HomeAboutServicesBlogContact Client Login Work With Us
AI Agent Governance

Configuration Management and the AIGP Body of Knowledge: The Operational Layer the Curriculum Implies

The AIGP Body of Knowledge defines what AI governance professionals are accountable for. Configuration management provides the operational mechanic that turns those accountabilities into runtime control.

11 min

This is the closing post in a six-part series on configuration management for AI agents. The preceding posts staked out the latency gap in agentic AI governance, introduced a four-discipline framework that closes it, detailed the Key Risk Indicator tier model that turns measurement into actual control, mapped the framework to the NIST AI Risk Management Framework, and walked through the framework’s working implementation in the Prism dashboard. That fifth post is an honest evidence walkthrough: it governs Prism’s own business-records system today, holds Prism’s own AI agents at a gated, pre-production state — artifacts authored, rollback rehearsed, sign-off pending — and describes full autonomous-agent governance as the next step rather than a current claim.

This post is for a specific audience: the people studying for the IAPP Artificial Intelligence Governance Professional certification, and the people who already hold it.

The argument is straightforward. The AIGP Body of Knowledge defines what AI governance professionals are accountable for. The community study material covers law, policy, and risk assessment thoroughly. What it covers thinly — and what configuration management provides directly — is the operational mechanic that turns governance accountabilities into runtime control. If you are studying for the cert and looking for the part of the curriculum that makes the work feel concrete rather than theoretical, the framework in this series is one practitioner’s answer.

What the AIGP is, and why it matters

The IAPP launched the AIGP certification in 2023 to formalize the AI governance role as a profession distinct from privacy or security. The certification is policy-neutral, vendor-neutral, and aligned to the standards governance professionals are most often accountable to — NIST AI RMF, ISO/IEC 42001, the EU AI Act, sectoral regulations including healthcare, financial services, and federal contracting requirements.

The Body of Knowledge version 2.1, effective February 2, 2026, defines four domains:

The certification has grown quickly. AIGP holders work in compliance, risk, legal, privacy, and operations functions across regulated industries. The exam tests whether the candidate can describe the AI lifecycle, identify and categorize risks, apply the relevant legal and ethical frameworks, and reason through deployment decisions. The work the certification credentials is real, important, and not yet fully scoped at the operational level.

The gap in the community study material

The community study reference for the AIGP — Oliver Patel’s unofficial resource guide, maintained as IAPP faculty — is a curated list of roughly 100 resources covering legal frameworks, risk assessment methodologies, AI ethics literature, sectoral regulations, and the major standards. It is foundational and policy-centric. Read carefully against the BoK, it is also explicitly thin on operational governance mechanics.

Configuration management vocabulary does not appear in the curated resources. Drift thresholds do not appear. Key Risk Indicator frameworks do not appear. Agentic-specific governance, as distinct from static-model governance, is largely absent. The standards the BoK references — NIST AI RMF, ISO/IEC 42001 — are catalogued but not crosswalked. Patel’s guide is not failing the candidates. It is reflecting the state of the field accurately. The operational layer has not yet been written into the canon.

This is not unusual for a young profession. The privacy field went through the same evolution. CIPP material in the early 2000s was heavy on law and light on the operational practices — privacy impact assessments, data inventories, breach response runbooks — that became standard later. The standards came first; the operational discipline followed. AI governance looks to be in a comparable phase. The framework in this series is one attempt at that operational layer, not the only possible one.

The Governance Maturity Model contrasts two evolutions: privacy in the early 2000s moved from law and policy to operational mechanics like impact assessments and breach runbooks, while AI governance since 2023 has its law and policy layer in the AIGP Body of Knowledge but its operational mechanics still missing — the discipline that turns accountabilities into runtime control, leaving AI governance in the policy-first phase privacy already passed through.
The Governance Maturity Model contrasts two evolutions: privacy in the early 2000s moved from law and policy to operational mechanics like impact assessments and breach runbooks, while AI governance since 2023 has its law and policy layer in the AIGP Body of Knowledge but its operational mechanics still missing — the discipline that turns accountabilities into runtime control, leaving AI governance in the policy-first phase privacy already passed through.

Where the framework slots in

The Prism CM-AI Framework consists of four configuration management disciplines — Baseline, Change Control, Drift Detection, Audit & Remediation, abbreviated BCDA — applied across three delivery layers, with the Key Risk Indicator tier model layered over the whole. The framework maps most cleanly to BoK Domains III and IV, which together describe the operational scope of the AI governance role.

The BCDA engine shown as four interlocking gears that operationalize AI governance: Baseline defines the defensible configuration as a version-controlled artifact, Change Control sets approval paths for prompt, tool, and data-scope changes, Drift Detection runs continuous comparison of live behavior against the baseline, and Audit and Remediation provides traceability and tested rollback paths.
The BCDA engine shown as four interlocking gears that operationalize AI governance: Baseline defines the defensible configuration as a version-controlled artifact, Change Control sets approval paths for prompt, tool, and data-scope changes, Drift Detection runs continuous comparison of live behavior against the baseline, and Audit and Remediation provides traceability and tested rollback paths.

Domain III — Governing AI development

Domain III covers what governance looks like during the build phase of the AI lifecycle. The subdomains include data governance, design specifications, documentation, model selection and design, and pre-deployment evaluation.

The framework’s contributions to Domain III are:

Baseline definition as a development artifact. The BoK is explicit that AI governance must establish documentation throughout the lifecycle. The framework treats the baseline — model version, system prompt content hash, tool inventory, data scope, expected behavior distribution, latency band, refusal rate, cost-per-action target — as a first-class development artifact, version-controlled alongside the code. Most current AI development practice treats prompts as configuration that lives in someone’s local environment or in a deployment YAML that no one has reviewed. The framework treats them as auditable artifacts.

Change control extended to prompts and tools. Domain III names policies and procedures throughout the AI life cycle as a governance accountability. Most organizations have change control for code and model upgrades. Few have change control for prompt revisions, tool inventory changes, or data-scope expansions. The framework requires a defined approval path for every change to any baseline element, with documented authority and audit trail. This is the operational mechanic the BoK implies but does not specify.

Pre-deployment baseline validation. Domain III covers pre-deployment assessment. The framework requires the development team to validate that the agent’s behavior, evaluated against its planned baseline, meets the thresholds the organization is willing to defend. This is not optional. Without it, the deployment phase has no reference point against which to measure drift.

A two-column table mapping Domain III requirements to CM-AI mechanics: establishing documentation throughout the lifecycle becomes the baseline as a version-controlled development artifact, policies and procedures for lifecycle management become expanded change control over prompts and tools, and pre-deployment evaluation becomes baseline validation that establishes the reference point before deployment.
A two-column table mapping Domain III requirements to CM-AI mechanics: establishing documentation throughout the lifecycle becomes the baseline as a version-controlled development artifact, policies and procedures for lifecycle management become expanded change control over prompts and tools, and pre-deployment evaluation becomes baseline validation that establishes the reference point before deployment.

Domain IV — Governing AI deployment and use

Domain IV is where the framework lands hardest. The subdomains cover operational monitoring, incident response, post-market activities, and ongoing risk management.

The framework’s contributions to Domain IV are:

Drift detection as operational discipline, not dashboard. Domain IV requires ongoing monitoring of deployed AI systems. The framework specifies what that monitoring looks like in practice: continuous comparison of live agent behavior against the documented baseline, with predefined thresholds and predefined responses, running at the speed of the agent rather than the speed of human attention. The third post in this series details the KRI tier model that operationalizes this requirement — Tier 1 warnings investigated within 24 hours, Tier 2 actions triggering auto-throttle and human review, Tier 3 interventions activating kill-switch and rollback.

Incident response with tested rollback. Domain IV covers incident handling and recovery. The framework requires that the rollback procedure for each production agent be documented, tested before it is needed, and rehearsed periodically. Most current AI deployments have logs, which support post-hoc forensics. Few have a tested rollback path, which is what allows the organization to actually recover. The first time the rollback procedure runs is the time it has to work.

An audit trail built for the regulator’s question. The BoK is explicit that AI governance produces evidence. The framework requires that any agent action be traceable to the baseline that authorized it — model version, prompt hash, tool inventory, data scope, change history, approval record. This is the artifact that answers the question every auditor and regulator eventually asks: was the agent that took this action operating within the configuration the organization approved? Most current AI deployments cannot produce this artifact. The framework makes producing it routine.

A two-column table mapping Domain IV requirements to CM-AI mechanics: ongoing operational monitoring becomes speed-of-agent drift detection comparing live behavior against the documented baseline, incident response and recovery becomes a documented and rehearsed rollback path supported by logs, and post-market risk management evidence becomes an audit trail tracing every agent action back to the baseline configuration that authorized it.
A two-column table mapping Domain IV requirements to CM-AI mechanics: ongoing operational monitoring becomes speed-of-agent drift detection comparing live behavior against the documented baseline, incident response and recovery becomes a documented and rehearsed rollback path supported by logs, and post-market risk management evidence becomes an audit trail tracing every agent action back to the baseline configuration that authorized it.

Domain II — Standards crosswalk

Domain II tests how the major standards apply to AI. The fourth post in this series provides the explicit crosswalk between the framework and NIST AI RMF — a primary mapping rather than a strict one-to-one: Govern with Change Control, Map with Baseline, Measure with Drift Detection and the KRIs, Manage with Audit & Remediation. The full white paper extends the crosswalk to ISO/IEC 42001:2023 — mapping to its operational-control and performance-evaluation clauses, which the standard organizes under a Plan-Do-Check-Act cycle — and to the EU AI Act’s post-market monitoring plan for high-risk systems (Article 72).

For AIGP candidates, the crosswalk is study-aid material in addition to operational reference. The standards are the curriculum’s testable surface. The framework is one way to remember how the surfaces connect.

The standards crosswalk shows the framework mapped across three standards: NIST AI RMF, where Map is addressed by baseline definition, Measure by drift detection and the KRIs, Govern by change control, and Manage by audit and remediation; ISO/IEC 42001:2023, where the disciplines map to operational-control and performance-evaluation clauses under the Plan-Do-Check-Act cycle; and the EU AI Act, where the framework provides the mechanical foundation for the Article 72 post-market monitoring plan for high-risk systems.
The standards crosswalk shows the framework mapped across three standards: NIST AI RMF, where Map is addressed by baseline definition, Measure by drift detection and the KRIs, Govern by change control, and Manage by audit and remediation; ISO/IEC 42001:2023, where the disciplines map to operational-control and performance-evaluation clauses under the Plan-Do-Check-Act cycle; and the EU AI Act, where the framework provides the mechanical foundation for the Article 72 post-market monitoring plan for high-risk systems.

Domain I — Foundations

Domain I covers the foundational concepts of AI governance — what AI is, why governance is needed, who the stakeholders are, what the lifecycle looks like. The framework does not extend Domain I directly. It assumes the candidate has the foundational vocabulary and is looking for the operational layer that sits on top of it. The framework sits on top of the Domain I foundations rather than restating them; it is most useful once the operational domains, III and IV, are in view.

What this means for AIGP candidates

If you are preparing for the exam, the framework is most useful as a structural memory aid for Domains III and IV. The BCDA acronym — Baseline, Change Control, Drift Detection, Audit & Remediation — captures the four operational practices that produce the governance outcomes the BoK requires. The KRI tier model captures how monitoring becomes a control rather than a dashboard. The crosswalks against NIST AI RMF, ISO/IEC 42001, and the EU AI Act tie the operational practices back to the standards Domain II asks you to apply.

The framework is a practitioner’s attempt to give the operational layer the same structure the policy layer already has. It is not affiliated with or endorsed by IAPP and does not replace the official body of knowledge — it is offered alongside it as the operational mechanic the curriculum implies.

The KRI escalation ladder presented as four tiers showing why drift detection is a discipline rather than a dashboard: Green is normal operation within expected behavior and cost, Yellow is a Tier 1 warning of minor drift triggering a 24-hour human review, Orange is a Tier 2 action on a threshold breach triggering auto-throttle and immediate escalation, and Red is a Tier 3 intervention on a critical safety or refusal failure activating the kill-switch and tested rollback.
The KRI escalation ladder presented as four tiers showing why drift detection is a discipline rather than a dashboard: Green is normal operation within expected behavior and cost, Yellow is a Tier 1 warning of minor drift triggering a 24-hour human review, Orange is a Tier 2 action on a threshold breach triggering auto-throttle and immediate escalation, and Red is a Tier 3 intervention on a critical safety or refusal failure activating the kill-switch and tested rollback.

What this means for AIGP holders

If you already hold the certification and are now responsible for implementing AI governance in your organization, the framework is the operational scaffolding. The five posts that precede this one walk through how the disciplines work in practice — what to baseline, what to change-control, what to monitor, what thresholds to set, what to put in the audit trail, what to test before you need it.

The framework is published with two companion documents available on request: the Prism CM-AI Framework reference, which documents the disciplines and the delivery model, and the Prism CM-AI KRI Starter Set, which provides default thresholds and tier mappings for the most common categories of risk indicator. Both are designed to be implementable by a working AI governance team without requiring tooling investment beyond what most organizations already have.

Closing the series

A two-audience closing split: for AIGP candidates the framework is a structural memory aid for mastering Domains III and IV, and for practitioners it is the operational scaffolding to govern agents at the speed they run without new tooling, with the Prism CM-AI Framework Reference documenting the disciplines and the KRI Starter Set providing default thresholds and tier mappings — policy defines the outcome, configuration management builds the engine.
A two-audience closing split: for AIGP candidates the framework is a structural memory aid for mastering Domains III and IV, and for practitioners it is the operational scaffolding to govern agents at the speed they run without new tooling, with the Prism CM-AI Framework Reference documenting the disciplines and the KRI Starter Set providing default thresholds and tier mappings — policy defines the outcome, configuration management builds the engine.

The argument of this series, restated for the last time: AI governance frameworks define policy outcomes. Configuration management is the discipline that produces them. The two are not in tension, and neither is sufficient on its own. The latency gap between agent speed and human attention is closed by combining the two — policy at the top, configuration management at the bottom, KRIs and tiered escalation as the connective tissue.

For AIGP candidates and certified professionals, the framework is offered as the operational layer the curriculum implies but does not yet fully detail. For everyone else, the framework is offered as a way to govern AI agents at the speed they actually operate. Either audience is welcome. Both are reading the same series.

Thank you for reading.

This closes the six-part series on Configuration Management for AI Agents. The fifth post walks through the framework’s working implementation in the Prism dashboard — what is governed today, what sits in the pre-production gate, and what extending to fully autonomous agents will take. The framework reference, the KRI starter set, and the supporting white paper are available through the Prism Resources hub.

Sources cited

Studying for the AIGP, or Implementing One?

Prism AI Analytics provides operational governance for AI agent deployments, mapped to the accountabilities the AIGP Body of Knowledge defines. The Prism CM-AI Framework is the implementation layer for those accountabilities — usable as a study reference and as a working operational scaffold.

Request the Framework + KRI Starter Set

Stay in the loop

New Insights, straight to your inbox.

Get the next post on enterprise AI governance the morning it publishes. No noise, one signal per week.