genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI03.json ADDED
@@ -0,0 +1,671 @@
1
+ {
2
+ "id": "DSGAI03",
3
+ "name": "Shadow AI and Unsanctioned Data Flows",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0012",
23
+ "control_name": "Obtain Capabilities",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Shadow AI tools are external AI capabilities the adversary may already operate or compromise"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0051",
31
+ "control_name": "Exploit Public-Facing Application",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Unapproved AI services may themselves be adversary-controlled or compromised"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0057",
39
+ "control_name": "Data from Information Repositories",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Sensitive data pasted into shadow AI tools ends up in external data stores accessible to the AI service provider"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.7",
47
+ "control_name": "Policies for trustworthy AI",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Acceptable use policy for AI tools — approved list, prohibited use cases, data handling requirements"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MP-3.5",
55
+ "control_name": "AI system impact",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "Impact assessment of shadow AI on organisational data security posture — ungoverned data flows quantified"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Evaluation of shadow AI detection effectiveness — DLP coverage, endpoint monitoring"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.4",
71
+ "control_name": "Risk response — data",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Response procedures for detected shadow AI usage — data impact assessment, user notification"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Shadow AI usage is a foreseeable risk requiring mitigation in the risk management system",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Ungoverned AI tool usage mapped and treated in Art. 9 risk assessment"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Organisations deploying AI are responsible for AI used within their operations",
87
+ "control_name": "Art. 25 — Value chain responsibilities",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Shadow AI use by employees does not exempt the deployer from AI Act obligations triggered by that use"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Deployers must use AI systems as instructed and ensure appropriate oversight",
95
+ "control_name": "Art. 29 — Deployer obligations",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Deployers have affirmative obligations to prevent and detect shadow AI usage"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.5.10",
103
+ "control_name": "Acceptable use of assets",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Policy explicitly covering acceptable use of AI tools — approved list and prohibited use cases"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.23",
111
+ "control_name": "Security for cloud services",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Due diligence and security requirements for any cloud-based AI service including shadow AI SaaS"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.12",
119
+ "control_name": "Data leakage prevention",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "DLP controls detecting and blocking sensitive data transfer to unapproved AI endpoints"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.5.1",
127
+ "control_name": "Policies for information security",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "AI acceptable use policy as a formal ISMS policy document"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Policies — acceptable use",
135
+ "control_name": "A.2.2",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Use of AI systems",
143
+ "control_name": "A.9.1",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Third-party relationships",
151
+ "control_name": "A.10.1",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Context",
159
+ "control_name": "Cl.4",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 2",
167
+ "control_name": "2.1 — Maintain authorised software inventory",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 4",
174
+ "control_name": "4.1 — Establish secure configuration",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 13",
181
+ "control_name": "13.4 — Perform traffic filtering",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "CIS Controls v8.1",
187
+ "control_id": "CIS 14",
188
+ "control_name": "14.6 — Train workforce on AI security",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V1 Architecture",
195
+ "control_name": "V1.1.4 — Trust boundaries documented and enforced",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V4 Access Control",
202
+ "control_name": "V4.1.5 — Access control failures logged",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "OWASP ASVS 4.0.3",
208
+ "control_id": "V7 Logging",
209
+ "control_name": "V7.2.2 — Log entries contain required information",
210
+ "tier": "Foundational",
211
+ "scope": "Both"
212
+ },
213
+ {
214
+ "framework": "OWASP ASVS 4.0.3",
215
+ "control_id": "V14 Configuration",
216
+ "control_name": "V14.1.4 — All components inventoried",
217
+ "tier": "Foundational",
218
+ "scope": "Both"
219
+ },
220
+ {
221
+ "framework": "ISA/IEC 62443",
222
+ "control_id": "SR 5.1",
223
+ "control_name": "Information flow restriction",
224
+ "tier": "Foundational",
225
+ "scope": "Both",
226
+ "notes": "Network controls block OT data flows to unapproved AI endpoints — DLP at OT DMZ boundary"
227
+ },
228
+ {
229
+ "framework": "ISA/IEC 62443",
230
+ "control_id": "SR 1.2",
231
+ "control_name": "Use control",
232
+ "tier": "Foundational",
233
+ "scope": "Both",
234
+ "notes": "Approved AI tools only on OT workstations — unapproved services blocked at network layer"
235
+ },
236
+ {
237
+ "framework": "ISA/IEC 62443",
238
+ "control_id": "SR 6.6",
239
+ "control_name": "Timely response to events",
240
+ "tier": "Foundational",
241
+ "scope": "Both",
242
+ "notes": "Shadow AI discovery triggers incident response — data impact assessment, vendor notification"
243
+ },
244
+ {
245
+ "framework": "NIST SP 800-82 Rev 3",
246
+ "control_id": "Data confidentiality",
247
+ "control_name": "§5.4",
248
+ "tier": "Foundational",
249
+ "scope": "Both",
250
+ "notes": "OT data confidentiality requirements apply to training data"
251
+ },
252
+ {
253
+ "framework": "NIST SP 800-82 Rev 3",
254
+ "control_id": "Risk assessment",
255
+ "control_name": "§6.2",
256
+ "tier": "Foundational",
257
+ "scope": "Both",
258
+ "notes": "Assess sensitivity of OT data in training sets"
259
+ },
260
+ {
261
+ "framework": "NIST SP 800-82 Rev 3",
262
+ "control_id": "Network monitoring",
263
+ "control_name": "§7.3",
264
+ "tier": "Foundational",
265
+ "scope": "Both",
266
+ "notes": "Monitor for unexpected exfiltration of OT training data"
267
+ },
268
+ {
269
+ "framework": "NIST CSF 2.0",
270
+ "control_id": "GV.OC-01",
271
+ "control_name": "Organisational Context",
272
+ "tier": "Foundational",
273
+ "scope": "Both",
274
+ "notes": "Acceptable use policy for AI tools — approved list, prohibited use cases, data handling requirements"
275
+ },
276
+ {
277
+ "framework": "NIST CSF 2.0",
278
+ "control_id": "PR.AT-01",
279
+ "control_name": "Awareness and Training",
280
+ "tier": "Foundational",
281
+ "scope": "Both",
282
+ "notes": "Users trained on shadow AI risk — policy awareness, prohibited tool use, reporting obligations"
283
+ },
284
+ {
285
+ "framework": "NIST CSF 2.0",
286
+ "control_id": "DE.CM-09",
287
+ "control_name": "Continuous Monitoring",
288
+ "tier": "Foundational",
289
+ "scope": "Both",
290
+ "notes": "Monitoring for use of unauthorised software — shadow AI tool usage detected on endpoints and network"
291
+ },
292
+ {
293
+ "framework": "NIST CSF 2.0",
294
+ "control_id": "GV.SC-01",
295
+ "control_name": "Supply Chain Risk Management",
296
+ "tier": "Foundational",
297
+ "scope": "Both",
298
+ "notes": "All approved AI tools managed as suppliers — TPSP assessment, contractual obligations"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Acceptable use procedures for AI tools — approved list, prohibited use cases, employee acknowledgement",
303
+ "control_name": "CC5.2 — Control activities",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Shadow AI vendors not in vendor risk programme — shadow AI discovery identifies unapproved vendors",
310
+ "control_name": "CC9.1 — Vendor risk",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "SOC 2",
316
+ "control_id": "Shadow AI usage identified as a risk in assessment — ungoverned data flows, training use by vendors",
317
+ "control_name": "CC3.2 — Risk assessment",
318
+ "tier": "Foundational",
319
+ "scope": "Both"
320
+ },
321
+ {
322
+ "framework": "SOC 2",
323
+ "control_id": "Confidentiality policy covers AI tool use — employees informed of restrictions on sharing confidential data",
324
+ "control_name": "C1.1 — Confidentiality policy",
325
+ "tier": "Foundational",
326
+ "scope": "Both"
327
+ },
328
+ {
329
+ "framework": "PCI DSS v4.0",
330
+ "control_id": "Req 12.8.1",
331
+ "control_name": "Third-party service providers",
332
+ "tier": "Foundational",
333
+ "scope": "Both",
334
+ "notes": "Shadow AI tools processing CHD are unapproved TPSPs — not in TPSP list, no written agreements"
335
+ },
336
+ {
337
+ "framework": "PCI DSS v4.0",
338
+ "control_id": "Req 12.5.2",
339
+ "control_name": "TPSP oversight",
340
+ "tier": "Foundational",
341
+ "scope": "Both",
342
+ "notes": "Shadow AI discovery as part of TPSP monitoring — identify unapproved vendors receiving CHD"
343
+ },
344
+ {
345
+ "framework": "PCI DSS v4.0",
346
+ "control_id": "Req 1.3.2",
347
+ "control_name": "Network security",
348
+ "tier": "Foundational",
349
+ "scope": "Both",
350
+ "notes": "Network controls prevent CHD flows to unapproved AI endpoints — block at network layer"
351
+ },
352
+ {
353
+ "framework": "PCI DSS v4.0",
354
+ "control_id": "Req 12.6.1",
355
+ "control_name": "Security awareness",
356
+ "tier": "Foundational",
357
+ "scope": "Both",
358
+ "notes": "PCI security awareness programme covers shadow AI risk — staff trained on prohibition"
359
+ },
360
+ {
361
+ "framework": "ENISA Multilayer Framework",
362
+ "control_id": "L2",
363
+ "control_name": "Governance and Risk (GOV)",
364
+ "tier": "Foundational",
365
+ "scope": "Both",
366
+ "notes": "Acceptable use policy covers all GenAI services — unapproved use is a policy violation; AI asset register maintained"
367
+ },
368
+ {
369
+ "framework": "ENISA Multilayer Framework",
370
+ "control_id": "MON",
371
+ "control_name": "Monitoring and Detection",
372
+ "tier": "Foundational",
373
+ "scope": "Both",
374
+ "notes": "Network-level detection of data flows to unapproved AI endpoints — DLP covering SaaS AI API calls"
375
+ },
376
+ {
377
+ "framework": "ENISA Multilayer Framework",
378
+ "control_id": "L2",
379
+ "control_name": "Supply Chain Security (SCS)",
380
+ "tier": "Foundational",
381
+ "scope": "Both",
382
+ "notes": "All AI services assessed before authorisation — vendor security review, data processing agreement, sub-processor disclosure"
383
+ },
384
+ {
385
+ "framework": "ENISA Multilayer Framework",
386
+ "control_id": "L1",
387
+ "control_name": "General ICT — Network",
388
+ "tier": "Foundational",
389
+ "scope": "Both",
390
+ "notes": "Egress filtering to block unapproved AI service domains; proxy logging of AI API calls"
391
+ },
392
+ {
393
+ "framework": "OWASP SAMM v2.0",
394
+ "control_id": "D-SR",
395
+ "control_name": "Design / Security Requirements",
396
+ "tier": "Foundational",
397
+ "scope": "Both",
398
+ "notes": "Require data classification check before any dataset enters training pipeline"
399
+ },
400
+ {
401
+ "framework": "OWASP SAMM v2.0",
402
+ "control_id": "G-PC",
403
+ "control_name": "Governance / Policy & Compliance",
404
+ "tier": "Foundational",
405
+ "scope": "Both",
406
+ "notes": "Policy mandating PII/sensitive data removal before training"
407
+ },
408
+ {
409
+ "framework": "OWASP SAMM v2.0",
410
+ "control_id": "I-SB",
411
+ "control_name": "Implementation / Secure Build",
412
+ "tier": "Foundational",
413
+ "scope": "Both",
414
+ "notes": "Automated PII scanning of all training datasets before use"
415
+ },
416
+ {
417
+ "framework": "OWASP SAMM v2.0",
418
+ "control_id": "V-RT",
419
+ "control_name": "Verification / Requirements-Driven Testing",
420
+ "tier": "Foundational",
421
+ "scope": "Both",
422
+ "notes": "Automated tests verifying PII detection coverage"
423
+ },
424
+ {
425
+ "framework": "OWASP SAMM v2.0",
426
+ "control_id": "O-OM",
427
+ "control_name": "Operations / Operational Management",
428
+ "tier": "Foundational",
429
+ "scope": "Both",
430
+ "notes": "Periodic probing of deployed models for sensitive data memorisation"
431
+ },
432
+ {
433
+ "framework": "CWE/CVE",
434
+ "control_id": "CWE-668",
435
+ "control_name": "CWE-668",
436
+ "tier": "Foundational",
437
+ "scope": "Both",
438
+ "url": "https://cwe.mitre.org/data/definitions/668.html"
439
+ },
440
+ {
441
+ "framework": "CWE/CVE",
442
+ "control_id": "CWE-284",
443
+ "control_name": "CWE-284",
444
+ "tier": "Foundational",
445
+ "scope": "Both",
446
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L7",
451
+ "control_name": "Agent Ecosystem",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "MAESTRO",
457
+ "control_id": "L6",
458
+ "control_name": "Security & Compliance",
459
+ "tier": "Foundational",
460
+ "scope": "Both"
461
+ },
462
+ {
463
+ "framework": "MAESTRO",
464
+ "control_id": "L2",
465
+ "control_name": "Data Operations",
466
+ "tier": "Foundational",
467
+ "scope": "Both"
468
+ },
469
+ {
470
+ "framework": "AIUC-1",
471
+ "control_id": "A",
472
+ "control_name": "Data & Privacy domain (all)",
473
+ "tier": "Foundational",
474
+ "scope": "Both",
475
+ "notes": "Foundational"
476
+ },
477
+ {
478
+ "framework": "AIUC-1",
479
+ "control_id": "B006",
480
+ "control_name": "Prevent unauthorized AI actions",
481
+ "tier": "Foundational",
482
+ "scope": "Both",
483
+ "notes": "Foundational"
484
+ },
485
+ {
486
+ "framework": "AIUC-1",
487
+ "control_id": "E",
488
+ "control_name": "Audit trails and logging",
489
+ "tier": "Foundational",
490
+ "scope": "Both",
491
+ "notes": "Foundational"
492
+ },
493
+ {
494
+ "framework": "OWASP NHI Top 10",
495
+ "control_id": "Pipeline service account with access to sensitive data stores",
496
+ "control_name": "NHI-5 Over-Privileged NHI",
497
+ "tier": "Foundational",
498
+ "scope": "Both",
499
+ "notes": "Scope pipeline credentials to approved data sources only"
500
+ },
501
+ {
502
+ "framework": "OWASP NHI Top 10",
503
+ "control_id": "Credentials embedded in config files include sensitive data source access",
504
+ "control_name": "NHI-2 Secret Leakage",
505
+ "tier": "Foundational",
506
+ "scope": "Both",
507
+ "notes": "Audit config files for embedded credentials"
508
+ },
509
+ {
510
+ "framework": "NIST SP 800-218A",
511
+ "control_id": "PW.4.1-PS",
512
+ "control_name": "Reuse existing well-secured software — AI tool vetting",
513
+ "tier": "Foundational",
514
+ "scope": "Both",
515
+ "notes": "Vet all AI tools, services, and plugins before organisational adoption; verify data handling, security posture, and compliance capabilities"
516
+ },
517
+ {
518
+ "framework": "NIST SP 800-218A",
519
+ "control_id": "PS.1.1-PS",
520
+ "control_name": "Protect all code from unauthorised access — shadow AI detection",
521
+ "tier": "Foundational",
522
+ "scope": "Both",
523
+ "notes": "Implement controls to detect and prevent unauthorised AI tool usage that processes organisational data outside governed pipelines"
524
+ },
525
+ {
526
+ "framework": "NIST SP 800-218A",
527
+ "control_id": "RV.1.1-PS",
528
+ "control_name": "Identify and confirm vulnerabilities — shadow AI exposure monitoring",
529
+ "tier": "Foundational",
530
+ "scope": "Both",
531
+ "notes": "Establish procedures to identify data exposure from shadow AI tool usage; define triage and remediation workflows for unsanctioned data processing"
532
+ },
533
+ {
534
+ "framework": "FedRAMP",
535
+ "control_id": "CM-7",
536
+ "control_name": "Least Functionality — approved AI tools only",
537
+ "tier": "Foundational",
538
+ "scope": "Both",
539
+ "notes": "Restrict AI tool usage to approved, vetted tools within the FedRAMP boundary; disable or block access to unauthorised AI services"
540
+ },
541
+ {
542
+ "framework": "FedRAMP",
543
+ "control_id": "SA-9",
544
+ "control_name": "External Information System Services — third-party AI controls",
545
+ "tier": "Foundational",
546
+ "scope": "Both",
547
+ "notes": "Require FedRAMP authorisation or equivalent for all third-party AI services; block data transfer to unauthorised AI tools"
548
+ },
549
+ {
550
+ "framework": "FedRAMP",
551
+ "control_id": "AC-3",
552
+ "control_name": "Access Enforcement — AI tool access control",
553
+ "tier": "Foundational",
554
+ "scope": "Both",
555
+ "notes": "Enforce access control preventing data transfer to unauthorised AI tools; monitor and block shadow AI usage"
556
+ },
557
+ {
558
+ "framework": "DORA",
559
+ "control_id": "Art. 28–44",
560
+ "control_name": "Third-Party Risk — AI tool vendor oversight",
561
+ "tier": "Foundational",
562
+ "scope": "Both",
563
+ "notes": "Include AI tools and services in third-party ICT risk management; conduct due diligence before approval; monitor ongoing compliance with financial sector requirements"
564
+ },
565
+ {
566
+ "framework": "DORA",
567
+ "control_id": "Art. 8",
568
+ "control_name": "Identification — shadow AI discovery",
569
+ "tier": "Foundational",
570
+ "scope": "Both",
571
+ "notes": "Identify and register all AI tools — authorised and unauthorised — in the ICT asset inventory; maintain discovery mechanisms for unapproved AI services"
572
+ },
573
+ {
574
+ "framework": "DORA",
575
+ "control_id": "Art. 5–7",
576
+ "control_name": "ICT Risk Management — AI tool governance",
577
+ "tier": "Foundational",
578
+ "scope": "Both",
579
+ "notes": "Define approved AI tools policy in ICT risk management framework; require vetting and approval before use in financial data processing"
580
+ }
581
+ ],
582
+ "tools": [
583
+ {
584
+ "name": "Zscaler (CASB)",
585
+ "type": "commercial",
586
+ "url": "https://www.zscaler.com"
587
+ },
588
+ {
589
+ "name": "Microsoft Defender for Cloud Apps",
590
+ "type": "commercial",
591
+ "url": "https://www.microsoft.com/en-us/security"
592
+ },
593
+ {
594
+ "name": "Nightfall AI",
595
+ "type": "commercial",
596
+ "url": "https://nightfall.ai"
597
+ },
598
+ {
599
+ "name": "Netskope CASB",
600
+ "type": "commercial",
601
+ "url": "https://www.netskope.com"
602
+ },
603
+ {
604
+ "name": "OpenDLP",
605
+ "type": "open-source",
606
+ "url": "https://github.com/ezarko/opendlp"
607
+ },
608
+ {
609
+ "name": "Zscaler Internet Access",
610
+ "type": "commercial",
611
+ "url": "https://www.zscaler.com"
612
+ },
613
+ {
614
+ "name": "Zscaler (DLP)",
615
+ "type": "commercial",
616
+ "url": "https://www.zscaler.com"
617
+ },
618
+ {
619
+ "name": "Netskope",
620
+ "type": "commercial",
621
+ "url": "https://www.netskope.com"
622
+ },
623
+ {
624
+ "name": "Zscaler",
625
+ "type": "commercial",
626
+ "url": "https://www.zscaler.com"
627
+ },
628
+ {
629
+ "name": "Nightfall DLP",
630
+ "type": "commercial",
631
+ "url": "https://www.nightfall.ai"
632
+ },
633
+ {
634
+ "name": "Open Policy Agent",
635
+ "type": "open-source",
636
+ "url": "https://www.openpolicyagent.org"
637
+ }
638
+ ],
639
+ "incidents": [
640
+ {
641
+ "name": "Samsung employees leak source code and meeting notes via ChatGPT",
642
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
643
+ "year": 2023,
644
+ "incident_id": "INC-001"
645
+ }
646
+ ],
647
+ "crossrefs": {
648
+ "dsgai_2026": [
649
+ "DSGAI07",
650
+ "DSGAI08"
651
+ ],
652
+ "llm_top10": [
653
+ "LLM03",
654
+ "LLM02",
655
+ "LLM05",
656
+ "LLM06"
657
+ ],
658
+ "agentic_top10": [
659
+ "ASI04",
660
+ "ASI10"
661
+ ]
662
+ },
663
+ "changelog": [
664
+ {
665
+ "date": "2026-03-27",
666
+ "version": "1.0.0",
667
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
668
+ "author": "emmanuelgjr"
669
+ }
670
+ ]
671
+ }