genai-security-crosswalk 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +28 -0
- package/README.md +618 -0
- package/data/entries/ASI01.json +911 -0
- package/data/entries/ASI02.json +850 -0
- package/data/entries/ASI03.json +854 -0
- package/data/entries/ASI04.json +759 -0
- package/data/entries/ASI05.json +764 -0
- package/data/entries/ASI06.json +817 -0
- package/data/entries/ASI07.json +789 -0
- package/data/entries/ASI08.json +788 -0
- package/data/entries/ASI09.json +754 -0
- package/data/entries/ASI10.json +833 -0
- package/data/entries/DSGAI01.json +779 -0
- package/data/entries/DSGAI02.json +728 -0
- package/data/entries/DSGAI03.json +671 -0
- package/data/entries/DSGAI04.json +752 -0
- package/data/entries/DSGAI05.json +689 -0
- package/data/entries/DSGAI06.json +673 -0
- package/data/entries/DSGAI07.json +680 -0
- package/data/entries/DSGAI08.json +698 -0
- package/data/entries/DSGAI09.json +687 -0
- package/data/entries/DSGAI10.json +627 -0
- package/data/entries/DSGAI11.json +663 -0
- package/data/entries/DSGAI12.json +695 -0
- package/data/entries/DSGAI13.json +688 -0
- package/data/entries/DSGAI14.json +703 -0
- package/data/entries/DSGAI15.json +655 -0
- package/data/entries/DSGAI16.json +716 -0
- package/data/entries/DSGAI17.json +690 -0
- package/data/entries/DSGAI18.json +613 -0
- package/data/entries/DSGAI19.json +638 -0
- package/data/entries/DSGAI20.json +671 -0
- package/data/entries/DSGAI21.json +881 -0
- package/data/entries/LLM01.json +975 -0
- package/data/entries/LLM02.json +868 -0
- package/data/entries/LLM03.json +817 -0
- package/data/entries/LLM04.json +797 -0
- package/data/entries/LLM05.json +761 -0
- package/data/entries/LLM06.json +848 -0
- package/data/entries/LLM07.json +749 -0
- package/data/entries/LLM08.json +750 -0
- package/data/entries/LLM09.json +760 -0
- package/data/entries/LLM10.json +763 -0
- package/data/incidents-schema.json +121 -0
- package/data/incidents.json +1484 -0
- package/data/schema.json +134 -0
- package/dist/index.d.ts +97 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +124 -0
- package/dist/index.js.map +1 -0
- package/dist/index.test.d.ts +2 -0
- package/dist/index.test.d.ts.map +1 -0
- package/dist/index.test.js +97 -0
- package/dist/index.test.js.map +1 -0
- package/package.json +62 -0
|
@@ -0,0 +1,627 @@
|
|
|
1
|
+
{
|
|
2
|
+
"id": "DSGAI10",
|
|
3
|
+
"name": "Synthetic Data and Anonymization Pitfalls",
|
|
4
|
+
"source_list": "DSGAI-2026",
|
|
5
|
+
"version": "2026-Q1",
|
|
6
|
+
"severity": "Medium",
|
|
7
|
+
"aivss_score": null,
|
|
8
|
+
"audience": [
|
|
9
|
+
"red-teamer",
|
|
10
|
+
"security-engineer",
|
|
11
|
+
"ciso",
|
|
12
|
+
"compliance",
|
|
13
|
+
"ml-engineer",
|
|
14
|
+
"ot-engineer",
|
|
15
|
+
"auditor",
|
|
16
|
+
"developer",
|
|
17
|
+
"data-engineer"
|
|
18
|
+
],
|
|
19
|
+
"mappings": [
|
|
20
|
+
{
|
|
21
|
+
"framework": "MITRE ATLAS",
|
|
22
|
+
"control_id": "AML.T0024.000",
|
|
23
|
+
"control_name": "Membership Inference",
|
|
24
|
+
"tier": "Hardening",
|
|
25
|
+
"scope": "Both",
|
|
26
|
+
"notes": "Adversary probes synthetic dataset to determine whether specific individuals are re-identifiable"
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"framework": "MITRE ATLAS",
|
|
30
|
+
"control_id": "AML.T0025",
|
|
31
|
+
"control_name": "Exfiltrate via Cyber Means",
|
|
32
|
+
"tier": "Hardening",
|
|
33
|
+
"scope": "Both",
|
|
34
|
+
"notes": "Re-identified individuals from synthetic data extracted via standard exfiltration paths"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"framework": "MITRE ATLAS",
|
|
38
|
+
"control_id": "AML.T0035",
|
|
39
|
+
"control_name": "Exfiltrate via ML Inference API",
|
|
40
|
+
"tier": "Hardening",
|
|
41
|
+
"scope": "Both",
|
|
42
|
+
"notes": "Synthetic training data membership confirmed and specific records reconstructed through inference API"
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"framework": "NIST AI RMF 1.0",
|
|
46
|
+
"control_id": "GV-1.6",
|
|
47
|
+
"control_name": "Policies for data privacy",
|
|
48
|
+
"tier": "Hardening",
|
|
49
|
+
"scope": "Build",
|
|
50
|
+
"notes": "Anonymisation governance policy — legal standard, not technical checkbox"
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"framework": "NIST AI RMF 1.0",
|
|
54
|
+
"control_id": "MS-2.6",
|
|
55
|
+
"control_name": "Testing — data leakage",
|
|
56
|
+
"tier": "Hardening",
|
|
57
|
+
"scope": "Build",
|
|
58
|
+
"notes": "Re-identification risk testing and membership inference testing on synthetic datasets"
|
|
59
|
+
},
|
|
60
|
+
{
|
|
61
|
+
"framework": "NIST AI RMF 1.0",
|
|
62
|
+
"control_id": "MS-3.3",
|
|
63
|
+
"control_name": "Data quality",
|
|
64
|
+
"tier": "Hardening",
|
|
65
|
+
"scope": "Build",
|
|
66
|
+
"notes": "Data quality measurement of synthetic datasets — statistical fidelity vs privacy tradeoffs"
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
"framework": "NIST AI RMF 1.0",
|
|
70
|
+
"control_id": "MG-3.2",
|
|
71
|
+
"control_name": "Residual risk",
|
|
72
|
+
"tier": "Hardening",
|
|
73
|
+
"scope": "Build",
|
|
74
|
+
"notes": "Residual re-identification risk documented and accepted formally before dataset release or use"
|
|
75
|
+
},
|
|
76
|
+
{
|
|
77
|
+
"framework": "EU AI Act",
|
|
78
|
+
"control_id": "Training data must be subject to appropriate data governance — privacy measures must be effective",
|
|
79
|
+
"control_name": "Art. 10 — Data and data governance",
|
|
80
|
+
"tier": "Hardening",
|
|
81
|
+
"scope": "Both",
|
|
82
|
+
"notes": "Anonymisation effectiveness is an Art. 10 data governance requirement, not a self-certification"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"framework": "EU AI Act",
|
|
86
|
+
"control_id": "GPAI training data governance documented — privacy measures included",
|
|
87
|
+
"control_name": "Art. 53(1)(a) — GPAI documentation",
|
|
88
|
+
"tier": "Hardening",
|
|
89
|
+
"scope": "Both",
|
|
90
|
+
"notes": "Synthetic data generation methodology and re-identification risk assessment documented for GPAI"
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
"framework": "ISO/IEC 27001:2022",
|
|
94
|
+
"control_id": "A.5.34",
|
|
95
|
+
"control_name": "Privacy and PII protection",
|
|
96
|
+
"tier": "Hardening",
|
|
97
|
+
"scope": "Build",
|
|
98
|
+
"notes": "Anonymisation must meet the standard required by applicable privacy law — not just technical anonymisation"
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
"framework": "ISO/IEC 27001:2022",
|
|
102
|
+
"control_id": "A.8.11",
|
|
103
|
+
"control_name": "Data masking",
|
|
104
|
+
"tier": "Hardening",
|
|
105
|
+
"scope": "Build",
|
|
106
|
+
"notes": "Technical anonymisation and pseudonymisation controls applied to synthetic data generation"
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
"framework": "ISO/IEC 27001:2022",
|
|
110
|
+
"control_id": "A.5.12",
|
|
111
|
+
"control_name": "Classification of information",
|
|
112
|
+
"tier": "Hardening",
|
|
113
|
+
"scope": "Build",
|
|
114
|
+
"notes": "Synthetic datasets classified based on re-identification risk, not assumed to be non-personal"
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
"framework": "ISO/IEC 27001:2022",
|
|
118
|
+
"control_id": "A.8.33",
|
|
119
|
+
"control_name": "Test information",
|
|
120
|
+
"tier": "Hardening",
|
|
121
|
+
"scope": "Build",
|
|
122
|
+
"notes": "Appropriate protection of test and synthetic data used in AI development"
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
"framework": "ISO/IEC 42001:2023",
|
|
126
|
+
"control_id": "Data — acquisition",
|
|
127
|
+
"control_name": "A.7.2",
|
|
128
|
+
"tier": "Hardening",
|
|
129
|
+
"scope": "Build",
|
|
130
|
+
"notes": "Hardening"
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
"framework": "ISO/IEC 42001:2023",
|
|
134
|
+
"control_id": "Impact assessment",
|
|
135
|
+
"control_name": "A.5.2",
|
|
136
|
+
"tier": "Hardening",
|
|
137
|
+
"scope": "Build",
|
|
138
|
+
"notes": "Hardening"
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
"framework": "ISO/IEC 42001:2023",
|
|
142
|
+
"control_id": "Data — preparation",
|
|
143
|
+
"control_name": "A.7.3",
|
|
144
|
+
"tier": "Hardening",
|
|
145
|
+
"scope": "Build",
|
|
146
|
+
"notes": "Hardening"
|
|
147
|
+
},
|
|
148
|
+
{
|
|
149
|
+
"framework": "ISO/IEC 42001:2023",
|
|
150
|
+
"control_id": "Planning — risk",
|
|
151
|
+
"control_name": "Cl.6.1",
|
|
152
|
+
"tier": "Hardening",
|
|
153
|
+
"scope": "Build",
|
|
154
|
+
"notes": "Hardening"
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
"framework": "CIS Controls v8.1",
|
|
158
|
+
"control_id": "CIS 3",
|
|
159
|
+
"control_name": "3.7 — Establish data classification scheme",
|
|
160
|
+
"tier": "Hardening",
|
|
161
|
+
"scope": "Build"
|
|
162
|
+
},
|
|
163
|
+
{
|
|
164
|
+
"framework": "CIS Controls v8.1",
|
|
165
|
+
"control_id": "CIS 18",
|
|
166
|
+
"control_name": "18.3 — Remediate penetration test findings",
|
|
167
|
+
"tier": "Hardening",
|
|
168
|
+
"scope": "Build"
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
"framework": "OWASP ASVS 4.0.3",
|
|
172
|
+
"control_id": "V8 Data Protection",
|
|
173
|
+
"control_name": "V8.3.4 — Sensitive data classified",
|
|
174
|
+
"tier": "Hardening",
|
|
175
|
+
"scope": "Build"
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
"framework": "OWASP ASVS 4.0.3",
|
|
179
|
+
"control_id": "V5 Validation",
|
|
180
|
+
"control_name": "V5.2.6 — Defined output structure",
|
|
181
|
+
"tier": "Hardening",
|
|
182
|
+
"scope": "Build"
|
|
183
|
+
},
|
|
184
|
+
{
|
|
185
|
+
"framework": "ISA/IEC 62443",
|
|
186
|
+
"control_id": "SR 4.1",
|
|
187
|
+
"control_name": "Data confidentiality",
|
|
188
|
+
"tier": "Foundational",
|
|
189
|
+
"scope": "Both",
|
|
190
|
+
"notes": "Synthetic OT datasets not automatically excluded from protection — assessed before classification change"
|
|
191
|
+
},
|
|
192
|
+
{
|
|
193
|
+
"framework": "ISA/IEC 62443",
|
|
194
|
+
"control_id": "SR 3.3",
|
|
195
|
+
"control_name": "Software and information integrity",
|
|
196
|
+
"tier": "Foundational",
|
|
197
|
+
"scope": "Both",
|
|
198
|
+
"notes": "Synthetic data generation pipeline validated — source OT data integrity maintained"
|
|
199
|
+
},
|
|
200
|
+
{
|
|
201
|
+
"framework": "ISA/IEC 62443",
|
|
202
|
+
"control_id": "Security management",
|
|
203
|
+
"control_name": "62443-2-1",
|
|
204
|
+
"tier": "Foundational",
|
|
205
|
+
"scope": "Both",
|
|
206
|
+
"notes": "OT synthetic data governance policy — when synthetic data removes OT classification obligation"
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
"framework": "NIST SP 800-82 Rev 3",
|
|
210
|
+
"control_id": "ICS vulnerabilities",
|
|
211
|
+
"control_name": "§5.3",
|
|
212
|
+
"tier": "Hardening",
|
|
213
|
+
"scope": "Both",
|
|
214
|
+
"notes": "In-context manipulation of OT decision support"
|
|
215
|
+
},
|
|
216
|
+
{
|
|
217
|
+
"framework": "NIST SP 800-82 Rev 3",
|
|
218
|
+
"control_id": "Risk assessment",
|
|
219
|
+
"control_name": "§6.2",
|
|
220
|
+
"tier": "Hardening",
|
|
221
|
+
"scope": "Both",
|
|
222
|
+
"notes": "Context poisoning risk for OT data feeds"
|
|
223
|
+
},
|
|
224
|
+
{
|
|
225
|
+
"framework": "NIST CSF 2.0",
|
|
226
|
+
"control_id": "GV.RM-06",
|
|
227
|
+
"control_name": "Risk Management Strategy",
|
|
228
|
+
"tier": "Hardening",
|
|
229
|
+
"scope": "Both",
|
|
230
|
+
"notes": "Risk tolerance defined for re-identification risk in synthetic datasets — legal standard, not technical checkbox"
|
|
231
|
+
},
|
|
232
|
+
{
|
|
233
|
+
"framework": "NIST CSF 2.0",
|
|
234
|
+
"control_id": "ID.RA-01",
|
|
235
|
+
"control_name": "Risk Assessment",
|
|
236
|
+
"tier": "Hardening",
|
|
237
|
+
"scope": "Both",
|
|
238
|
+
"notes": "Re-identification risk assessed for all synthetic datasets before use or distribution"
|
|
239
|
+
},
|
|
240
|
+
{
|
|
241
|
+
"framework": "NIST CSF 2.0",
|
|
242
|
+
"control_id": "PR.DS-01",
|
|
243
|
+
"control_name": "Data Security",
|
|
244
|
+
"tier": "Hardening",
|
|
245
|
+
"scope": "Both",
|
|
246
|
+
"notes": "Synthetic datasets not automatically excluded from data protection — protected until re-identification risk formally assessed"
|
|
247
|
+
},
|
|
248
|
+
{
|
|
249
|
+
"framework": "NIST CSF 2.0",
|
|
250
|
+
"control_id": "DE.CM-09",
|
|
251
|
+
"control_name": "Continuous Monitoring",
|
|
252
|
+
"tier": "Hardening",
|
|
253
|
+
"scope": "Both",
|
|
254
|
+
"notes": "Monitoring for re-identification attempts against synthetic datasets"
|
|
255
|
+
},
|
|
256
|
+
{
|
|
257
|
+
"framework": "SOC 2",
|
|
258
|
+
"control_id": "Synthetic datasets that are not truly anonymous subject to same retention obligations as source personal data",
|
|
259
|
+
"control_name": "P4.2 — Retention of personal information",
|
|
260
|
+
"tier": "Hardening",
|
|
261
|
+
"scope": "Both"
|
|
262
|
+
},
|
|
263
|
+
{
|
|
264
|
+
"framework": "SOC 2",
|
|
265
|
+
"control_id": "Synthetic data use must respect underlying privacy commitments if re-identification risk exists",
|
|
266
|
+
"control_name": "P5.1 — Personal information use",
|
|
267
|
+
"tier": "Hardening",
|
|
268
|
+
"scope": "Both"
|
|
269
|
+
},
|
|
270
|
+
{
|
|
271
|
+
"framework": "SOC 2",
|
|
272
|
+
"control_id": "Re-identification risk in synthetic datasets identified in risk assessment",
|
|
273
|
+
"control_name": "CC3.2 — Risk assessment",
|
|
274
|
+
"tier": "Hardening",
|
|
275
|
+
"scope": "Both"
|
|
276
|
+
},
|
|
277
|
+
{
|
|
278
|
+
"framework": "SOC 2",
|
|
279
|
+
"control_id": "Synthetic OT data and business data protected at source classification level until re-identification risk formally assessed",
|
|
280
|
+
"control_name": "C2.1 — Confidential information protection",
|
|
281
|
+
"tier": "Hardening",
|
|
282
|
+
"scope": "Both"
|
|
283
|
+
},
|
|
284
|
+
{
|
|
285
|
+
"framework": "PCI DSS v4.0",
|
|
286
|
+
"control_id": "Req 3.1.1",
|
|
287
|
+
"control_name": "Account data inventory",
|
|
288
|
+
"tier": "Hardening",
|
|
289
|
+
"scope": "Both",
|
|
290
|
+
"notes": "Synthetic payment datasets that may be re-identifiable included in CHD inventory"
|
|
291
|
+
},
|
|
292
|
+
{
|
|
293
|
+
"framework": "PCI DSS v4.0",
|
|
294
|
+
"control_id": "Req 3.3.1",
|
|
295
|
+
"control_name": "SAD prohibition",
|
|
296
|
+
"tier": "Hardening",
|
|
297
|
+
"scope": "Both",
|
|
298
|
+
"notes": "Synthetic data generated from SAD retains SAD classification — generation does not remove the prohibition"
|
|
299
|
+
},
|
|
300
|
+
{
|
|
301
|
+
"framework": "PCI DSS v4.0",
|
|
302
|
+
"control_id": "Req 3.4.1",
|
|
303
|
+
"control_name": "PAN rendering",
|
|
304
|
+
"tier": "Hardening",
|
|
305
|
+
"scope": "Both",
|
|
306
|
+
"notes": "Synthetic PANs that pass Luhn check treated as CHD — format-preserving synthetic PANs are in PCI scope"
|
|
307
|
+
},
|
|
308
|
+
{
|
|
309
|
+
"framework": "PCI DSS v4.0",
|
|
310
|
+
"control_id": "Req 12.3.2",
|
|
311
|
+
"control_name": "Targeted risk analysis",
|
|
312
|
+
"tier": "Hardening",
|
|
313
|
+
"scope": "Both",
|
|
314
|
+
"notes": "Re-identification risk in synthetic payment datasets documented in targeted risk analysis"
|
|
315
|
+
},
|
|
316
|
+
{
|
|
317
|
+
"framework": "ENISA Multilayer Framework",
|
|
318
|
+
"control_id": "L2",
|
|
319
|
+
"control_name": "Data and Model Security (DMS)",
|
|
320
|
+
"tier": "Hardening",
|
|
321
|
+
"scope": "Both",
|
|
322
|
+
"notes": "Synthetic data generation validated against re-identification risk — formal anonymisation assessments documented as DMS evidence"
|
|
323
|
+
},
|
|
324
|
+
{
|
|
325
|
+
"framework": "ENISA Multilayer Framework",
|
|
326
|
+
"control_id": "L2",
|
|
327
|
+
"control_name": "Governance and Risk (GOV)",
|
|
328
|
+
"tier": "Hardening",
|
|
329
|
+
"scope": "Both",
|
|
330
|
+
"notes": "Re-identification risk included in AI privacy impact assessment — treatment controls and residual risk accepted by data protection officer"
|
|
331
|
+
},
|
|
332
|
+
{
|
|
333
|
+
"framework": "ENISA Multilayer Framework",
|
|
334
|
+
"control_id": "L2",
|
|
335
|
+
"control_name": "Monitoring and Detection (MON)",
|
|
336
|
+
"tier": "Hardening",
|
|
337
|
+
"scope": "Both",
|
|
338
|
+
"notes": "Quality and privacy metrics monitored for all synthetic datasets — drift in re-identification risk triggers re-assessment"
|
|
339
|
+
},
|
|
340
|
+
{
|
|
341
|
+
"framework": "ENISA Multilayer Framework",
|
|
342
|
+
"control_id": "L1",
|
|
343
|
+
"control_name": "General ICT — Data Protection",
|
|
344
|
+
"tier": "Hardening",
|
|
345
|
+
"scope": "Both",
|
|
346
|
+
"notes": "Anonymisation requirements established at design time — not applied as an afterthought to an already-designed pipeline"
|
|
347
|
+
},
|
|
348
|
+
{
|
|
349
|
+
"framework": "OWASP SAMM v2.0",
|
|
350
|
+
"control_id": "D-TA",
|
|
351
|
+
"control_name": "Design / Threat Assessment",
|
|
352
|
+
"tier": "Hardening",
|
|
353
|
+
"scope": "Both",
|
|
354
|
+
"notes": "Map all sources that contribute to context window; assess trust level per source"
|
|
355
|
+
},
|
|
356
|
+
{
|
|
357
|
+
"framework": "OWASP SAMM v2.0",
|
|
358
|
+
"control_id": "I-SB",
|
|
359
|
+
"control_name": "Implementation / Secure Build",
|
|
360
|
+
"tier": "Hardening",
|
|
361
|
+
"scope": "Both",
|
|
362
|
+
"notes": "Validate and sanitise all content before context window assembly"
|
|
363
|
+
},
|
|
364
|
+
{
|
|
365
|
+
"framework": "OWASP SAMM v2.0",
|
|
366
|
+
"control_id": "V-ST",
|
|
367
|
+
"control_name": "Verification / Security Testing",
|
|
368
|
+
"tier": "Hardening",
|
|
369
|
+
"scope": "Both",
|
|
370
|
+
"notes": "Adversarial tests injecting malicious content via each context source"
|
|
371
|
+
},
|
|
372
|
+
{
|
|
373
|
+
"framework": "OWASP SAMM v2.0",
|
|
374
|
+
"control_id": "O-IM",
|
|
375
|
+
"control_name": "Operations / Incident Management",
|
|
376
|
+
"tier": "Hardening",
|
|
377
|
+
"scope": "Both",
|
|
378
|
+
"notes": "Alert on reasoning deviations correlated with external content in context"
|
|
379
|
+
},
|
|
380
|
+
{
|
|
381
|
+
"framework": "CWE/CVE",
|
|
382
|
+
"control_id": "CWE-359",
|
|
383
|
+
"control_name": "CWE-359",
|
|
384
|
+
"tier": "Hardening",
|
|
385
|
+
"scope": "Build",
|
|
386
|
+
"url": "https://cwe.mitre.org/data/definitions/359.html"
|
|
387
|
+
},
|
|
388
|
+
{
|
|
389
|
+
"framework": "CWE/CVE",
|
|
390
|
+
"control_id": "CWE-330",
|
|
391
|
+
"control_name": "CWE-330",
|
|
392
|
+
"tier": "Hardening",
|
|
393
|
+
"scope": "Build",
|
|
394
|
+
"url": "https://cwe.mitre.org/data/definitions/330.html"
|
|
395
|
+
},
|
|
396
|
+
{
|
|
397
|
+
"framework": "MAESTRO",
|
|
398
|
+
"control_id": "L2",
|
|
399
|
+
"control_name": "Data Operations",
|
|
400
|
+
"tier": "Hardening",
|
|
401
|
+
"scope": "Both"
|
|
402
|
+
},
|
|
403
|
+
{
|
|
404
|
+
"framework": "MAESTRO",
|
|
405
|
+
"control_id": "L1",
|
|
406
|
+
"control_name": "Foundation Models",
|
|
407
|
+
"tier": "Hardening",
|
|
408
|
+
"scope": "Both"
|
|
409
|
+
},
|
|
410
|
+
{
|
|
411
|
+
"framework": "AIUC-1",
|
|
412
|
+
"control_id": "B001",
|
|
413
|
+
"control_name": "Third-party adversarial robustness testing",
|
|
414
|
+
"tier": "Hardening",
|
|
415
|
+
"scope": "Both",
|
|
416
|
+
"notes": "Foundational"
|
|
417
|
+
},
|
|
418
|
+
{
|
|
419
|
+
"framework": "AIUC-1",
|
|
420
|
+
"control_id": "B002",
|
|
421
|
+
"control_name": "Detect adversarial input",
|
|
422
|
+
"tier": "Hardening",
|
|
423
|
+
"scope": "Both",
|
|
424
|
+
"notes": "Hardening"
|
|
425
|
+
},
|
|
426
|
+
{
|
|
427
|
+
"framework": "AIUC-1",
|
|
428
|
+
"control_id": "B005",
|
|
429
|
+
"control_name": "Implement real-time input filtering",
|
|
430
|
+
"tier": "Hardening",
|
|
431
|
+
"scope": "Both",
|
|
432
|
+
"notes": "Foundational"
|
|
433
|
+
},
|
|
434
|
+
{
|
|
435
|
+
"framework": "OWASP NHI Top 10",
|
|
436
|
+
"control_id": "Data feed service accounts with access to sensitive data that should not enter context",
|
|
437
|
+
"control_name": "NHI-5 Over-Privileged NHI",
|
|
438
|
+
"tier": "Hardening",
|
|
439
|
+
"scope": "Both",
|
|
440
|
+
"notes": "Scope data feed credentials to approved data only"
|
|
441
|
+
},
|
|
442
|
+
{
|
|
443
|
+
"framework": "NIST SP 800-218A",
|
|
444
|
+
"control_id": "PW.7.2-PS",
|
|
445
|
+
"control_name": "Review for security vulnerabilities — synthetic data quality review",
|
|
446
|
+
"tier": "Foundational",
|
|
447
|
+
"scope": "Build",
|
|
448
|
+
"notes": "Review synthetic data for bias inheritance, privacy leakage, and statistical fidelity before use in training pipelines; verify privacy guarantees are meaningful"
|
|
449
|
+
},
|
|
450
|
+
{
|
|
451
|
+
"framework": "NIST SP 800-218A",
|
|
452
|
+
"control_id": "PW.8.2-PS",
|
|
453
|
+
"control_name": "Test for security vulnerabilities — synthetic data adversarial testing",
|
|
454
|
+
"tier": "Foundational",
|
|
455
|
+
"scope": "Build",
|
|
456
|
+
"notes": "Conduct adversarial testing of synthetic data for membership inference, attribute inference, and reconstruction attacks to validate privacy claims"
|
|
457
|
+
},
|
|
458
|
+
{
|
|
459
|
+
"framework": "NIST SP 800-218A",
|
|
460
|
+
"control_id": "RV.3.1-PS",
|
|
461
|
+
"control_name": "Analyse root causes — synthetic data failure analysis",
|
|
462
|
+
"tier": "Foundational",
|
|
463
|
+
"scope": "Build",
|
|
464
|
+
"notes": "When model failures trace to synthetic training data, conduct root cause analysis of the generation process, source data, and privacy mechanism"
|
|
465
|
+
},
|
|
466
|
+
{
|
|
467
|
+
"framework": "FedRAMP",
|
|
468
|
+
"control_id": "SI-4",
|
|
469
|
+
"control_name": "System Monitoring — synthetic data quality",
|
|
470
|
+
"tier": "Foundational",
|
|
471
|
+
"scope": "Build",
|
|
472
|
+
"notes": "Monitor synthetic data outputs for quality, privacy preservation, and absence of sensitive pattern leakage"
|
|
473
|
+
},
|
|
474
|
+
{
|
|
475
|
+
"framework": "FedRAMP",
|
|
476
|
+
"control_id": "CA-7",
|
|
477
|
+
"control_name": "Continuous Monitoring — synthetic data drift",
|
|
478
|
+
"tier": "Foundational",
|
|
479
|
+
"scope": "Build",
|
|
480
|
+
"notes": "Include synthetic data quality metrics in continuous monitoring; track for privacy degradation and bias drift"
|
|
481
|
+
},
|
|
482
|
+
{
|
|
483
|
+
"framework": "FedRAMP",
|
|
484
|
+
"control_id": "RA-5",
|
|
485
|
+
"control_name": "Vulnerability Scanning — synthetic data risks",
|
|
486
|
+
"tier": "Foundational",
|
|
487
|
+
"scope": "Build",
|
|
488
|
+
"notes": "Include synthetic data re-identification and pattern leakage in vulnerability assessment"
|
|
489
|
+
},
|
|
490
|
+
{
|
|
491
|
+
"framework": "DORA",
|
|
492
|
+
"control_id": "Art. 9",
|
|
493
|
+
"control_name": "Protection and Prevention — synthetic data privacy",
|
|
494
|
+
"tier": "Foundational",
|
|
495
|
+
"scope": "Build",
|
|
496
|
+
"notes": "Implement privacy controls for synthetic data generation; validate privacy preservation and absence of sensitive pattern leakage from source financial data"
|
|
497
|
+
},
|
|
498
|
+
{
|
|
499
|
+
"framework": "DORA",
|
|
500
|
+
"control_id": "Art. 24–27",
|
|
501
|
+
"control_name": "Resilience Testing — synthetic data testing",
|
|
502
|
+
"tier": "Foundational",
|
|
503
|
+
"scope": "Build",
|
|
504
|
+
"notes": "Include synthetic data re-identification and privacy testing in resilience testing programme; test for linkage attacks and attribute inference"
|
|
505
|
+
},
|
|
506
|
+
{
|
|
507
|
+
"framework": "DORA",
|
|
508
|
+
"control_id": "Art. 13",
|
|
509
|
+
"control_name": "Learning and Evolving — synthetic data improvement",
|
|
510
|
+
"tier": "Foundational",
|
|
511
|
+
"scope": "Build",
|
|
512
|
+
"notes": "Apply lessons learned from synthetic data privacy failures; update generation processes and validation controls"
|
|
513
|
+
}
|
|
514
|
+
],
|
|
515
|
+
"tools": [
|
|
516
|
+
{
|
|
517
|
+
"name": "Synthetic Data Vault",
|
|
518
|
+
"type": "open-source",
|
|
519
|
+
"url": "https://sdv.dev"
|
|
520
|
+
},
|
|
521
|
+
{
|
|
522
|
+
"name": "ML Privacy Meter",
|
|
523
|
+
"type": "open-source",
|
|
524
|
+
"url": "https://github.com/privacytrustlab/ml_privacy_meter"
|
|
525
|
+
},
|
|
526
|
+
{
|
|
527
|
+
"name": "Gretel AI",
|
|
528
|
+
"type": "commercial",
|
|
529
|
+
"url": "https://gretel.ai"
|
|
530
|
+
},
|
|
531
|
+
{
|
|
532
|
+
"name": "ARX Anonymisation Tool",
|
|
533
|
+
"type": "open-source",
|
|
534
|
+
"url": "https://arx.deidentifier.org"
|
|
535
|
+
},
|
|
536
|
+
{
|
|
537
|
+
"name": "ARX Data Anonymization Tool",
|
|
538
|
+
"type": "open-source",
|
|
539
|
+
"url": "https://arx.deidentifier.org"
|
|
540
|
+
},
|
|
541
|
+
{
|
|
542
|
+
"name": "TensorFlow Privacy",
|
|
543
|
+
"type": "open-source",
|
|
544
|
+
"url": "https://github.com/tensorflow/privacy"
|
|
545
|
+
},
|
|
546
|
+
{
|
|
547
|
+
"name": "OpenDP",
|
|
548
|
+
"type": "open-source",
|
|
549
|
+
"url": "https://github.com/opendp/opendp"
|
|
550
|
+
},
|
|
551
|
+
{
|
|
552
|
+
"name": "SDV (Synthetic Data Vault)",
|
|
553
|
+
"type": "open-source",
|
|
554
|
+
"url": "https://github.com/sdv-dev/SDV"
|
|
555
|
+
},
|
|
556
|
+
{
|
|
557
|
+
"name": "Gretel.ai",
|
|
558
|
+
"type": "commercial",
|
|
559
|
+
"url": "https://gretel.ai"
|
|
560
|
+
},
|
|
561
|
+
{
|
|
562
|
+
"name": "ARX",
|
|
563
|
+
"type": "open-source",
|
|
564
|
+
"url": "https://github.com/arx-deidentifier/arx"
|
|
565
|
+
},
|
|
566
|
+
{
|
|
567
|
+
"name": "SDV",
|
|
568
|
+
"type": "open-source",
|
|
569
|
+
"url": "https://github.com/sdv-dev/SDV"
|
|
570
|
+
},
|
|
571
|
+
{
|
|
572
|
+
"name": "Anonymeter",
|
|
573
|
+
"type": "open-source",
|
|
574
|
+
"url": "https://github.com/statice/anonymeter"
|
|
575
|
+
},
|
|
576
|
+
{
|
|
577
|
+
"name": "ARX Data Anonymization",
|
|
578
|
+
"type": "open-source",
|
|
579
|
+
"url": "https://arx.deidentifier.org"
|
|
580
|
+
},
|
|
581
|
+
{
|
|
582
|
+
"name": "Microsoft Presidio",
|
|
583
|
+
"type": "open-source",
|
|
584
|
+
"url": "https://github.com/microsoft/presidio"
|
|
585
|
+
}
|
|
586
|
+
],
|
|
587
|
+
"incidents": [
|
|
588
|
+
{
|
|
589
|
+
"name": "Synthetic data re-identification — de-anonymized patients from synthetic health records",
|
|
590
|
+
"url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
|
|
591
|
+
"year": 2025,
|
|
592
|
+
"incident_id": "INC-040"
|
|
593
|
+
},
|
|
594
|
+
{
|
|
595
|
+
"name": "Stability AI synthetic CSAM generation — training data and output safety failures",
|
|
596
|
+
"url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
|
|
597
|
+
"year": 2024,
|
|
598
|
+
"incident_id": "INC-049"
|
|
599
|
+
}
|
|
600
|
+
],
|
|
601
|
+
"crossrefs": {
|
|
602
|
+
"dsgai_2026": [
|
|
603
|
+
"DSGAI08",
|
|
604
|
+
"DSGAI18"
|
|
605
|
+
],
|
|
606
|
+
"llm_top10": [
|
|
607
|
+
"LLM02",
|
|
608
|
+
"LLM01",
|
|
609
|
+
"LLM08",
|
|
610
|
+
"LLM09",
|
|
611
|
+
"LLM03"
|
|
612
|
+
],
|
|
613
|
+
"agentic_top10": [
|
|
614
|
+
"ASI03",
|
|
615
|
+
"ASI06",
|
|
616
|
+
"ASI09"
|
|
617
|
+
]
|
|
618
|
+
},
|
|
619
|
+
"changelog": [
|
|
620
|
+
{
|
|
621
|
+
"date": "2026-03-27",
|
|
622
|
+
"version": "1.0.0",
|
|
623
|
+
"change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
|
|
624
|
+
"author": "emmanuelgjr"
|
|
625
|
+
}
|
|
626
|
+
]
|
|
627
|
+
}
|