genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI05.json ADDED
@@ -0,0 +1,689 @@
1
+ {
2
+ "id": "DSGAI05",
3
+ "name": "Data Integrity and Validation Failures",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0020",
23
+ "control_name": "Poison Training Data",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Adversarially crafted payloads bypass ingestion validation to corrupt training or RAG data"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0018",
31
+ "control_name": "Backdoor ML Model",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Path traversal in snapshot imports (CVE-2024-3584) enables write to model host — backdoor installation path"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0031",
39
+ "control_name": "Craft Adversarial Data",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Payloads crafted to pass syntactic validation while embedding malicious semantic content"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MS-2.5",
47
+ "control_name": "Testing — adversarial",
48
+ "tier": "Foundational",
49
+ "scope": "Build",
50
+ "notes": "Security testing of all data ingestion interfaces — schema bypass and path traversal scenarios"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-3.3",
55
+ "control_name": "Data quality",
56
+ "tier": "Foundational",
57
+ "scope": "Build",
58
+ "notes": "Data quality controls applied at ingestion — syntactic and semantic validation"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MG-2.2",
63
+ "control_name": "Risk response",
64
+ "tier": "Foundational",
65
+ "scope": "Build",
66
+ "notes": "Response procedures for detected ingestion integrity failures"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MP-2.3",
71
+ "control_name": "Risk categorisation",
72
+ "tier": "Foundational",
73
+ "scope": "Build",
74
+ "notes": "Ingestion integrity risks mapped to specific pipeline components in risk register"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Ingestion integrity risks identified and mitigated",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Data ingestion attack surfaces included in Art. 9 risk management"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "High-risk AI resilient against adversarial input manipulation",
87
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Secure ingestion interfaces and path traversal prevention are Art. 15 requirements"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Documented procedures for data ingestion and pipeline integrity",
95
+ "control_name": "Art. 17 — Quality management",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Ingestion validation procedures and CVE patching documented in quality management"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.26",
103
+ "control_name": "Application security requirements",
104
+ "tier": "Foundational",
105
+ "scope": "Build",
106
+ "notes": "Input validation requirements specified for all GenAI data ingestion interfaces"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.28",
111
+ "control_name": "Secure coding",
112
+ "tier": "Foundational",
113
+ "scope": "Build",
114
+ "notes": "Secure coding practices applied to data ingestion, parsing, and snapshot import code"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.29",
119
+ "control_name": "Security testing",
120
+ "tier": "Foundational",
121
+ "scope": "Build",
122
+ "notes": "Security testing of all data ingestion interfaces including schema and semantic validation"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.9",
127
+ "control_name": "Configuration management",
128
+ "tier": "Foundational",
129
+ "scope": "Build",
130
+ "notes": "Snapshot import and restore functionality hardened and version controlled"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — acquisition",
135
+ "control_name": "A.7.2",
136
+ "tier": "Foundational",
137
+ "scope": "Build",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Data — preparation",
143
+ "control_name": "A.7.3",
144
+ "tier": "Foundational",
145
+ "scope": "Build",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — operational",
151
+ "control_name": "A.6.2.3",
152
+ "tier": "Foundational",
153
+ "scope": "Build",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Operation",
159
+ "control_name": "Cl.8",
160
+ "tier": "Foundational",
161
+ "scope": "Build",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 16",
167
+ "control_name": "16.1 — Establish secure coding practices",
168
+ "tier": "Foundational",
169
+ "scope": "Build"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 8",
174
+ "control_name": "8.5 — Collect detailed audit logs",
175
+ "tier": "Foundational",
176
+ "scope": "Build"
177
+ },
178
+ {
179
+ "framework": "OWASP ASVS 4.0.3",
180
+ "control_id": "V5 Validation",
181
+ "control_name": "V5.1.1 — Input validation using allowlists",
182
+ "tier": "Foundational",
183
+ "scope": "Build"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V5 Validation",
188
+ "control_name": "V5.2.1 — HTML/JS output sanitised",
189
+ "tier": "Foundational",
190
+ "scope": "Build"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V7 Logging",
195
+ "control_name": "V7.4.1 — Generic error messages",
196
+ "tier": "Foundational",
197
+ "scope": "Build"
198
+ },
199
+ {
200
+ "framework": "ISA/IEC 62443",
201
+ "control_id": "SR 3.3",
202
+ "control_name": "Software and information integrity",
203
+ "tier": "Foundational",
204
+ "scope": "Both",
205
+ "notes": "Multi-stage validation at all GenAI ingestion boundaries — path traversal prevention mandatory in Zone 3"
206
+ },
207
+ {
208
+ "framework": "ISA/IEC 62443",
209
+ "control_id": "SR 3.7",
210
+ "control_name": "Software and information integrity monitoring",
211
+ "tier": "Foundational",
212
+ "scope": "Both",
213
+ "notes": "Runtime monitoring of ingestion pipelines — anomalous payloads detected and rejected"
214
+ },
215
+ {
216
+ "framework": "ISA/IEC 62443",
217
+ "control_id": "SR 2.6",
218
+ "control_name": "Use control",
219
+ "tier": "Foundational",
220
+ "scope": "Both",
221
+ "notes": "Only approved, validated data sources permitted in Zone 3 GenAI ingestion — unapproved sources blocked"
222
+ },
223
+ {
224
+ "framework": "ISA/IEC 62443",
225
+ "control_id": "SR 6.6",
226
+ "control_name": "Timely response to events",
227
+ "tier": "Foundational",
228
+ "scope": "Both",
229
+ "notes": "Ingestion integrity failure treated as security event — pipeline suspended, forensic capture"
230
+ },
231
+ {
232
+ "framework": "NIST SP 800-82 Rev 3",
233
+ "control_id": "ICS vulnerabilities",
234
+ "control_name": "§5.3",
235
+ "tier": "Hardening",
236
+ "scope": "Both",
237
+ "notes": "Safety system bypass in OT"
238
+ },
239
+ {
240
+ "framework": "NIST SP 800-82 Rev 3",
241
+ "control_id": "Risk assessment",
242
+ "control_name": "§6.2",
243
+ "tier": "Hardening",
244
+ "scope": "Both",
245
+ "notes": "Guardrail bypass must be in OT risk register"
246
+ },
247
+ {
248
+ "framework": "NIST SP 800-82 Rev 3",
249
+ "control_id": "Secure architecture",
250
+ "control_name": "§7.1",
251
+ "tier": "Hardening",
252
+ "scope": "Both",
253
+ "notes": "GenAI guardrails must be independent of model inference layer"
254
+ },
255
+ {
256
+ "framework": "NIST CSF 2.0",
257
+ "control_id": "PR.PS-04",
258
+ "control_name": "Platform Security",
259
+ "tier": "Foundational",
260
+ "scope": "Both",
261
+ "notes": "Secure software development — multi-stage validation, path traversal prevention in ingestion code"
262
+ },
263
+ {
264
+ "framework": "NIST CSF 2.0",
265
+ "control_id": "PR.DS-01",
266
+ "control_name": "Data Security",
267
+ "tier": "Foundational",
268
+ "scope": "Both",
269
+ "notes": "Data at rest integrity — snapshot import operations sandboxed, path traversal blocked"
270
+ },
271
+ {
272
+ "framework": "NIST CSF 2.0",
273
+ "control_id": "DE.CM-09",
274
+ "control_name": "Continuous Monitoring",
275
+ "tier": "Foundational",
276
+ "scope": "Both",
277
+ "notes": "Monitoring for anomalous data — unusual ingestion patterns, schema violations detected"
278
+ },
279
+ {
280
+ "framework": "NIST CSF 2.0",
281
+ "control_id": "ID.RA-01",
282
+ "control_name": "Risk Assessment",
283
+ "tier": "Foundational",
284
+ "scope": "Both",
285
+ "notes": "Ingestion interface vulnerabilities documented in risk assessment — CVE-2024-3584 class"
286
+ },
287
+ {
288
+ "framework": "SOC 2",
289
+ "control_id": "Ingestion validation controls — schema and semantic validation ensuring only accurate inputs enter processing",
290
+ "control_name": "PI1.2 — System inputs complete and accurate",
291
+ "tier": "Foundational",
292
+ "scope": "Both"
293
+ },
294
+ {
295
+ "framework": "SOC 2",
296
+ "control_id": "Documented ingestion validation procedures — multi-stage validation, path traversal prevention",
297
+ "control_name": "CC5.2 — Control activities",
298
+ "tier": "Foundational",
299
+ "scope": "Both"
300
+ },
301
+ {
302
+ "framework": "SOC 2",
303
+ "control_id": "Ingestion anomaly detection — unusual payloads detected before pipeline completion",
304
+ "control_name": "CC7.2 — Anomaly detection",
305
+ "tier": "Foundational",
306
+ "scope": "Both"
307
+ },
308
+ {
309
+ "framework": "SOC 2",
310
+ "control_id": "Ingestion integrity risks in GenAI risk assessment — schema bypass, path traversal, adversarial payload vectors",
311
+ "control_name": "CC3.2 — Risk assessment",
312
+ "tier": "Foundational",
313
+ "scope": "Both"
314
+ },
315
+ {
316
+ "framework": "PCI DSS v4.0",
317
+ "control_id": "Req 6.2.4",
318
+ "control_name": "Bespoke software — injection",
319
+ "tier": "Foundational",
320
+ "scope": "Both",
321
+ "notes": "All injection vulnerability classes addressed in GenAI ingestion code — schema bypass and path traversal"
322
+ },
323
+ {
324
+ "framework": "PCI DSS v4.0",
325
+ "control_id": "Req 6.3.3",
326
+ "control_name": "Vulnerability management",
327
+ "tier": "Foundational",
328
+ "scope": "Both",
329
+ "notes": "All GenAI software components patched — CVE-2024-3584 class treated as urgent for CDE scope"
330
+ },
331
+ {
332
+ "framework": "PCI DSS v4.0",
333
+ "control_id": "Req 11.3.1",
334
+ "control_name": "Penetration testing",
335
+ "tier": "Foundational",
336
+ "scope": "Both",
337
+ "notes": "Path traversal and ingestion injection in CDE penetration testing scope"
338
+ },
339
+ {
340
+ "framework": "PCI DSS v4.0",
341
+ "control_id": "Req 6.5",
342
+ "control_name": "Secure system changes",
343
+ "tier": "Foundational",
344
+ "scope": "Both",
345
+ "notes": "Changes to GenAI ingestion pipelines tested — schema validation changes require security review"
346
+ },
347
+ {
348
+ "framework": "ENISA Multilayer Framework",
349
+ "control_id": "L2",
350
+ "control_name": "Data and Model Security (DMS)",
351
+ "tier": "Foundational",
352
+ "scope": "Both",
353
+ "notes": "All data entering GenAI pipelines validated — schema checks, anomaly detection, and quality gates before model ingestion or RAG indexing"
354
+ },
355
+ {
356
+ "framework": "ENISA Multilayer Framework",
357
+ "control_id": "L2",
358
+ "control_name": "AI System Integrity (ASI)",
359
+ "tier": "Foundational",
360
+ "scope": "Both",
361
+ "notes": "LLM and embedding inputs validated for format, length, and content — AI system integrity requirements extend to data pipeline boundaries"
362
+ },
363
+ {
364
+ "framework": "ENISA Multilayer Framework",
365
+ "control_id": "L2",
366
+ "control_name": "Monitoring and Detection (MON)",
367
+ "tier": "Foundational",
368
+ "scope": "Both",
369
+ "notes": "Continuous monitoring of data pipeline quality metrics — alerts on schema violations, unexpected distributions, or sudden quality drops"
370
+ },
371
+ {
372
+ "framework": "ENISA Multilayer Framework",
373
+ "control_id": "L1",
374
+ "control_name": "General ICT — Secure Development",
375
+ "tier": "Foundational",
376
+ "scope": "Both",
377
+ "notes": "Data validation implemented as a secure development requirement for all GenAI pipeline ingestion points"
378
+ },
379
+ {
380
+ "framework": "OWASP SAMM v2.0",
381
+ "control_id": "D-SA",
382
+ "control_name": "Design / Security Architecture",
383
+ "tier": "Hardening",
384
+ "scope": "Both",
385
+ "notes": "Guardrails at multiple layers: input, generation, output"
386
+ },
387
+ {
388
+ "framework": "OWASP SAMM v2.0",
389
+ "control_id": "V-ST",
390
+ "control_name": "Verification / Security Testing",
391
+ "tier": "Hardening",
392
+ "scope": "Both",
393
+ "notes": "Dedicated adversarial testing programme targeting all guardrail bypass vectors"
394
+ },
395
+ {
396
+ "framework": "OWASP SAMM v2.0",
397
+ "control_id": "O-IM",
398
+ "control_name": "Operations / Incident Management",
399
+ "tier": "Hardening",
400
+ "scope": "Both",
401
+ "notes": "Alert on disabled or bypassed guardrails in production"
402
+ },
403
+ {
404
+ "framework": "OWASP SAMM v2.0",
405
+ "control_id": "G-SM",
406
+ "control_name": "Governance / Strategy & Metrics",
407
+ "tier": "Hardening",
408
+ "scope": "Both",
409
+ "notes": "Guardrail effectiveness metrics reviewed by security leadership"
410
+ },
411
+ {
412
+ "framework": "OWASP SAMM v2.0",
413
+ "control_id": "V-AA",
414
+ "control_name": "Verification / Architecture Assessment",
415
+ "tier": "Hardening",
416
+ "scope": "Both",
417
+ "notes": "Pre-deployment review of all guardrail bypass scenarios"
418
+ },
419
+ {
420
+ "framework": "CWE/CVE",
421
+ "control_id": "CWE-20",
422
+ "control_name": "CWE-20",
423
+ "tier": "Foundational",
424
+ "scope": "Build",
425
+ "url": "https://cwe.mitre.org/data/definitions/20.html"
426
+ },
427
+ {
428
+ "framework": "CWE/CVE",
429
+ "control_id": "CWE-116",
430
+ "control_name": "CWE-116",
431
+ "tier": "Foundational",
432
+ "scope": "Build",
433
+ "url": "https://cwe.mitre.org/data/definitions/116.html"
434
+ },
435
+ {
436
+ "framework": "CWE/CVE",
437
+ "control_id": "CWE-74",
438
+ "control_name": "CWE-74",
439
+ "tier": "Foundational",
440
+ "scope": "Build",
441
+ "url": "https://cwe.mitre.org/data/definitions/74.html"
442
+ },
443
+ {
444
+ "framework": "MAESTRO",
445
+ "control_id": "L2",
446
+ "control_name": "Data Operations",
447
+ "tier": "Foundational",
448
+ "scope": "Both"
449
+ },
450
+ {
451
+ "framework": "MAESTRO",
452
+ "control_id": "L4",
453
+ "control_name": "Deployment & Infrastructure",
454
+ "tier": "Foundational",
455
+ "scope": "Both"
456
+ },
457
+ {
458
+ "framework": "AIUC-1",
459
+ "control_id": "B001",
460
+ "control_name": "Third-party adversarial robustness testing",
461
+ "tier": "Hardening",
462
+ "scope": "Both",
463
+ "notes": "Hardening"
464
+ },
465
+ {
466
+ "framework": "AIUC-1",
467
+ "control_id": "B002",
468
+ "control_name": "Detect adversarial input",
469
+ "tier": "Hardening",
470
+ "scope": "Both",
471
+ "notes": "Hardening"
472
+ },
473
+ {
474
+ "framework": "AIUC-1",
475
+ "control_id": "B005",
476
+ "control_name": "Implement real-time input filtering",
477
+ "tier": "Hardening",
478
+ "scope": "Both",
479
+ "notes": "Foundational"
480
+ },
481
+ {
482
+ "framework": "AIUC-1",
483
+ "control_id": "C",
484
+ "control_name": "Safety domain (harm prevention)",
485
+ "tier": "Hardening",
486
+ "scope": "Both",
487
+ "notes": "Foundational"
488
+ },
489
+ {
490
+ "framework": "OWASP NHI Top 10",
491
+ "control_id": "Service account with guardrail configuration write access",
492
+ "control_name": "NHI-5 Over-Privileged NHI",
493
+ "tier": "Hardening",
494
+ "scope": "Both",
495
+ "notes": "Minimum scope; no service account has guardrail disable capability"
496
+ },
497
+ {
498
+ "framework": "NIST SP 800-218A",
499
+ "control_id": "PS.2.1-PS",
500
+ "control_name": "Verify software integrity — data provenance verification",
501
+ "tier": "Foundational",
502
+ "scope": "Both",
503
+ "notes": "Verify provenance and integrity of all datasets used in training, fine-tuning, and evaluation; maintain cryptographic attestation of data origin and chain of custody"
504
+ },
505
+ {
506
+ "framework": "NIST SP 800-218A",
507
+ "control_id": "PS.3.1-PS",
508
+ "control_name": "Archive and protect software releases — data versioning with provenance",
509
+ "tier": "Foundational",
510
+ "scope": "Both",
511
+ "notes": "Maintain versioned dataset snapshots with provenance metadata recording origin, collection method, processing steps, and quality metrics"
512
+ },
513
+ {
514
+ "framework": "NIST SP 800-218A",
515
+ "control_id": "PW.4.1-PS",
516
+ "control_name": "Reuse existing well-secured software — dataset quality vetting",
517
+ "tier": "Foundational",
518
+ "scope": "Both",
519
+ "notes": "Vet all datasets for quality, completeness, representativeness, and fitness for purpose before use in any training or evaluation pipeline"
520
+ },
521
+ {
522
+ "framework": "FedRAMP",
523
+ "control_id": "SR-3",
524
+ "control_name": "Supply Chain Controls — data provenance tracking",
525
+ "tier": "Foundational",
526
+ "scope": "Both",
527
+ "notes": "Implement provenance tracking for all AI training data; document source, collection method, processing history, and licensing for each dataset"
528
+ },
529
+ {
530
+ "framework": "FedRAMP",
531
+ "control_id": "SI-10",
532
+ "control_name": "Information Input Validation — data quality controls",
533
+ "tier": "Foundational",
534
+ "scope": "Both",
535
+ "notes": "Validate quality, completeness, and accuracy of data entering AI pipelines; reject data failing quality thresholds"
536
+ },
537
+ {
538
+ "framework": "FedRAMP",
539
+ "control_id": "CM-3",
540
+ "control_name": "Configuration Change Control — data source changes",
541
+ "tier": "Foundational",
542
+ "scope": "Both",
543
+ "notes": "Require formal change control for all data source additions, modifications, and removals; maintain audit trail"
544
+ },
545
+ {
546
+ "framework": "DORA",
547
+ "control_id": "Art. 8",
548
+ "control_name": "Identification — data source documentation",
549
+ "tier": "Foundational",
550
+ "scope": "Both",
551
+ "notes": "Document provenance, collection method, and quality characteristics for all AI training data in the ICT asset inventory"
552
+ },
553
+ {
554
+ "framework": "DORA",
555
+ "control_id": "Art. 9",
556
+ "control_name": "Protection and Prevention — data quality controls",
557
+ "tier": "Foundational",
558
+ "scope": "Both",
559
+ "notes": "Implement data quality validation before AI pipeline ingestion; reject data failing quality or provenance thresholds"
560
+ },
561
+ {
562
+ "framework": "DORA",
563
+ "control_id": "Art. 28–44",
564
+ "control_name": "Third-Party Risk — external data source oversight",
565
+ "tier": "Foundational",
566
+ "scope": "Both",
567
+ "notes": "Include external data sources in third-party risk management; assess data quality, provenance practices, and licensing compliance"
568
+ }
569
+ ],
570
+ "tools": [
571
+ {
572
+ "name": "Great Expectations",
573
+ "type": "open-source",
574
+ "url": "https://greatexpectations.io"
575
+ },
576
+ {
577
+ "name": "Pandera",
578
+ "type": "open-source",
579
+ "url": "https://pandera.readthedocs.io"
580
+ },
581
+ {
582
+ "name": "OWASP ZAP",
583
+ "type": "open-source",
584
+ "url": "https://www.zaproxy.org"
585
+ },
586
+ {
587
+ "name": "OWASP ZAP (API fuzzing)",
588
+ "type": "open-source",
589
+ "url": "https://www.zaproxy.org"
590
+ },
591
+ {
592
+ "name": "Semgrep",
593
+ "type": "open-source",
594
+ "url": "https://semgrep.dev"
595
+ },
596
+ {
597
+ "name": "Cerberus",
598
+ "type": "open-source",
599
+ "url": "https://github.com/pyeve/cerberus"
600
+ },
601
+ {
602
+ "name": "DVC (Data Version Control)",
603
+ "type": "open-source",
604
+ "url": "https://dvc.org"
605
+ },
606
+ {
607
+ "name": "Apache Atlas",
608
+ "type": "open-source",
609
+ "url": "https://atlas.apache.org"
610
+ },
611
+ {
612
+ "name": "Pachyderm",
613
+ "type": "open-source",
614
+ "url": "https://www.pachyderm.com"
615
+ },
616
+ {
617
+ "name": "OpenLineage",
618
+ "type": "open-source",
619
+ "url": "https://openlineage.io"
620
+ },
621
+ {
622
+ "name": "Collibra",
623
+ "type": "commercial",
624
+ "url": "https://www.collibra.com"
625
+ },
626
+ {
627
+ "name": "WhyLogs",
628
+ "url": "https://github.com/whylabs/whylogs",
629
+ "type": "open-source"
630
+ },
631
+ {
632
+ "name": "MLflow",
633
+ "url": "https://github.com/mlflow/mlflow",
634
+ "type": "open-source"
635
+ }
636
+ ],
637
+ "incidents": [
638
+ {
639
+ "name": "Meta Galactica model withdrawn after misinformation at launch",
640
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
641
+ "year": 2022,
642
+ "incident_id": "INC-031"
643
+ },
644
+ {
645
+ "name": "Hugging Face model card supply chain manipulation",
646
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
647
+ "year": 2025,
648
+ "incident_id": "INC-038"
649
+ },
650
+ {
651
+ "name": "NYT v OpenAI — copyright training data ruling implications",
652
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
653
+ "year": 2025,
654
+ "incident_id": "INC-039"
655
+ },
656
+ {
657
+ "name": "Uber ML platform data lineage audit — fragmented provenance across 30+ feature stores",
658
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
659
+ "year": 2024,
660
+ "incident_id": "INC-042"
661
+ }
662
+ ],
663
+ "crossrefs": {
664
+ "llm_top10": [
665
+ "LLM05",
666
+ "LLM04",
667
+ "LLM01",
668
+ "LLM03"
669
+ ],
670
+ "dsgai_2026": [
671
+ "DSGAI13",
672
+ "DSGAI04"
673
+ ],
674
+ "agentic_top10": [
675
+ "ASI02",
676
+ "ASI08",
677
+ "ASI04",
678
+ "ASI06"
679
+ ]
680
+ },
681
+ "changelog": [
682
+ {
683
+ "date": "2026-03-27",
684
+ "version": "1.0.0",
685
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
686
+ "author": "emmanuelgjr"
687
+ }
688
+ ]
689
+ }