genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI07.json ADDED
@@ -0,0 +1,680 @@
1
+ {
2
+ "id": "DSGAI07",
3
+ "name": "Data Governance and Lifecycle",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0035",
23
+ "control_name": "Exfiltrate via ML Inference API",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Ungoverned derived assets (embeddings, caches) accessible through inference API without classification controls"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0024.000",
31
+ "control_name": "Membership Inference",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Ungoverned training data status — adversary determines what sensitive data is in scope without classification barriers"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0057",
39
+ "control_name": "Data from Information Repositories",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Ungoverned embedding stores and agent memory databases accessed without access controls"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.6",
47
+ "control_name": "Policies for data privacy",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Data governance policy extended to all GenAI-derived assets — embeddings, caches, memory, telemetry"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MP-1.6",
55
+ "control_name": "Context establishment",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "GenAI data assets inventoried and mapped — source through derivation chain documented"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-3.3",
63
+ "control_name": "Data quality",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Data quality and governance controls measured across full GenAI data lifecycle"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-3.2",
71
+ "control_name": "Residual risk",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Residual governance risk from ungoverned derived assets documented and treated"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "High-risk AI training data subject to governance — relevant, representative, privacy-preserving",
79
+ "control_name": "Art. 10 — Data and data governance",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Data governance policy covering the full AI data lifecycle is an Art. 10 compliance requirement"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Documented quality management system including data handling procedures",
87
+ "control_name": "Art. 17 — Quality management",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Data lifecycle procedures — classification, retention, deletion — documented in quality management"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "GPAI providers maintain technical documentation including training data governance",
95
+ "control_name": "Art. 53(1)(a) — GPAI documentation",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Full data governance documentation for GPAI training data is a binding Art. 53 obligation"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.5.9",
103
+ "control_name": "Inventory of assets",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "All GenAI data assets inventoried — training data, embeddings, caches, agent memory, logs"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.12",
111
+ "control_name": "Classification of information",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Classification extended to GenAI-derived assets — embeddings inherit source classification"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.5.13",
119
+ "control_name": "Labelling of information",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Classification labels propagate through the full GenAI data lifecycle"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.10",
127
+ "control_name": "Information deletion",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "Deletion and erasure obligations enforced across all derived assets — embeddings, caches, backups"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — acquisition",
135
+ "control_name": "A.7.2",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Data — preparation",
143
+ "control_name": "A.7.3",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Policies",
151
+ "control_name": "A.2.2",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Planning — risk",
159
+ "control_name": "Cl.6.1",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 3",
167
+ "control_name": "3.2 — Establish data inventory",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 3",
174
+ "control_name": "3.3 — Configure data access control lists",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 3",
181
+ "control_name": "3.11 — Encrypt sensitive data at rest",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "CIS Controls v8.1",
187
+ "control_id": "CIS 8",
188
+ "control_name": "8.3 — Ensure adequate audit log storage",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V8 Data Protection",
195
+ "control_name": "V8.1.4 — Sensitive data minimisation",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V8 Data Protection",
202
+ "control_name": "V8.3.4 — Sensitive data identified and classified",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "OWASP ASVS 4.0.3",
208
+ "control_id": "V4 Access Control",
209
+ "control_name": "V4.1.5 — Attribute-based access control",
210
+ "tier": "Foundational",
211
+ "scope": "Both"
212
+ },
213
+ {
214
+ "framework": "ISA/IEC 62443",
215
+ "control_id": "SR 4.1",
216
+ "control_name": "Data confidentiality",
217
+ "tier": "Foundational",
218
+ "scope": "Both",
219
+ "notes": "OT-derived GenAI assets (embeddings, caches) classified and protected — not treated as general IT data"
220
+ },
221
+ {
222
+ "framework": "ISA/IEC 62443",
223
+ "control_id": "SR 1.2",
224
+ "control_name": "Human user authentication",
225
+ "tier": "Foundational",
226
+ "scope": "Both",
227
+ "notes": "Access controls on all GenAI-derived OT data assets — same authentication requirements as source data"
228
+ },
229
+ {
230
+ "framework": "ISA/IEC 62443",
231
+ "control_id": "Supplier security requirements",
232
+ "control_name": "62443-2-4",
233
+ "tier": "Foundational",
234
+ "scope": "Both",
235
+ "notes": "GenAI vendors handling OT-derived assets subject to 62443-2-4 programme"
236
+ },
237
+ {
238
+ "framework": "NIST SP 800-82 Rev 3",
239
+ "control_id": "ICS vulnerabilities",
240
+ "control_name": "§5.3",
241
+ "tier": "Foundational",
242
+ "scope": "Both",
243
+ "notes": "Excessive OT data access is a documented vulnerability"
244
+ },
245
+ {
246
+ "framework": "NIST SP 800-82 Rev 3",
247
+ "control_id": "Risk assessment",
248
+ "control_name": "§6.2",
249
+ "tier": "Foundational",
250
+ "scope": "Both",
251
+ "notes": "Data access scope in OT risk assessment"
252
+ },
253
+ {
254
+ "framework": "NIST SP 800-82 Rev 3",
255
+ "control_id": "Secure architecture",
256
+ "control_name": "§7.1",
257
+ "tier": "Foundational",
258
+ "scope": "Both",
259
+ "notes": "Least privilege enforced at OT data boundary"
260
+ },
261
+ {
262
+ "framework": "NIST CSF 2.0",
263
+ "control_id": "GV.OC-01",
264
+ "control_name": "Organisational Context",
265
+ "tier": "Foundational",
266
+ "scope": "Both",
267
+ "notes": "Data governance policy extended to all GenAI-derived assets — embeddings, caches, agent memory"
268
+ },
269
+ {
270
+ "framework": "NIST CSF 2.0",
271
+ "control_id": "ID.AM-08",
272
+ "control_name": "Asset Management",
273
+ "tier": "Foundational",
274
+ "scope": "Both",
275
+ "notes": "GenAI data assets inventoried — training datasets, embeddings, RAG stores, agent memory, telemetry logs"
276
+ },
277
+ {
278
+ "framework": "NIST CSF 2.0",
279
+ "control_id": "PR.DS-01",
280
+ "control_name": "Data Security",
281
+ "tier": "Foundational",
282
+ "scope": "Both",
283
+ "notes": "All GenAI data assets protected per classification — derived assets inherit source classification"
284
+ },
285
+ {
286
+ "framework": "NIST CSF 2.0",
287
+ "control_id": "DE.CM-09",
288
+ "control_name": "Continuous Monitoring",
289
+ "tier": "Foundational",
290
+ "scope": "Both",
291
+ "notes": "Monitoring for ungoverned data assets — new GenAI deployments creating untracked data flows detected"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "Policy identifies all confidential information in GenAI scope — including derived assets (embeddings, caches, traces)",
296
+ "control_name": "C1.1 — Confidentiality policy",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Personal information lifecycle management covers GenAI-derived assets — embeddings inherit source data obligations",
303
+ "control_name": "P4.1 — Privacy information lifecycle",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Data lifecycle procedures documented — classification propagation, retention schedules, deletion procedures",
310
+ "control_name": "CC5.2 — Control activities",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "SOC 2",
316
+ "control_id": "Ungoverned derived asset risks identified in assessment — embeddings, caches, agent memory outside governance scope",
317
+ "control_name": "CC3.2 — Risk assessment",
318
+ "tier": "Foundational",
319
+ "scope": "Both"
320
+ },
321
+ {
322
+ "framework": "PCI DSS v4.0",
323
+ "control_id": "Req 3.1.1",
324
+ "control_name": "Account data inventory",
325
+ "tier": "Foundational",
326
+ "scope": "Both",
327
+ "notes": "All CHD locations documented — derived GenAI assets (embeddings, caches) included in data inventory"
328
+ },
329
+ {
330
+ "framework": "PCI DSS v4.0",
331
+ "control_id": "Req 3.2.1",
332
+ "control_name": "Data flow documentation",
333
+ "tier": "Foundational",
334
+ "scope": "Both",
335
+ "notes": "Data flow diagrams include all GenAI pipeline paths — source through embedding, retrieval, generation, logging"
336
+ },
337
+ {
338
+ "framework": "PCI DSS v4.0",
339
+ "control_id": "Req 9.4.6",
340
+ "control_name": "Media disposal",
341
+ "tier": "Foundational",
342
+ "scope": "Both",
343
+ "notes": "Derived GenAI assets containing CHD disposed of securely — deletion verified per Req 9.4 requirements"
344
+ },
345
+ {
346
+ "framework": "PCI DSS v4.0",
347
+ "control_id": "Req 12.3.2",
348
+ "control_name": "Targeted risk analysis",
349
+ "tier": "Foundational",
350
+ "scope": "Both",
351
+ "notes": "Targeted risk analysis for ungoverned GenAI-derived assets — scope, protection, lifecycle documented"
352
+ },
353
+ {
354
+ "framework": "ENISA Multilayer Framework",
355
+ "control_id": "L2",
356
+ "control_name": "Governance and Risk (GOV)",
357
+ "tier": "Foundational",
358
+ "scope": "Both",
359
+ "notes": "Comprehensive data governance policy for all GenAI assets — classification, ownership, retention, deletion, and unlearning capability documented"
360
+ },
361
+ {
362
+ "framework": "ENISA Multilayer Framework",
363
+ "control_id": "L2",
364
+ "control_name": "Data and Model Security (DMS)",
365
+ "tier": "Foundational",
366
+ "scope": "Both",
367
+ "notes": "Data lifecycle controls for training corpora, embeddings, and RAG stores — retention periods enforced, deletion verified"
368
+ },
369
+ {
370
+ "framework": "ENISA Multilayer Framework",
371
+ "control_id": "MON",
372
+ "control_name": "Monitoring and Detection",
373
+ "tier": "Foundational",
374
+ "scope": "Both",
375
+ "notes": "Data asset inventory monitored for stale or unclassified assets — alerts on policy violations"
376
+ },
377
+ {
378
+ "framework": "ENISA Multilayer Framework",
379
+ "control_id": "L1",
380
+ "control_name": "General ICT — Data Protection",
381
+ "tier": "Foundational",
382
+ "scope": "Both",
383
+ "notes": "Classified data protected per classification level — access control enforced at storage layer"
384
+ },
385
+ {
386
+ "framework": "OWASP SAMM v2.0",
387
+ "control_id": "D-SA",
388
+ "control_name": "Design / Security Architecture",
389
+ "tier": "Foundational",
390
+ "scope": "Both",
391
+ "notes": "Define minimum data scope for each system component"
392
+ },
393
+ {
394
+ "framework": "OWASP SAMM v2.0",
395
+ "control_id": "G-SM",
396
+ "control_name": "Governance / Strategy & Metrics",
397
+ "tier": "Foundational",
398
+ "scope": "Both",
399
+ "notes": "Formalise data access review as part of security programme"
400
+ },
401
+ {
402
+ "framework": "OWASP SAMM v2.0",
403
+ "control_id": "V-AA",
404
+ "control_name": "Verification / Architecture Assessment",
405
+ "tier": "Foundational",
406
+ "scope": "Both",
407
+ "notes": "Periodic review of declared vs actual data access per component"
408
+ },
409
+ {
410
+ "framework": "OWASP SAMM v2.0",
411
+ "control_id": "O-OM",
412
+ "control_name": "Operations / Operational Management",
413
+ "tier": "Foundational",
414
+ "scope": "Both",
415
+ "notes": "Alert when component requests data outside declared scope"
416
+ },
417
+ {
418
+ "framework": "OWASP SAMM v2.0",
419
+ "control_id": "G-PC",
420
+ "control_name": "Governance / Policy & Compliance",
421
+ "tier": "Foundational",
422
+ "scope": "Both",
423
+ "notes": "Documented policy requiring data access justification"
424
+ },
425
+ {
426
+ "framework": "CWE/CVE",
427
+ "control_id": "CWE-359",
428
+ "control_name": "CWE-359",
429
+ "tier": "Foundational",
430
+ "scope": "Both",
431
+ "url": "https://cwe.mitre.org/data/definitions/359.html"
432
+ },
433
+ {
434
+ "framework": "CWE/CVE",
435
+ "control_id": "CWE-213",
436
+ "control_name": "CWE-213",
437
+ "tier": "Foundational",
438
+ "scope": "Both",
439
+ "url": "https://cwe.mitre.org/data/definitions/213.html"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L2",
444
+ "control_name": "Data Operations",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L6",
451
+ "control_name": "Security & Compliance",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "MAESTRO",
457
+ "control_id": "L5",
458
+ "control_name": "Evaluation & Observability",
459
+ "tier": "Foundational",
460
+ "scope": "Both"
461
+ },
462
+ {
463
+ "framework": "AIUC-1",
464
+ "control_id": "A",
465
+ "control_name": "Data & Privacy domain",
466
+ "tier": "Foundational",
467
+ "scope": "Both",
468
+ "notes": "Foundational"
469
+ },
470
+ {
471
+ "framework": "AIUC-1",
472
+ "control_id": "B006",
473
+ "control_name": "Prevent unauthorized AI actions",
474
+ "tier": "Foundational",
475
+ "scope": "Both",
476
+ "notes": "Foundational"
477
+ },
478
+ {
479
+ "framework": "AIUC-1",
480
+ "control_id": "B007",
481
+ "control_name": "Third-party permission controls",
482
+ "tier": "Foundational",
483
+ "scope": "Both",
484
+ "notes": "Hardening"
485
+ },
486
+ {
487
+ "framework": "AIUC-1",
488
+ "control_id": "E",
489
+ "control_name": "Audit trails and logging",
490
+ "tier": "Foundational",
491
+ "scope": "Both",
492
+ "notes": "Foundational"
493
+ },
494
+ {
495
+ "framework": "OWASP NHI Top 10",
496
+ "control_id": "GenAI system service account has access to more data than declared function requires",
497
+ "control_name": "NHI-5 Over-Privileged NHI",
498
+ "tier": "Foundational",
499
+ "scope": "Both",
500
+ "notes": "Audit and reduce credential scope per system component"
501
+ },
502
+ {
503
+ "framework": "OWASP NHI Top 10",
504
+ "control_id": "Long-lived credentials maintain excessive access indefinitely",
505
+ "control_name": "NHI-7 Long-Lived Credentials",
506
+ "tier": "Foundational",
507
+ "scope": "Both",
508
+ "notes": "Rotate or replace with short-lived tokens"
509
+ },
510
+ {
511
+ "framework": "OWASP NHI Top 10",
512
+ "control_id": "Same data access credential used across multiple GenAI system functions",
513
+ "control_name": "NHI-9 NHI Reuse",
514
+ "tier": "Foundational",
515
+ "scope": "Both",
516
+ "notes": "Separate credentials per function"
517
+ },
518
+ {
519
+ "framework": "NIST SP 800-218A",
520
+ "control_id": "PW.1.1-PS",
521
+ "control_name": "Define security requirements — data aggregation controls",
522
+ "tier": "Foundational",
523
+ "scope": "Both",
524
+ "notes": "Define security requirements governing how datasets may be combined for AI training and inference; require aggregation impact assessments before merging datasets"
525
+ },
526
+ {
527
+ "framework": "NIST SP 800-218A",
528
+ "control_id": "PW.2.1-PS",
529
+ "control_name": "Design software — aggregation-aware data architecture",
530
+ "tier": "Foundational",
531
+ "scope": "Both",
532
+ "notes": "Design AI data pipelines with aggregation controls that prevent combination of datasets whose joint sensitivity exceeds authorised classification levels"
533
+ },
534
+ {
535
+ "framework": "FedRAMP",
536
+ "control_id": "AC-6",
537
+ "control_name": "Least Privilege — data aggregation restrictions",
538
+ "tier": "Foundational",
539
+ "scope": "Both",
540
+ "notes": "Restrict data aggregation scope to minimum necessary; enforce controls preventing combination of datasets that create higher-sensitivity aggregates"
541
+ },
542
+ {
543
+ "framework": "FedRAMP",
544
+ "control_id": "SC-7",
545
+ "control_name": "Boundary Protection — data flow control",
546
+ "tier": "Foundational",
547
+ "scope": "Both",
548
+ "notes": "Enforce boundary protection on data flows between systems; prevent uncontrolled data aggregation across security boundaries"
549
+ },
550
+ {
551
+ "framework": "FedRAMP",
552
+ "control_id": "PM-9",
553
+ "control_name": "Risk Management Strategy — aggregation risk",
554
+ "tier": "Foundational",
555
+ "scope": "Both",
556
+ "notes": "Include data aggregation risk in AI risk management strategy; assess combined sensitivity of aggregated datasets"
557
+ },
558
+ {
559
+ "framework": "DORA",
560
+ "control_id": "Art. 5–7",
561
+ "control_name": "ICT Risk Management — aggregation risk governance",
562
+ "tier": "Foundational",
563
+ "scope": "Both",
564
+ "notes": "Include data aggregation risk in ICT risk management; assess combined sensitivity of aggregated financial datasets used in AI systems"
565
+ },
566
+ {
567
+ "framework": "DORA",
568
+ "control_id": "Art. 9",
569
+ "control_name": "Protection and Prevention — aggregation controls",
570
+ "tier": "Foundational",
571
+ "scope": "Both",
572
+ "notes": "Implement controls preventing uncontrolled data aggregation; enforce restrictions on combining datasets that create higher-sensitivity aggregates"
573
+ },
574
+ {
575
+ "framework": "DORA",
576
+ "control_id": "Art. 10",
577
+ "control_name": "Detection — aggregation anomaly detection",
578
+ "tier": "Foundational",
579
+ "scope": "Both",
580
+ "notes": "Monitor for excessive data aggregation patterns; alert on dataset combinations exceeding defined sensitivity thresholds"
581
+ }
582
+ ],
583
+ "tools": [
584
+ {
585
+ "name": "Apache Atlas",
586
+ "type": "open-source",
587
+ "url": "https://atlas.apache.org"
588
+ },
589
+ {
590
+ "name": "OpenMetadata",
591
+ "type": "open-source",
592
+ "url": "https://open-metadata.org"
593
+ },
594
+ {
595
+ "name": "Collibra",
596
+ "type": "commercial",
597
+ "url": "https://www.collibra.com"
598
+ },
599
+ {
600
+ "name": "Amundsen",
601
+ "type": "open-source",
602
+ "url": "https://github.com/amundsen-io/amundsen"
603
+ },
604
+ {
605
+ "name": "ARX Data Anonymization",
606
+ "type": "open-source",
607
+ "url": "https://arx.deidentifier.org"
608
+ },
609
+ {
610
+ "name": "OpenDP",
611
+ "type": "open-source",
612
+ "url": "https://opendp.org"
613
+ },
614
+ {
615
+ "name": "Google Differential Privacy",
616
+ "type": "open-source",
617
+ "url": "https://github.com/google/differential-privacy"
618
+ },
619
+ {
620
+ "name": "Presidio",
621
+ "type": "open-source",
622
+ "url": "https://github.com/microsoft/presidio"
623
+ },
624
+ {
625
+ "name": "Microsoft Presidio",
626
+ "type": "open-source",
627
+ "url": "https://github.com/microsoft/presidio"
628
+ },
629
+ {
630
+ "name": "Open Policy Agent",
631
+ "type": "open-source",
632
+ "url": "https://www.openpolicyagent.org"
633
+ }
634
+ ],
635
+ "incidents": [
636
+ {
637
+ "name": "Samsung employees leak source code and meeting notes via ChatGPT",
638
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
639
+ "year": 2023,
640
+ "incident_id": "INC-001"
641
+ },
642
+ {
643
+ "name": "GitHub Copilot reproduces verbatim licensed code and embedded secrets",
644
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
645
+ "year": 2023,
646
+ "incident_id": "INC-008"
647
+ },
648
+ {
649
+ "name": "Uber ML platform data lineage audit — fragmented provenance across 30+ feature stores",
650
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
651
+ "year": 2024,
652
+ "incident_id": "INC-042"
653
+ }
654
+ ],
655
+ "crossrefs": {
656
+ "dsgai_2026": [
657
+ "DSGAI08",
658
+ "DSGAI01"
659
+ ],
660
+ "llm_top10": [
661
+ "LLM02",
662
+ "LLM06",
663
+ "LLM03",
664
+ "LLM08"
665
+ ],
666
+ "agentic_top10": [
667
+ "ASI03",
668
+ "ASI02",
669
+ "ASI06"
670
+ ]
671
+ },
672
+ "changelog": [
673
+ {
674
+ "date": "2026-03-27",
675
+ "version": "1.0.0",
676
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
677
+ "author": "emmanuelgjr"
678
+ }
679
+ ]
680
+ }