§ Perspectives · Frameworks vs. Requirements · July 15, 2026

ARMCF is a good framework. It is not a requirement.

A framework tells your team what to operate. A regulator asks what you can prove. Those are different questions — and only one of them is mandatory.

By Lindsay Hiebert · Founder · CISSP

There is a new framework making the rounds: ARMCF, the AI and Agentic Risk Management and Control Framework, published by SACR (Software Analyst Cyber Research) in July 2026. It maps the six NIST CSF 2.0 functions — Govern, Identify, Protect, Detect, Respond, Recover — onto AI and agentic systems, with control mappings to NIST AI RMF, ISO/IEC 42001, MITRE ATLAS, the OWASP LLM Top 10, and more.

Let me say the generous and true thing first: it is a good piece of work. If you run a security operations team, ARMCF is a sensible operating model — especially its Detect / Respond / Recover coverage, which is exactly the runtime muscle most AI programs are missing. If it helps your SecOps team organize how they operate AI at runtime, use it.

But there is a question you should ask of ARMCF — and of every tool and framework that arrives wearing the words “AI governance” — before it goes anywhere near your budget:

Is this a requirement, or a nice-to-have?

The category error

ARMCF is an analyst synthesis — a practitioner operating model. It is not a statute, not a certifiable standard, and no regulator, auditor, or insurer requires conformance to it. There is no ARMCF audit, no ARMCF certificate anyone asks for on a renewal questionnaire, no clause in the EU AI Act or a US state law that says “thou shalt ARMCF.” It is July 2026 analyst content. That is not a criticism — it is a category. A framework tells your team what to operate.

What regulators and auditors actually ask for is a different thing entirely: documented evidence. The regulation-anchored AI Acceptable Use Policy. The dated, severity-ranked risk assessment. The board memo that records oversight. The training-and-acknowledgment records. Those are the artifacts that EU AI Act Article 17 (quality-management documentation), Colorado SB 26-189, and ISO/IEC 42001 (Clause 7.5 “documented information”) require as proof that a program exists. That obligation is mandatory. And a framework does not produce it — you still have to write the artifact.

This is not just an ARMCF problem

The same category error hides inside a lot of expensive purchases. A Cisco router or Cisco AI Defense, a Palo Alto AI Access firewall, a Fortinet gateway, a Wiz AI-SPM deployment — these are excellent products at what they do. They observe traffic, they enforce policy at the wire, they detect and block at runtime. Every AI program of scale needs that enforcement and observability layer.

But notice what none of them hands you: the artifact a regulator reads. A firewall rule is not a policy. A telemetry dashboard is not a risk assessment. A blocked connection is not a board memo. Observability gets you observability. Enforcement gets you enforcement. Neither one produces governance — the documented, regulation-anchored evidence that an auditor, an underwriter, or your board actually asks to see. That is a third, separate layer, and it is the one the law is specifically about.

Why the distinction protects you

Here is the trap. You can spend six figures on frameworks and runtime tooling, genuinely improve your security posture, and still not be able to produce a single document your auditor, your cyber underwriter, or your board asks for. You will have bought real capability — and zero evidence. When the questionnaire lands or the audit opens, “we adopted ARMCF and deployed Palo Alto” is not an answer to “show me your documented AI risk assessment and your acceptable-use policy.”

So buy the tools for exactly what they do. Adopt ARMCF if it helps your SecOps team operate. Deploy the firewall to enforce. Just don’t let a good framework or a good appliance be mistaken for the evidence layer — because the person grading you at renewal time is not asking what you operate. They are asking what you can prove.

Where SanctumShield sits

This is the layer SanctumShield is built for, and only this layer. It does not replace ARMCF, and it does not replace your firewall. It produces the governance artifacts that sit above both — the regulation-anchored Acceptable Use Policy, the Executive Risk Report, and the one-page Board Memo, each carrying a five-year verification URL an auditor or underwriter can independently confirm. The mandatory documentation obligation, generated for your organization in minutes. That is the deliverable a framework and an appliance both leave on your desk to write yourself.

A framework tells you what to operate. A regulator asks what you can prove. Make sure you’re answering the question you’ll be graded on.

ARMCF is defined in plain English, with its control mappings and the observability-vs-enforcement-vs-governance layer distinction, in the public SanctumShield glossary, refreshed monthly.

Free Shadow AI Risk Audit

See what your current stack is missing — in 12 questions.

The SanctumShield free Shadow AI Risk Calculator runs in your browser. No account, no email, no credit card. Twelve questions, instant risk score, three primary findings tailored to what you submit.

Perspectives · a standalone essay outside the numbered CISO Learning Journey · also shared on LinkedIn and Substack · see the full blog →

ARMCF Is a Good Framework. It Is Not a Requirement. — SanctumShield