When the comic first came out there was a bunch of analysis
http://www.explainxkcd.com/wiki/index.php/936:_Password_Stre...
"xkcd's entropy estimate of 11 bits per word assumes that the password is being brute-forced with a dictionary attack, and that the words are being chosen from a dictionary of 2000 words (log2(2000) ≈ 11). (For comparison, the entropy offered by Diceware's 7776 word dictionary is 13 bits per word.) If a dictionary attack were not used, the "common words" password would take even longer to crack than depicted. (25 random lowercase characters would have 117 bits of entropy, vs 44 bits for the dictionary words.)"
So yeah maybe it is implicit in the comic, but the math is backed by a specific set of assumption on how the words were selected. Or I could be wrong, I haven't verified it personally.
I think it is cool that both estimates of entropy come to the same number, but that still seems like the wrong way to look at the approach even if Randall didn't intend it that way.
The NIST entropy estimation is based off of characters that aren't chosen at random (I think?) and it is a heuristic.
For the approach I think Randall intended to describe they aren't really words, just glyphs chosen randomly from a set of glyphs. That these glyphs are easy to memorize and drop right into existing password interfaces is orthogonal.
So yeah maybe it is implicit in the comic, but the math is backed by a specific set of assumption on how the words were selected. Or I could be wrong, I haven't verified it personally.