genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI06.json ADDED
@@ -0,0 +1,673 @@
1
+ {
2
+ "id": "DSGAI06",
3
+ "name": "Tool Plugin and Agent Data Exchange",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0051",
23
+ "control_name": "Exploit Public-Facing Application",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Malicious MCP server exploits trust relationship with agent to capture context payloads"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0057",
31
+ "control_name": "Data from Information Repositories",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Context data flowing through tool integrations captured and transmitted to adversary"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0035",
39
+ "control_name": "Exfiltrate via ML Inference API",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Tool API acts as exfiltration channel — sensitive context content captured in tool call payloads"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.6",
47
+ "control_name": "Policies for data privacy",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Third-party data handling policy covering all tool and plugin integrations"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MP-5.1",
55
+ "control_name": "Interdependencies",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "All tool and plugin integrations mapped — data received, retained, and used for training"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.5",
63
+ "control_name": "Testing — adversarial",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Security testing of tool API integrations — payload inspection, data minimisation validation"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-3.2",
71
+ "control_name": "Residual risk — third party",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Residual risk from tool providers documented, monitored, and reviewed"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Third-party tool data exchange risks identified and mitigated",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "All tool integrations assessed in Art. 9 risk management"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Providers document obligations flowing to deployers; deployers verify",
87
+ "control_name": "Art. 25 — Value chain responsibilities",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Tool data exchange obligations explicitly distributed along the value chain"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "GPAI providers document all third-party integrations",
95
+ "control_name": "Art. 53(1)(a) — GPAI documentation",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Tool and plugin data exchange documented in GPAI technical documentation"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.5.19",
103
+ "control_name": "Supplier relationships",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Security due diligence on all tool and plugin providers receiving agent context"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.20",
111
+ "control_name": "Supplier agreements",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Contractual requirements covering data minimisation, retention, and training use for tool providers"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.3",
119
+ "control_name": "Information access restriction",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Tools receive only the minimum context required for their function — not full conversation history"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.5.23",
127
+ "control_name": "Security for cloud services",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "Cloud-based tool and plugin providers assessed against A.5.23 security requirements"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Third-party — AI supply chain",
135
+ "control_name": "A.10.1",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Hardening"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Third-party — customer data",
143
+ "control_name": "A.10.2",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — design",
151
+ "control_name": "A.6.1.2",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Data — acquisition",
159
+ "control_name": "A.7.2",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 4",
167
+ "control_name": "4.2 — Maintain secure configuration of cloud assets",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 6",
174
+ "control_name": "6.4 — Require password manager",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 15",
181
+ "control_name": "15.1 — Establish service provider management policy",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V4 Access Control",
188
+ "control_name": "V4.1.1 — Access control on every request",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V9 Communication",
195
+ "control_name": "V9.1.1 — TLS for all connections",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V11 Business Logic",
202
+ "control_name": "V11.1.4 — Business logic limits on repeated actions",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "SR 3.2",
209
+ "control_name": "Software and information integrity",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "All OT tool integrations assessed — security requirements in vendor contracts per 62443-2-4"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "SR 5.3",
217
+ "control_name": "Information flow restriction",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "OT-sensitive context minimised before tool API calls — tools receive minimum required, not full OT context"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 6.6",
225
+ "control_name": "Timely response to events",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Tool data exchange anomalies detected — unusual data volumes in tool calls alerted"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "OT data confidentiality",
233
+ "control_name": "§5.4",
234
+ "tier": "Foundational",
235
+ "scope": "Both",
236
+ "notes": "OT data must not be disclosed without authorisation"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "Risk assessment",
241
+ "control_name": "§6.2",
242
+ "tier": "Foundational",
243
+ "scope": "Both",
244
+ "notes": "Assess disclosure risk for each OT data type in GenAI outputs"
245
+ },
246
+ {
247
+ "framework": "NIST SP 800-82 Rev 3",
248
+ "control_id": "Network monitoring",
249
+ "control_name": "§7.3",
250
+ "tier": "Foundational",
251
+ "scope": "Both",
252
+ "notes": "Monitor outputs for OT data disclosure patterns"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "GV.SC-01",
257
+ "control_name": "Supply Chain Risk Management",
258
+ "tier": "Foundational",
259
+ "scope": "Both",
260
+ "notes": "Tool and plugin providers treated as suppliers — data handling requirements in contracts"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "PR.AA-05",
265
+ "control_name": "Identity Management, Authentication & Access Control",
266
+ "tier": "Foundational",
267
+ "scope": "Both",
268
+ "notes": "Context minimisation — tools receive minimum required payload, not full context history"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "DE.CM-01",
273
+ "control_name": "Continuous Monitoring",
274
+ "tier": "Foundational",
275
+ "scope": "Both",
276
+ "notes": "All tool API calls monitored — DLP on outbound tool payloads"
277
+ },
278
+ {
279
+ "framework": "NIST CSF 2.0",
280
+ "control_id": "ID.AM-08",
281
+ "control_name": "Asset Management",
282
+ "tier": "Foundational",
283
+ "scope": "Both",
284
+ "notes": "All tool integrations inventoried — data received, retained, training use, security assessment status"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Tool and plugin providers assessed in vendor risk programme — what data they receive, retain, and use",
289
+ "control_name": "CC9.1 — Vendor risk",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "Contractual data handling obligations for tool providers — data minimisation, retention, training use restrictions",
296
+ "control_name": "CC9.2 — Vendor agreements",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Context minimisation for tool calls — tools receive minimum confidential data required for function",
303
+ "control_name": "C2.1 — Confidential information protection",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Tool access scoped to minimum required — agent tool permissions as privileged access",
310
+ "control_name": "CC6.1 — Logical access",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 12.8.1",
317
+ "control_name": "TPSP list",
318
+ "tier": "Foundational",
319
+ "scope": "Both",
320
+ "notes": "All tool and plugin providers receiving CHD in TPSP list — even if access is indirect through agent context"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 12.8.3",
325
+ "control_name": "TPSP agreements",
326
+ "tier": "Foundational",
327
+ "scope": "Both",
328
+ "notes": "Written agreements with tool providers acknowledging CHD security responsibility"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 7.2.1",
333
+ "control_name": "Restrict access",
334
+ "tier": "Foundational",
335
+ "scope": "Both",
336
+ "notes": "Context minimisation — tools receive minimum CHD-containing context required"
337
+ },
338
+ {
339
+ "framework": "PCI DSS v4.0",
340
+ "control_id": "Req 10.2.1",
341
+ "control_name": "Logging",
342
+ "tier": "Foundational",
343
+ "scope": "Both",
344
+ "notes": "All tool call payloads containing CHD logged — Req 10 audit trail requirement"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "SCS",
349
+ "control_name": "Supply Chain Security",
350
+ "tier": "Foundational",
351
+ "scope": "Both",
352
+ "notes": "All tools, plugins, and agent connectors treated as supply chain components — security assessment before integration, ongoing monitoring"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "L2",
357
+ "control_name": "AI System Integrity (ASI)",
358
+ "tier": "Foundational",
359
+ "scope": "Both",
360
+ "notes": "Tool descriptors and API responses validated before use — content received from external tools treated as untrusted input"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "MON",
365
+ "control_name": "Monitoring and Detection",
366
+ "tier": "Foundational",
367
+ "scope": "Both",
368
+ "notes": "All tool invocations logged — data volumes, destination, and content patterns monitored for anomalies"
369
+ },
370
+ {
371
+ "framework": "ENISA Multilayer Framework",
372
+ "control_id": "L1",
373
+ "control_name": "General ICT — Supply Chain",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "Plugin SBOM maintained — all integration components inventoried, vulnerabilities tracked"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "D-SR",
381
+ "control_name": "Design / Security Requirements",
382
+ "tier": "Foundational",
383
+ "scope": "Both",
384
+ "notes": "Define what categories of data may appear in model outputs"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "I-SB",
389
+ "control_name": "Implementation / Secure Build",
390
+ "tier": "Foundational",
391
+ "scope": "Both",
392
+ "notes": "Apply DLP scanning to all model outputs before delivery"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "V-ST",
397
+ "control_name": "Verification / Security Testing",
398
+ "tier": "Foundational",
399
+ "scope": "Both",
400
+ "notes": "Automated testing for memorisation and over-retrieval of sensitive content"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "O-OM",
405
+ "control_name": "Operations / Operational Management",
406
+ "tier": "Foundational",
407
+ "scope": "Both",
408
+ "notes": "Continuous monitoring of production outputs for sensitive content patterns"
409
+ },
410
+ {
411
+ "framework": "OWASP SAMM v2.0",
412
+ "control_id": "G-PC",
413
+ "control_name": "Governance / Policy & Compliance",
414
+ "tier": "Foundational",
415
+ "scope": "Both",
416
+ "notes": "Documented policy on what data may be surfaced in model responses"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-284",
421
+ "control_name": "CWE-284",
422
+ "tier": "Foundational",
423
+ "scope": "Both",
424
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
425
+ },
426
+ {
427
+ "framework": "CWE/CVE",
428
+ "control_id": "CWE-269",
429
+ "control_name": "CWE-269",
430
+ "tier": "Foundational",
431
+ "scope": "Both",
432
+ "url": "https://cwe.mitre.org/data/definitions/269.html"
433
+ },
434
+ {
435
+ "framework": "CWE/CVE",
436
+ "control_id": "CWE-602",
437
+ "control_name": "CWE-602",
438
+ "tier": "Foundational",
439
+ "scope": "Both",
440
+ "url": "https://cwe.mitre.org/data/definitions/602.html"
441
+ },
442
+ {
443
+ "framework": "MAESTRO",
444
+ "control_id": "L3",
445
+ "control_name": "Agent Frameworks",
446
+ "tier": "Foundational",
447
+ "scope": "Both"
448
+ },
449
+ {
450
+ "framework": "MAESTRO",
451
+ "control_id": "L2",
452
+ "control_name": "Data Operations",
453
+ "tier": "Foundational",
454
+ "scope": "Both"
455
+ },
456
+ {
457
+ "framework": "MAESTRO",
458
+ "control_id": "L6",
459
+ "control_name": "Security & Compliance",
460
+ "tier": "Foundational",
461
+ "scope": "Both"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "A",
466
+ "control_name": "Data & Privacy domain",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "notes": "Foundational"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "B006",
474
+ "control_name": "Prevent unauthorized AI actions",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Foundational"
478
+ },
479
+ {
480
+ "framework": "AIUC-1",
481
+ "control_id": "B009",
482
+ "control_name": "Validate AI-generated content",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Foundational"
486
+ },
487
+ {
488
+ "framework": "AIUC-1",
489
+ "control_id": "E",
490
+ "control_name": "Audit trails and logging",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Foundational"
494
+ },
495
+ {
496
+ "framework": "OWASP NHI Top 10",
497
+ "control_id": "Credentials embedded in model outputs or training data surface in responses",
498
+ "control_name": "NHI-2 Secret Leakage",
499
+ "tier": "Foundational",
500
+ "scope": "Both",
501
+ "notes": "Output scanning for credential patterns"
502
+ },
503
+ {
504
+ "framework": "OWASP NHI Top 10",
505
+ "control_id": "Over-broad retrieval credentials return data beyond user entitlement",
506
+ "control_name": "NHI-5 Over-Privileged NHI",
507
+ "tier": "Foundational",
508
+ "scope": "Both",
509
+ "notes": "Minimum scope for retrieval service accounts"
510
+ },
511
+ {
512
+ "framework": "NIST SP 800-218A",
513
+ "control_id": "PS.3.1-PS",
514
+ "control_name": "Archive and protect software releases — lineage-aware artefact management",
515
+ "tier": "Foundational",
516
+ "scope": "Build",
517
+ "notes": "Maintain end-to-end data lineage records linking every model version to its training data, transformations, and intermediate artefacts"
518
+ },
519
+ {
520
+ "framework": "NIST SP 800-218A",
521
+ "control_id": "PW.2.1-PS",
522
+ "control_name": "Design software — traceable data pipeline architecture",
523
+ "tier": "Foundational",
524
+ "scope": "Build",
525
+ "notes": "Design AI data pipelines with built-in lineage tracking; require lineage metadata capture at every transformation step as an explicit design requirement"
526
+ },
527
+ {
528
+ "framework": "FedRAMP",
529
+ "control_id": "CM-3",
530
+ "control_name": "Configuration Change Control — pipeline lineage documentation",
531
+ "tier": "Foundational",
532
+ "scope": "Build",
533
+ "notes": "Maintain comprehensive data lineage documentation for all AI pipelines; update on every transformation, combination, or processing change"
534
+ },
535
+ {
536
+ "framework": "FedRAMP",
537
+ "control_id": "AU-2",
538
+ "control_name": "Event Logging — data transformation logging",
539
+ "tier": "Foundational",
540
+ "scope": "Build",
541
+ "notes": "Log all data transformation events in AI pipelines; enable end-to-end lineage reconstruction from source to model"
542
+ },
543
+ {
544
+ "framework": "FedRAMP",
545
+ "control_id": "PM-9",
546
+ "control_name": "Risk Management Strategy — lineage requirements",
547
+ "tier": "Foundational",
548
+ "scope": "Build",
549
+ "notes": "Include data lineage completeness in AI risk management strategy; define minimum lineage requirements per data sensitivity level"
550
+ },
551
+ {
552
+ "framework": "DORA",
553
+ "control_id": "Art. 8",
554
+ "control_name": "Identification — data transformation mapping",
555
+ "tier": "Foundational",
556
+ "scope": "Build",
557
+ "notes": "Map all data transformations in AI pipelines; document inputs, outputs, and processing logic for each stage"
558
+ },
559
+ {
560
+ "framework": "DORA",
561
+ "control_id": "Art. 12",
562
+ "control_name": "Backup Policies — lineage metadata preservation",
563
+ "tier": "Foundational",
564
+ "scope": "Build",
565
+ "notes": "Include lineage metadata in backup policies; ensure lineage records can be restored alongside data and models"
566
+ },
567
+ {
568
+ "framework": "DORA",
569
+ "control_id": "Art. 5–7",
570
+ "control_name": "ICT Risk Management — lineage governance",
571
+ "tier": "Foundational",
572
+ "scope": "Build",
573
+ "notes": "Include data lineage requirements in ICT risk management; define minimum lineage completeness per data sensitivity"
574
+ }
575
+ ],
576
+ "tools": [
577
+ {
578
+ "name": "MCP Inspector",
579
+ "type": "open-source",
580
+ "url": "https://github.com/modelcontextprotocol/inspector"
581
+ },
582
+ {
583
+ "name": "Nightfall AI",
584
+ "type": "commercial",
585
+ "url": "https://nightfall.ai"
586
+ },
587
+ {
588
+ "name": "OWASP Dependency-Check",
589
+ "type": "open-source",
590
+ "url": "https://github.com/jeremylong/DependencyCheck"
591
+ },
592
+ {
593
+ "name": "Semgrep",
594
+ "type": "open-source",
595
+ "url": "https://github.com/returntocorp/semgrep"
596
+ },
597
+ {
598
+ "name": "Guardrails AI",
599
+ "type": "open-source",
600
+ "url": "https://github.com/guardrails-ai/guardrails"
601
+ },
602
+ {
603
+ "name": "NeMo Guardrails",
604
+ "type": "open-source",
605
+ "url": "https://github.com/NVIDIA/NeMo-Guardrails"
606
+ },
607
+ {
608
+ "name": "OpenLineage",
609
+ "type": "open-source",
610
+ "url": "https://openlineage.io"
611
+ },
612
+ {
613
+ "name": "Marquez",
614
+ "type": "open-source",
615
+ "url": "https://marquezproject.ai"
616
+ },
617
+ {
618
+ "name": "MLflow",
619
+ "type": "open-source",
620
+ "url": "https://mlflow.org"
621
+ },
622
+ {
623
+ "name": "DataHub",
624
+ "type": "open-source",
625
+ "url": "https://datahubproject.io"
626
+ },
627
+ {
628
+ "name": "Apache Atlas",
629
+ "type": "open-source",
630
+ "url": "https://atlas.apache.org"
631
+ },
632
+ {
633
+ "name": "dbt",
634
+ "type": "open-source",
635
+ "url": "https://www.getdbt.com"
636
+ },
637
+ {
638
+ "name": "Collibra",
639
+ "type": "commercial",
640
+ "url": "https://www.collibra.com"
641
+ }
642
+ ],
643
+ "incidents": [
644
+ {
645
+ "name": "Uber ML platform data lineage audit — fragmented provenance across 30+ feature stores",
646
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
647
+ "year": 2024,
648
+ "incident_id": "INC-042"
649
+ }
650
+ ],
651
+ "crossrefs": {
652
+ "agentic_top10": [
653
+ "ASI02",
654
+ "ASI04",
655
+ "ASI07",
656
+ "ASI06"
657
+ ],
658
+ "llm_top10": [
659
+ "LLM06",
660
+ "LLM03",
661
+ "LLM05",
662
+ "LLM02"
663
+ ]
664
+ },
665
+ "changelog": [
666
+ {
667
+ "date": "2026-03-27",
668
+ "version": "1.0.0",
669
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
670
+ "author": "emmanuelgjr"
671
+ }
672
+ ]
673
+ }