How the Decision Assurance Levels map to NIST.
Five decision rungs, three system tiers, and one rung the security standards do not yet name. This crosswalk maps the Decision Assurance Levels onto NIST's agent-security work and its FIPS 199 / SP 800-53 impact tiers — complementary, mappable, and explicitly not an equivalence.
Three bridges, one white space.
The two frameworks align on the axes they share, and diverge on one the security work leaves open.
Consequence ↔ impact
The Levels grade a decision by what happens if it is wrong; NIST selects controls by FIPS 199 impact (Low / Moderate / High). Same logic, coarser grain.
Autonomy ↔ oversight
The Levels cap automation by consequence, from advisory-only to autonomous; NIST calls for approvals for consequential actions, echoed by OWASP's "Least Agency." Both keep a human in as stakes rise.
Assurance ↔ audit + identity
The Levels scale evidence, dissent, and documentation; NIST scales its Audit and Accountability and Identification controls and the NCCoE logging-and-attribution work.
Five rungs onto three tiers.
Shared shading shows the correspondence: the security tier rates the system; the Decision Assurance Level rates the decision.
The full crosswalk.
| DAL | Decision consequence | NIST impact (FIPS 199 / SP 800-53 · COSAiS) | Agent autonomy / oversight | Audit & accountability | Decision provenance (no NIST counterpart yet) |
|---|---|---|---|---|---|
| DAL A | Catastrophic, irreversible, enterprise-wide | High (bespoke / above baseline) | Advisory only — a human decides | Cited + verified evidence; dissent with rationale; sign-off chain | Options, evidence, named authority; decision kept separate from outcome |
| DAL B | Critical, hard to reverse | High | Human decides; agent recommends with conditions | Cited findings; dissent captured; full documentation | Decision record with evidence + authority |
| DAL C | Significant, moderately reversible | Moderate | Decide with human confirmation | Standard review; inviolable rules enforced | Decision + rationale recorded |
| DAL D | Minor, reversible, local | Low | Decide with a human veto window | Light review; record kept | Basis logged |
| DAL E | Negligible, fully reversible, conformant | Low (or below baseline) | Autonomous, with an audit trail | Automated assurance + complete logging | Auto-logged provenance |
Operating rule. Operating autonomy is the lower of two axes — the decision's level and the autonomy a system earned in general. A system trusted broadly still drops to advisory for a DAL A decision; and where the two disagree, ties round up.
What this crosswalk is, and is not.
Proposed, not official
NIST defines no decision-accountability levels — the gap this crosswalk names. The Council maps to NIST; it does not speak for NIST.
Coarser grain
FIPS 199 carries three tiers to the Levels' five; A and B both land at or above High, D and E both near Low.
Different subject
FIPS 199 rates a system's security impact; the Levels rate a decision's consequence. Where a low-impact system makes a high-consequence decision, the decision's level governs.
Use it, and check it.
This crosswalk is open and freely usable in draft. Cite it, map your own decisions against it, and tell us where it is wrong.
Cite as: Decision Assurance Council (2026), "Decision Assurance Levels ↔ NIST impact: a proposed crosswalk," v0.1, decisionassurance.org/dal-nist-crosswalk.html.
Sources — CAISI Request for Information, Security Considerations for AI Agents (Federal Register, docket NIST-2025-0035, 2026); NIST AI 800-5 (2026); NIST AI Agent Standards Initiative (2026); NCCoE, Software and AI Agent Identity and Authorization; NIST CSRC, Control Overlays for Securing AI Systems (COSAiS); FIPS 199 and NIST SP 800-53. The Decision Assurance Levels are maintained by the Council as an open standard (v0.1 draft).
The Decision Assurance Council is independent. It is not affiliated with, sponsored by, or endorsed by NIST or any government agency; references to external standards are for orientation only.
Help shape the crosswalk.
Founding endorsers refine the mapping as both the Levels and the NIST frameworks mature.