbook from the LinkedIn newsletter series. Per the framework's release model, every playbook is its own MINOR release. v0.2 will also include the AI IR Overlay ↔ CSF 2.0 crosswalk.

Acknowledgments

Thanks to the deep content audit process for surfacing the NIST r3 supersession and the OWASP Agentic 2026 distinction. Both are the kind of findings a regulator or savvy reader would catch on first read.

Assets 2
Loading