---
type: "AIHallucinationFinding"
title: "Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity…"
citation_id: "RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47"
finding_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch"
question_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008"
regulation_id: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_slug: "CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_title: "Guidance on Cyber Resilience for Financial Market Infrastructures"
regulator_short_code: "BIS-CPMI"
regulatory_body_id: "BIS-CPMI-INT-001"
jurisdiction_code: "INT"
j_level: "J1"
ai_subject: "claude-opus-4-7"
ai_subject_display: "Claude Opus 4.7 (web search on)"
ai_subject_version: "opus-47-websearch"
response_failure_mode: "inference_drift"
substrate_document_name: "p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm"
substrate_document_path: "https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm"
substrate_section_anchor: "d146 — whether NIST CSF is formally cited"
citation_issue_types: ["Contradictory"]
audiences: ["ai_labs"]
published_at: "2026-05-30T00:06:03.464820+00:00"
substrate_version: 1
methodology_version: "2.3"
license: "CC-BY-4.0"
resource: "https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/"
tags: ["ai-hallucination", "inference_drift", "bis-cpmi", "cpmi-iosco-cyber-resilience-fmi-2016", "int"]
timestamp: "2026-06-16T00:00:00+00:00"
---

# AI Hallucination Finding: Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity…

- **Citation ID.** `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47`
- **Finding UID.** `INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch`
- **Regulation.** [`CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016`](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md) — Guidance on Cyber Resilience for Financial Market Infrastructures
- **Regulator.** [`BIS-CPMI-INT-001`](/okf/bodies/BIS-CPMI-INT-001.md) — Bank for International Settlements — Committee on Payments and Market Infrastructures (CPMI)
- **AI subject.** Claude Opus 4.7 (web search on)
- **Failure mode.** [`inference_drift`](/okf/taxonomy/failure-modes.md)
- **Published.** 2026-05-30T00:06:03.464820+00:00

## Question put to the AI subject

Does the CPMI-IOSCO 2016 Cyber Guidance explicitly reference or align with the NIST Cybersecurity Framework?

## AI subject's verbatim answer

The 2016 Guidance is principles-based and does not explicitly adopt or normatively cross-reference the NIST Cybersecurity Framework in its text, although it was developed in awareness of NIST CSF, ISO/IEC 27000 series, COBIT and similar bodies of practice.

## Verbatim regulator text contradicting the answer

> Unknown — searches did not confirm a verbatim NIST citation in the 2016 Cyber Resilience Guidance. The five guidance categories are structurally similar to the NIST CSF five functions but may be independently derived.

_Source:_ [p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm](https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm)
_Section anchor:_ d146 — whether NIST CSF is formally cited

## Failure mode

**`inference_drift`** — Inference drift — the AI inferred a conclusion the regulator's text does not warrant, often by combining unrelated provisions.

## Citation-issue types

- **Contradictory** — <https://www.bis.org/cpmi/publ/d146.pdf>
- **Contradictory** — <https://www.iosco.org/library/pubdocs/pdf/IOSCOPD633.pdf>

## Related concepts

- Regulation: [CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md)
- Regulator: [BIS-CPMI-INT-001](/okf/bodies/BIS-CPMI-INT-001.md)
- Failure-mode taxonomy: [inference_drift](/okf/taxonomy/failure-modes.md)
- Methodology: [v2.3](/okf/methodology.md)
- Editorial standards: [right of reply](/okf/editorial-standards.md)

## Reproduction

Citation ID: `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47`

Resource URL (HTML view of this finding):

<https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-008--opus-47-websearch/>

This finding is reproducible against the substrate document linked above, using the same AI subject, the same methodology version, and the verbatim question text.