genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI08.json ADDED
@@ -0,0 +1,698 @@
1
+ {
2
+ "id": "DSGAI08",
3
+ "name": "Non-Compliance and Regulatory Violations",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0057",
23
+ "control_name": "Data from Information Repositories",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Regulatory violations often arise from ungoverned data repositories — adversary exploits what compliance missed"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0051",
31
+ "control_name": "Exploit Public-Facing Application",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Non-compliant AI deployments may lack security controls that compliance would have required"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0035",
39
+ "control_name": "Exfiltrate via ML Inference API",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Regulatory violations in training data scope make inference API exfiltration more damaging"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.6",
47
+ "control_name": "Policies for data privacy",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Legal and regulatory compliance obligations for GenAI documented in governance policy"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "GV-4.2",
55
+ "control_name": "Organisational teams",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "Cross-functional team accountable for GenAI regulatory compliance — legal, privacy, security, AI"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Compliance testing — lawful basis verification, data subject rights fulfilment, retention compliance"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.4",
71
+ "control_name": "Risk response — data",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Regulatory incident response — breach notification timelines, regulatory reporting obligations"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Mandatory risk management system for high-risk AI",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Absence of a documented risk management system is an Art. 9 violation"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Documented quality management system including post-market monitoring",
87
+ "control_name": "Art. 17 — Quality management",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Absence of a quality management system is an Art. 17 violation"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Graduated fines based on violation type",
95
+ "control_name": "Art. 72 — Fines",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Understanding fine exposure is the starting point for compliance prioritisation"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.5.31",
103
+ "control_name": "Compliance with legal requirements",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Identifying and complying with all legal, regulatory, and contractual requirements applicable to GenAI"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.34",
111
+ "control_name": "Privacy and PII protection",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Privacy requirements for GenAI-processed personal data — lawful basis, minimisation, rights support"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.5.36",
119
+ "control_name": "Compliance with policies",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Internal policies for GenAI compliance — reviewed and enforced"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.5.1",
127
+ "control_name": "Policies for information security",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "Governance policies covering regulatory obligations for GenAI"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Policies",
135
+ "control_name": "A.2.2",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Information for interested parties",
143
+ "control_name": "A.8.1",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Context — interested parties",
151
+ "control_name": "Cl.4.2",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Planning — risk",
159
+ "control_name": "Cl.6.1",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 3",
167
+ "control_name": "3.1 — Data management process",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 8",
174
+ "control_name": "8.2 — Collect audit logs",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 17",
181
+ "control_name": "17.1 — Incident response management",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V8 Data Protection",
188
+ "control_name": "V8.3.3 — Consent obtained before PI processing",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V8 Data Protection",
195
+ "control_name": "V8.3.10 — Personal data not kept longer than needed",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V7 Logging",
202
+ "control_name": "V7.2.2 — Audit trail sufficient for compliance",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "Security management system",
209
+ "control_name": "62443-2-1",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "OT security management system updated to cover GenAI deployments — policy, roles, assessment"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "Supplier security requirements",
217
+ "control_name": "62443-2-4",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "GenAI vendors assessed under OT supplier security programme — same requirements as OT software vendors"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 6.6",
225
+ "control_name": "Timely response to events",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Non-compliance incidents trigger defined response — regulatory notification procedures documented"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "Data confidentiality",
233
+ "control_name": "§5.4",
234
+ "tier": "Hardening",
235
+ "scope": "Both",
236
+ "notes": "OT data in retrieval corpora requires access control"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "Risk assessment",
241
+ "control_name": "§6.2",
242
+ "tier": "Hardening",
243
+ "scope": "Both",
244
+ "notes": "Entitlement leakage in OT data retrieval"
245
+ },
246
+ {
247
+ "framework": "NIST SP 800-82 Rev 3",
248
+ "control_id": "Network monitoring",
249
+ "control_name": "§7.3",
250
+ "tier": "Hardening",
251
+ "scope": "Both",
252
+ "notes": "Monitor retrieval patterns for unauthorised OT data access"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "GV.OC-01",
257
+ "control_name": "Organisational Context",
258
+ "tier": "Foundational",
259
+ "scope": "Both",
260
+ "notes": "Regulatory obligations inform cybersecurity risk management — GenAI regulatory scope assessed and documented"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "GV.RM-01",
265
+ "control_name": "Risk Management Strategy",
266
+ "tier": "Foundational",
267
+ "scope": "Both",
268
+ "notes": "Risk management strategy includes regulatory compliance risk — GenAI-specific obligations in risk programme"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "ID.RA-01",
273
+ "control_name": "Risk Assessment",
274
+ "tier": "Foundational",
275
+ "scope": "Both",
276
+ "notes": "Compliance risks identified per GenAI deployment — applicable regulations, triggered obligations, controls gaps"
277
+ },
278
+ {
279
+ "framework": "NIST CSF 2.0",
280
+ "control_id": "RS.CO-03",
281
+ "control_name": "Communication",
282
+ "tier": "Foundational",
283
+ "scope": "Both",
284
+ "notes": "Regulatory incident communication — breach notification, regulatory reporting, authority contact procedures"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Commitment to compliance with applicable laws and regulations including AI-specific obligations",
289
+ "control_name": "CC5.1 — Control environment",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "Regulatory risks identified in GenAI risk assessment — GDPR, EU AI Act, sector-specific regulations",
296
+ "control_name": "CC3.2 — Risk assessment",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Privacy programme covers GenAI processing of personal information — policies, notices, accountability",
303
+ "control_name": "P1.1 — Privacy management",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Regulatory compliance status communicated to management — AI Act obligations, NIS2 requirements",
310
+ "control_name": "CC2.1 — Communication",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 12.1.1",
317
+ "control_name": "Security policy",
318
+ "tier": "Foundational",
319
+ "scope": "Both",
320
+ "notes": "PCI security policy covers GenAI processing of CHD — updated to reflect AI system deployments"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 12.3.1",
325
+ "control_name": "Annual assessment",
326
+ "tier": "Foundational",
327
+ "scope": "Both",
328
+ "notes": "Annual targeted risk analysis covers all GenAI systems that may process CHD"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 12.4.1",
333
+ "control_name": "Programme oversight",
334
+ "tier": "Foundational",
335
+ "scope": "Both",
336
+ "notes": "Executive accountability for GenAI PCI compliance — CISO or equivalent with oversight documented"
337
+ },
338
+ {
339
+ "framework": "PCI DSS v4.0",
340
+ "control_id": "Req 12.6.1",
341
+ "control_name": "Security awareness",
342
+ "tier": "Foundational",
343
+ "scope": "Both",
344
+ "notes": "Security awareness covers PCI obligations in GenAI context — staff understand scope implications"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "GOV",
349
+ "control_name": "Governance and Risk",
350
+ "tier": "Foundational",
351
+ "scope": "Both",
352
+ "notes": "All applicable regulations identified and mapped to AI controls — EU AI Act, GDPR, NIS2, sector-specific obligations tracked in AI governance programme"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "L2",
357
+ "control_name": "Data and Model Security (DMS)",
358
+ "tier": "Foundational",
359
+ "scope": "Both",
360
+ "notes": "Data controls designed to meet regulatory requirements — GDPR Article 10 training data obligations, NIS2 data security measures"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "IRS",
365
+ "control_name": "Incident Response",
366
+ "tier": "Foundational",
367
+ "scope": "Both",
368
+ "notes": "AI incident response plan includes regulatory notification procedures — NIS2 Article 23 significant incident reporting, GDPR breach notification"
369
+ },
370
+ {
371
+ "framework": "ENISA Multilayer Framework",
372
+ "control_id": "L1",
373
+ "control_name": "General ICT — Governance",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "AI acceptable use and data protection policies document regulatory obligations and controls"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "D-TA",
381
+ "control_name": "Design / Threat Assessment",
382
+ "tier": "Hardening",
383
+ "scope": "Both",
384
+ "notes": "Model all paths where over-retrieval can expose unauthorised content"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "I-SB",
389
+ "control_name": "Implementation / Secure Build",
390
+ "tier": "Hardening",
391
+ "scope": "Both",
392
+ "notes": "Enforce per-query entitlement filtering in retrieval pipeline"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "V-ST",
397
+ "control_name": "Verification / Security Testing",
398
+ "tier": "Hardening",
399
+ "scope": "Both",
400
+ "notes": "Test whether queries can retrieve documents from other tenants or restricted tiers"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "O-OM",
405
+ "control_name": "Operations / Operational Management",
406
+ "tier": "Hardening",
407
+ "scope": "Both",
408
+ "notes": "Log all retrieved documents with user identity for forensic review"
409
+ },
410
+ {
411
+ "framework": "OWASP SAMM v2.0",
412
+ "control_id": "G-PC",
413
+ "control_name": "Governance / Policy & Compliance",
414
+ "tier": "Hardening",
415
+ "scope": "Both",
416
+ "notes": "Policy mapping corpus access to user roles and data classification"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-359",
421
+ "control_name": "CWE-359",
422
+ "tier": "Foundational",
423
+ "scope": "Both",
424
+ "url": "https://cwe.mitre.org/data/definitions/359.html"
425
+ },
426
+ {
427
+ "framework": "CWE/CVE",
428
+ "control_id": "CWE-778",
429
+ "control_name": "CWE-778",
430
+ "tier": "Foundational",
431
+ "scope": "Both",
432
+ "url": "https://cwe.mitre.org/data/definitions/778.html"
433
+ },
434
+ {
435
+ "framework": "MAESTRO",
436
+ "control_id": "L6",
437
+ "control_name": "Security & Compliance",
438
+ "tier": "Foundational",
439
+ "scope": "Both"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L2",
444
+ "control_name": "Data Operations",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L7",
451
+ "control_name": "Agent Ecosystem",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "AIUC-1",
457
+ "control_id": "A",
458
+ "control_name": "Data & Privacy domain",
459
+ "tier": "Hardening",
460
+ "scope": "Both",
461
+ "notes": "Foundational"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "B005",
466
+ "control_name": "Implement real-time input filtering",
467
+ "tier": "Hardening",
468
+ "scope": "Both",
469
+ "notes": "Foundational"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "B006",
474
+ "control_name": "Prevent unauthorized AI actions",
475
+ "tier": "Hardening",
476
+ "scope": "Both",
477
+ "notes": "Foundational"
478
+ },
479
+ {
480
+ "framework": "OWASP NHI Top 10",
481
+ "control_id": "Embedding store service account with cross-tenant read access",
482
+ "control_name": "NHI-5 Over-Privileged NHI",
483
+ "tier": "Hardening",
484
+ "scope": "Both",
485
+ "notes": "Per-tenant credentials or row-level security with minimum scope"
486
+ },
487
+ {
488
+ "framework": "OWASP NHI Top 10",
489
+ "control_id": "Unauthenticated embedding store access",
490
+ "control_name": "NHI-4 Insecure Authentication",
491
+ "tier": "Hardening",
492
+ "scope": "Both",
493
+ "notes": "Require authentication for all vector database connections"
494
+ },
495
+ {
496
+ "framework": "OWASP NHI Top 10",
497
+ "control_id": "Same embedding store credential used for multiple tenants",
498
+ "control_name": "NHI-9 NHI Reuse",
499
+ "tier": "Hardening",
500
+ "scope": "Both",
501
+ "notes": "Separate credentials per tenant or use row-level security"
502
+ },
503
+ {
504
+ "framework": "NIST SP 800-218A",
505
+ "control_id": "PS.1.1-PS",
506
+ "control_name": "Protect all code from unauthorised access — data exfiltration prevention",
507
+ "tier": "Foundational",
508
+ "scope": "Both",
509
+ "notes": "Implement controls preventing sensitive data exfiltration through model interfaces, API endpoints, and pipeline outputs; enforce data classification boundaries"
510
+ },
511
+ {
512
+ "framework": "NIST SP 800-218A",
513
+ "control_id": "PW.5.1-PS",
514
+ "control_name": "Secure coding — data handling in AI pipelines",
515
+ "tier": "Foundational",
516
+ "scope": "Both",
517
+ "notes": "Enforce secure coding practices for all data handling in AI pipelines; implement output filtering, PII detection, and data masking before model responses reach consumers"
518
+ },
519
+ {
520
+ "framework": "NIST SP 800-218A",
521
+ "control_id": "PW.7.2-PS",
522
+ "control_name": "Review for security vulnerabilities — data leakage review",
523
+ "tier": "Foundational",
524
+ "scope": "Both",
525
+ "notes": "Include data leakage and memorisation scenarios in pre-release security reviews; verify that outputs cannot reveal training data or sensitive context"
526
+ },
527
+ {
528
+ "framework": "FedRAMP",
529
+ "control_id": "SC-28",
530
+ "control_name": "Protection of Information at Rest — AI data encryption",
531
+ "tier": "Foundational",
532
+ "scope": "Both",
533
+ "notes": "Encrypt all AI data at rest — training data, model weights, inference logs, embedding stores — using FIPS 140-validated modules"
534
+ },
535
+ {
536
+ "framework": "FedRAMP",
537
+ "control_id": "AC-3",
538
+ "control_name": "Access Enforcement — AI data access",
539
+ "tier": "Foundational",
540
+ "scope": "Both",
541
+ "notes": "Enforce role-based access control on all AI data stores; restrict access based on clearance, need-to-know, and data sensitivity"
542
+ },
543
+ {
544
+ "framework": "FedRAMP",
545
+ "control_id": "AU-2",
546
+ "control_name": "Event Logging — leakage detection logging",
547
+ "tier": "Foundational",
548
+ "scope": "Both",
549
+ "notes": "Log AI data access and model outputs with sufficient detail to detect data leakage; include output content metadata"
550
+ },
551
+ {
552
+ "framework": "FedRAMP",
553
+ "control_id": "SI-4",
554
+ "control_name": "System Monitoring — leakage indicator detection",
555
+ "tier": "Foundational",
556
+ "scope": "Both",
557
+ "notes": "Monitor model outputs and data access patterns for leakage indicators — PII, credentials, classification markings in outputs; alert on detection"
558
+ },
559
+ {
560
+ "framework": "DORA",
561
+ "control_id": "Art. 9",
562
+ "control_name": "Protection and Prevention — data leakage controls",
563
+ "tier": "Foundational",
564
+ "scope": "Both",
565
+ "notes": "Implement security controls preventing AI data leakage — output monitoring, DLP, access controls, and encryption for all financial AI data"
566
+ },
567
+ {
568
+ "framework": "DORA",
569
+ "control_id": "Art. 17–23",
570
+ "control_name": "ICT Incident Management — data breach reporting",
571
+ "tier": "Foundational",
572
+ "scope": "Both",
573
+ "notes": "Classify AI data leakage events as ICT-related incidents; report to competent authorities per DORA incident classification criteria"
574
+ },
575
+ {
576
+ "framework": "DORA",
577
+ "control_id": "Art. 10",
578
+ "control_name": "Detection — leakage indicator monitoring",
579
+ "tier": "Foundational",
580
+ "scope": "Both",
581
+ "notes": "Deploy detection for data leakage indicators in model outputs — PII, financial data, credentials; alert and block on detection"
582
+ },
583
+ {
584
+ "framework": "DORA",
585
+ "control_id": "Art. 13",
586
+ "control_name": "Learning and Evolving — leakage post-mortem",
587
+ "tier": "Foundational",
588
+ "scope": "Both",
589
+ "notes": "Conduct post-incident analysis for data leakage events; identify root cause and update controls"
590
+ }
591
+ ],
592
+ "tools": [
593
+ {
594
+ "name": "OneTrust",
595
+ "type": "commercial",
596
+ "url": "https://www.onetrust.com"
597
+ },
598
+ {
599
+ "name": "Osano",
600
+ "type": "commercial",
601
+ "url": "https://www.osano.com"
602
+ },
603
+ {
604
+ "name": "EU AI Office guidance",
605
+ "type": "open-source",
606
+ "url": "https://digital-strategy.ec.europa.eu/en/policies/ai-office"
607
+ },
608
+ {
609
+ "name": "GDPR.eu compliance guides",
610
+ "type": "open-source",
611
+ "url": "https://gdpr.eu"
612
+ },
613
+ {
614
+ "name": "IBM OpenPages",
615
+ "type": "commercial",
616
+ "url": "https://www.ibm.com/products/openpages"
617
+ },
618
+ {
619
+ "name": "OpenDP",
620
+ "type": "open-source",
621
+ "url": "https://github.com/opendp/opendp"
622
+ },
623
+ {
624
+ "name": "Privado",
625
+ "type": "open-source",
626
+ "url": "https://github.com/Privado-Inc/privado"
627
+ },
628
+ {
629
+ "name": "Presidio",
630
+ "type": "open-source",
631
+ "url": "https://github.com/microsoft/presidio"
632
+ },
633
+ {
634
+ "name": "LLM Guard",
635
+ "type": "open-source",
636
+ "url": "https://github.com/protectai/llm-guard"
637
+ },
638
+ {
639
+ "name": "Nightfall",
640
+ "type": "commercial",
641
+ "url": "https://www.nightfall.ai"
642
+ },
643
+ {
644
+ "name": "Microsoft Presidio",
645
+ "type": "open-source",
646
+ "url": "https://github.com/microsoft/presidio"
647
+ },
648
+ {
649
+ "name": "Nightfall DLP",
650
+ "type": "commercial",
651
+ "url": "https://www.nightfall.ai"
652
+ },
653
+ {
654
+ "name": "AWS Macie / Azure Purview",
655
+ "type": "commercial",
656
+ "url": "https://aws.amazon.com/macie/"
657
+ }
658
+ ],
659
+ "incidents": [
660
+ {
661
+ "name": "DeepSeek AI database exposure — 1M+ chat logs publicly accessible",
662
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
663
+ "year": 2025,
664
+ "incident_id": "INC-032"
665
+ },
666
+ {
667
+ "name": "Cursor AI code agent leaking repository secrets via context window",
668
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
669
+ "year": 2025,
670
+ "incident_id": "INC-034"
671
+ }
672
+ ],
673
+ "crossrefs": {
674
+ "dsgai_2026": [
675
+ "DSGAI07"
676
+ ],
677
+ "llm_top10": [
678
+ "LLM02",
679
+ "LLM08",
680
+ "LLM07",
681
+ "LLM01"
682
+ ],
683
+ "agentic_top10": [
684
+ "ASI06",
685
+ "ASI01",
686
+ "ASI02",
687
+ "ASI03"
688
+ ]
689
+ },
690
+ "changelog": [
691
+ {
692
+ "date": "2026-03-27",
693
+ "version": "1.0.0",
694
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
695
+ "author": "emmanuelgjr"
696
+ }
697
+ ]
698
+ }