genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI11.json ADDED
@@ -0,0 +1,663 @@
1
+ {
2
+ "id": "DSGAI11",
3
+ "name": "Cross-Context Conversation Bleed",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0035",
23
+ "control_name": "Exfiltrate via ML Inference API",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Adversary crafts queries designed to retrieve content from other users' sessions through session isolation failure"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0025",
31
+ "control_name": "Exfiltrate via Cyber Means",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Cross-session data captured and transmitted to adversary through inference API"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0051",
39
+ "control_name": "Exploit Public-Facing Application",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Session isolation vulnerability in multi-tenant GenAI deployment exploited to access other users' data"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-2.3",
47
+ "control_name": "Risk categorisation",
48
+ "tier": "Foundational",
49
+ "scope": "Build",
50
+ "notes": "Session isolation risks mapped per deployment — shared infrastructure components assessed"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Foundational",
57
+ "scope": "Build",
58
+ "notes": "Multi-tenant isolation testing — verify cross-session data access is prevented"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Foundational",
65
+ "scope": "Build",
66
+ "notes": "Data leakage testing across session boundaries — KV cache, vector store, conversation history"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Foundational",
73
+ "scope": "Build",
74
+ "notes": "Incident response for detected cross-session leakage — impact scoping, user notification"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Data governance covering multi-tenant deployments — session isolation as a data handling requirement",
79
+ "control_name": "Art. 10 — Data and data governance",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Session isolation controls are an Art. 10 data governance obligation for multi-user deployments"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Cybersecurity measures preventing cross-session data exposure",
87
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Session isolation and tenant separation are Art. 15 technical requirements"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Post-market monitoring detecting and responding to session bleed incidents",
95
+ "control_name": "Art. 17 — Quality management",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Cross-session leakage detection in post-market monitoring programme"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.3",
103
+ "control_name": "Information access restriction",
104
+ "tier": "Foundational",
105
+ "scope": "Build",
106
+ "notes": "Strict session and tenant isolation — one user's context cannot be accessed by another"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.14",
111
+ "control_name": "Information transfer",
112
+ "tier": "Foundational",
113
+ "scope": "Build",
114
+ "notes": "Controls on context transfer between sessions — prohibition on cross-session data leakage"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.11",
119
+ "control_name": "Data masking",
120
+ "tier": "Foundational",
121
+ "scope": "Build",
122
+ "notes": "Redaction of any cross-session content that reaches an output channel"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.15",
127
+ "control_name": "Logging",
128
+ "tier": "Foundational",
129
+ "scope": "Build",
130
+ "notes": "Logging of cross-session access anomalies for detection and forensics"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — acquisition",
135
+ "control_name": "A.7.2",
136
+ "tier": "Foundational",
137
+ "scope": "Build",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — operational",
143
+ "control_name": "A.6.2.3",
144
+ "tier": "Foundational",
145
+ "scope": "Build",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — testing",
151
+ "control_name": "A.6.2.6",
152
+ "tier": "Foundational",
153
+ "scope": "Build",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Operation",
159
+ "control_name": "Cl.8",
160
+ "tier": "Foundational",
161
+ "scope": "Build",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 3",
167
+ "control_name": "3.3 — Configure data access control lists",
168
+ "tier": "Foundational",
169
+ "scope": "Build"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 6",
174
+ "control_name": "6.2 — Establish allowlist of authorised software",
175
+ "tier": "Foundational",
176
+ "scope": "Build"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 16",
181
+ "control_name": "16.6 — Establish security requirements",
182
+ "tier": "Foundational",
183
+ "scope": "Build"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V3 Session Management",
188
+ "control_name": "V3.1.1 — Session tokens unique and random",
189
+ "tier": "Foundational",
190
+ "scope": "Build"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V3 Session Management",
195
+ "control_name": "V3.3.1 — Sessions invalidated after logout",
196
+ "tier": "Foundational",
197
+ "scope": "Build"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V4 Access Control",
202
+ "control_name": "V4.1.1 — Access control enforced on every request",
203
+ "tier": "Foundational",
204
+ "scope": "Build"
205
+ },
206
+ {
207
+ "framework": "OWASP ASVS 4.0.3",
208
+ "control_id": "V8 Data Protection",
209
+ "control_name": "V8.1.3 — Sensitive data not in session storage",
210
+ "tier": "Foundational",
211
+ "scope": "Build"
212
+ },
213
+ {
214
+ "framework": "ISA/IEC 62443",
215
+ "control_id": "SR 1.2",
216
+ "control_name": "Human user authentication",
217
+ "tier": "Foundational",
218
+ "scope": "Both",
219
+ "notes": "Per-operator session isolation — each operator's context inaccessible to all other sessions"
220
+ },
221
+ {
222
+ "framework": "ISA/IEC 62443",
223
+ "control_id": "SR 4.1",
224
+ "control_name": "Data confidentiality",
225
+ "tier": "Foundational",
226
+ "scope": "Both",
227
+ "notes": "Per-operator session data encrypted — KV cache isolation prevents cross-session OT data exposure"
228
+ },
229
+ {
230
+ "framework": "ISA/IEC 62443",
231
+ "control_id": "SR 5.1",
232
+ "control_name": "Information flow restriction",
233
+ "tier": "Foundational",
234
+ "scope": "Both",
235
+ "notes": "Cross-session data flows restricted — Zone 3 GenAI enforces strict operator session boundaries"
236
+ },
237
+ {
238
+ "framework": "NIST SP 800-82 Rev 3",
239
+ "control_id": "ICS vulnerabilities",
240
+ "control_name": "§5.3",
241
+ "tier": "Hardening",
242
+ "scope": "Both",
243
+ "notes": "Persistent compromise of OT decision support"
244
+ },
245
+ {
246
+ "framework": "NIST SP 800-82 Rev 3",
247
+ "control_id": "Risk assessment",
248
+ "control_name": "§6.2",
249
+ "tier": "Hardening",
250
+ "scope": "Both",
251
+ "notes": "Session persistence as OT risk scenario"
252
+ },
253
+ {
254
+ "framework": "NIST CSF 2.0",
255
+ "control_id": "PR.AA-05",
256
+ "control_name": "Identity Management, Authentication & Access Control",
257
+ "tier": "Foundational",
258
+ "scope": "Both",
259
+ "notes": "Access permissions managed — per-user session isolation, per-tenant RAG namespaces enforced"
260
+ },
261
+ {
262
+ "framework": "NIST CSF 2.0",
263
+ "control_id": "PR.DS-01",
264
+ "control_name": "Data Security",
265
+ "tier": "Foundational",
266
+ "scope": "Both",
267
+ "notes": "Session data protected — per-user context encrypted, KV cache isolation prevents cross-session exposure"
268
+ },
269
+ {
270
+ "framework": "NIST CSF 2.0",
271
+ "control_id": "DE.CM-01",
272
+ "control_name": "Continuous Monitoring",
273
+ "tier": "Foundational",
274
+ "scope": "Both",
275
+ "notes": "Session isolation monitored — cross-session access anomalies detected"
276
+ },
277
+ {
278
+ "framework": "NIST CSF 2.0",
279
+ "control_id": "ID.RA-01",
280
+ "control_name": "Risk Assessment",
281
+ "tier": "Foundational",
282
+ "scope": "Both",
283
+ "notes": "Session isolation risks documented per deployment — shared infrastructure components assessed"
284
+ },
285
+ {
286
+ "framework": "SOC 2",
287
+ "control_id": "Strict session isolation — each user's context inaccessible to all other sessions",
288
+ "control_name": "CC6.1 — Logical access",
289
+ "tier": "Foundational",
290
+ "scope": "Both"
291
+ },
292
+ {
293
+ "framework": "SOC 2",
294
+ "control_id": "User session context classified as confidential — technical isolation controls",
295
+ "control_name": "C2.1 — Confidential information protection",
296
+ "tier": "Foundational",
297
+ "scope": "Both"
298
+ },
299
+ {
300
+ "framework": "SOC 2",
301
+ "control_id": "Personal information in user sessions used only for that user's authorised purposes — cross-session leakage is a P5 violation",
302
+ "control_name": "P5.1 — Personal information use",
303
+ "tier": "Foundational",
304
+ "scope": "Both"
305
+ },
306
+ {
307
+ "framework": "SOC 2",
308
+ "control_id": "Cross-session access anomalies monitored — unusual retrieval patterns detected",
309
+ "control_name": "CC7.2 — Anomaly detection",
310
+ "tier": "Foundational",
311
+ "scope": "Both"
312
+ },
313
+ {
314
+ "framework": "PCI DSS v4.0",
315
+ "control_id": "Req 7.2.1",
316
+ "control_name": "Restrict access by need to know",
317
+ "tier": "Foundational",
318
+ "scope": "Both",
319
+ "notes": "Strict session isolation — each user's CHD context inaccessible to all other sessions"
320
+ },
321
+ {
322
+ "framework": "PCI DSS v4.0",
323
+ "control_id": "Req 3.5.1",
324
+ "control_name": "Protect stored account data",
325
+ "tier": "Foundational",
326
+ "scope": "Both",
327
+ "notes": "Per-user session CHD encrypted — KV cache isolation prevents cross-session PAN exposure"
328
+ },
329
+ {
330
+ "framework": "PCI DSS v4.0",
331
+ "control_id": "Req 10.2.1",
332
+ "control_name": "Logging",
333
+ "tier": "Foundational",
334
+ "scope": "Both",
335
+ "notes": "Cross-session access anomalies logged — unusual retrieval patterns in PCI scope detected"
336
+ },
337
+ {
338
+ "framework": "PCI DSS v4.0",
339
+ "control_id": "Req 11.3.1",
340
+ "control_name": "Penetration testing",
341
+ "tier": "Foundational",
342
+ "scope": "Both",
343
+ "notes": "Multi-tenant isolation tested in CDE penetration testing — cross-session CHD access attempted"
344
+ },
345
+ {
346
+ "framework": "ENISA Multilayer Framework",
347
+ "control_id": "L2",
348
+ "control_name": "Data and Model Security (DMS)",
349
+ "tier": "Foundational",
350
+ "scope": "Both",
351
+ "notes": "Strict session boundary enforcement for all GenAI deployments — conversation context not shared across user sessions"
352
+ },
353
+ {
354
+ "framework": "ENISA Multilayer Framework",
355
+ "control_id": "L2",
356
+ "control_name": "AI System Integrity (ASI)",
357
+ "tier": "Foundational",
358
+ "scope": "Both",
359
+ "notes": "AI system integrity verification includes cross-session isolation testing — no context leakage across session boundaries"
360
+ },
361
+ {
362
+ "framework": "ENISA Multilayer Framework",
363
+ "control_id": "L2",
364
+ "control_name": "Monitoring and Detection (MON)",
365
+ "tier": "Foundational",
366
+ "scope": "Both",
367
+ "notes": "Monitoring for unexpected data patterns that indicate context leakage between sessions"
368
+ },
369
+ {
370
+ "framework": "ENISA Multilayer Framework",
371
+ "control_id": "L1",
372
+ "control_name": "General ICT — Data Protection",
373
+ "tier": "Foundational",
374
+ "scope": "Both",
375
+ "notes": "Multi-tenant GenAI deployments implement strict tenant isolation at the infrastructure layer"
376
+ },
377
+ {
378
+ "framework": "OWASP SAMM v2.0",
379
+ "control_id": "D-SA",
380
+ "control_name": "Design / Security Architecture",
381
+ "tier": "Hardening",
382
+ "scope": "Both",
383
+ "notes": "Design session boundary enforcement; no cross-session data leakage"
384
+ },
385
+ {
386
+ "framework": "OWASP SAMM v2.0",
387
+ "control_id": "I-SB",
388
+ "control_name": "Implementation / Secure Build",
389
+ "tier": "Hardening",
390
+ "scope": "Both",
391
+ "notes": "Encrypt, sign, and access-control all persistent session data"
392
+ },
393
+ {
394
+ "framework": "OWASP SAMM v2.0",
395
+ "control_id": "O-EM",
396
+ "control_name": "Operations / Environment Management",
397
+ "tier": "Hardening",
398
+ "scope": "Both",
399
+ "notes": "Apply access controls and encryption to all session persistence stores"
400
+ },
401
+ {
402
+ "framework": "OWASP SAMM v2.0",
403
+ "control_id": "V-ST",
404
+ "control_name": "Verification / Security Testing",
405
+ "tier": "Hardening",
406
+ "scope": "Both",
407
+ "notes": "Test whether session data is accessible or injectable across user boundaries"
408
+ },
409
+ {
410
+ "framework": "CWE/CVE",
411
+ "control_id": "CWE-200",
412
+ "control_name": "CWE-200",
413
+ "tier": "Foundational",
414
+ "scope": "Build",
415
+ "url": "https://cwe.mitre.org/data/definitions/200.html"
416
+ },
417
+ {
418
+ "framework": "CWE/CVE",
419
+ "control_id": "CWE-488",
420
+ "control_name": "CWE-488",
421
+ "tier": "Foundational",
422
+ "scope": "Build",
423
+ "url": "https://cwe.mitre.org/data/definitions/488.html"
424
+ },
425
+ {
426
+ "framework": "MAESTRO",
427
+ "control_id": "L2",
428
+ "control_name": "Data Operations",
429
+ "tier": "Foundational",
430
+ "scope": "Both"
431
+ },
432
+ {
433
+ "framework": "MAESTRO",
434
+ "control_id": "L6",
435
+ "control_name": "Security & Compliance",
436
+ "tier": "Foundational",
437
+ "scope": "Both"
438
+ },
439
+ {
440
+ "framework": "MAESTRO",
441
+ "control_id": "L3",
442
+ "control_name": "Agent Frameworks",
443
+ "tier": "Foundational",
444
+ "scope": "Both"
445
+ },
446
+ {
447
+ "framework": "AIUC-1",
448
+ "control_id": "A",
449
+ "control_name": "Data & Privacy domain",
450
+ "tier": "Hardening",
451
+ "scope": "Both",
452
+ "notes": "Foundational"
453
+ },
454
+ {
455
+ "framework": "AIUC-1",
456
+ "control_id": "B006",
457
+ "control_name": "Prevent unauthorized AI actions",
458
+ "tier": "Hardening",
459
+ "scope": "Both",
460
+ "notes": "Foundational"
461
+ },
462
+ {
463
+ "framework": "AIUC-1",
464
+ "control_id": "E",
465
+ "control_name": "Audit trails and logging",
466
+ "tier": "Hardening",
467
+ "scope": "Both",
468
+ "notes": "Foundational"
469
+ },
470
+ {
471
+ "framework": "OWASP NHI Top 10",
472
+ "control_id": "Session store service account with cross-user read/write access",
473
+ "control_name": "NHI-5 Over-Privileged NHI",
474
+ "tier": "Hardening",
475
+ "scope": "Both",
476
+ "notes": "Per-user session store access controls"
477
+ },
478
+ {
479
+ "framework": "OWASP NHI Top 10",
480
+ "control_id": "Session store access credentials in plaintext",
481
+ "control_name": "NHI-6 Insecure Credential Storage",
482
+ "tier": "Hardening",
483
+ "scope": "Both",
484
+ "notes": "Vault session store credentials"
485
+ },
486
+ {
487
+ "framework": "NIST SP 800-218A",
488
+ "control_id": "PW.1.1-PS",
489
+ "control_name": "Define security requirements — data retention and deletion policies",
490
+ "tier": "Foundational",
491
+ "scope": "Both",
492
+ "notes": "Define security requirements governing data retention periods, deletion procedures, and right-to-erasure compliance for all data in AI pipelines"
493
+ },
494
+ {
495
+ "framework": "NIST SP 800-218A",
496
+ "control_id": "PS.3.1-PS",
497
+ "control_name": "Archive and protect software releases — retention-aware artefact management",
498
+ "tier": "Foundational",
499
+ "scope": "Both",
500
+ "notes": "Maintain versioned data and model artefacts with retention metadata; enable selective data removal and model retraining on deletion requests"
501
+ },
502
+ {
503
+ "framework": "NIST SP 800-218A",
504
+ "control_id": "RV.2.1-PS",
505
+ "control_name": "Assess, prioritise, and remediate — deletion request remediation",
506
+ "tier": "Foundational",
507
+ "scope": "Both",
508
+ "notes": "Define procedures to assess and remediate data deletion requests including impact analysis on trained models and retraining requirements"
509
+ },
510
+ {
511
+ "framework": "FedRAMP",
512
+ "control_id": "CM-3",
513
+ "control_name": "Configuration Change Control — retention policy management",
514
+ "tier": "Foundational",
515
+ "scope": "Both",
516
+ "notes": "Define and enforce data retention policies for all AI data; implement automated deletion schedules; log policy changes"
517
+ },
518
+ {
519
+ "framework": "FedRAMP",
520
+ "control_id": "SC-28",
521
+ "control_name": "Protection of Information at Rest — retained data encryption",
522
+ "tier": "Foundational",
523
+ "scope": "Both",
524
+ "notes": "Encrypt all retained AI data; implement crypto-shredding capability for secure deletion"
525
+ },
526
+ {
527
+ "framework": "FedRAMP",
528
+ "control_id": "PM-9",
529
+ "control_name": "Risk Management Strategy — retention governance",
530
+ "tier": "Foundational",
531
+ "scope": "Both",
532
+ "notes": "Include data retention risk in AI risk management; define retention periods per data type and regulatory requirement"
533
+ },
534
+ {
535
+ "framework": "DORA",
536
+ "control_id": "Art. 5–7",
537
+ "control_name": "ICT Risk Management — retention governance",
538
+ "tier": "Foundational",
539
+ "scope": "Both",
540
+ "notes": "Include data retention policies in ICT risk management; define retention periods per data type, AI processing stage, and regulatory requirement"
541
+ },
542
+ {
543
+ "framework": "DORA",
544
+ "control_id": "Art. 12",
545
+ "control_name": "Backup Policies — retention and deletion procedures",
546
+ "tier": "Foundational",
547
+ "scope": "Both",
548
+ "notes": "Implement backup policies aligned with retention requirements; include secure deletion procedures for expired AI data, embeddings, and model artefacts"
549
+ },
550
+ {
551
+ "framework": "DORA",
552
+ "control_id": "Art. 9",
553
+ "control_name": "Protection and Prevention — retention enforcement",
554
+ "tier": "Foundational",
555
+ "scope": "Both",
556
+ "notes": "Enforce retention policies through automated deletion and crypto-shredding; prevent retention beyond defined periods"
557
+ }
558
+ ],
559
+ "tools": [
560
+ {
561
+ "name": "Weaviate (with RBAC)",
562
+ "type": "open-source",
563
+ "url": "https://weaviate.io"
564
+ },
565
+ {
566
+ "name": "Pinecone Canopy",
567
+ "type": "open-source",
568
+ "url": "https://github.com/pinecone-io/canopy"
569
+ },
570
+ {
571
+ "name": "LLM Guard",
572
+ "type": "open-source",
573
+ "url": "https://github.com/protectai/llm-guard"
574
+ },
575
+ {
576
+ "name": "Azure AI Content Safety",
577
+ "type": "commercial",
578
+ "url": "https://azure.microsoft.com/en-us/products/ai-services/ai-content-safety"
579
+ },
580
+ {
581
+ "name": "OWASP ZAP",
582
+ "type": "open-source",
583
+ "url": "https://www.zaproxy.org"
584
+ },
585
+ {
586
+ "name": "Burp Suite Community",
587
+ "type": "open-source",
588
+ "url": "https://portswigger.net/burp/communitydownload"
589
+ },
590
+ {
591
+ "name": "Apache Atlas",
592
+ "type": "open-source",
593
+ "url": "https://atlas.apache.org"
594
+ },
595
+ {
596
+ "name": "Immuta",
597
+ "type": "commercial",
598
+ "url": "https://www.immuta.com"
599
+ },
600
+ {
601
+ "name": "OneTrust",
602
+ "type": "commercial",
603
+ "url": "https://www.onetrust.com"
604
+ },
605
+ {
606
+ "name": "DVC (Data Version Control)",
607
+ "type": "open-source",
608
+ "url": "https://dvc.org"
609
+ },
610
+ {
611
+ "name": "AWS S3 Lifecycle / Azure Lifecycle Management",
612
+ "type": "commercial",
613
+ "url": "https://aws.amazon.com/s3/"
614
+ },
615
+ {
616
+ "name": "HashiCorp Vault",
617
+ "type": "commercial",
618
+ "url": "https://www.vaultproject.io"
619
+ },
620
+ {
621
+ "name": "Open Policy Agent",
622
+ "type": "open-source",
623
+ "url": "https://www.openpolicyagent.org"
624
+ }
625
+ ],
626
+ "incidents": [
627
+ {
628
+ "name": "OpenAI Redis caching bug exposes user conversation history",
629
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
630
+ "year": 2023,
631
+ "incident_id": "INC-006"
632
+ },
633
+ {
634
+ "name": "OpenAI ChatGPT data retention GDPR challenge — right to erasure vs model training",
635
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
636
+ "year": 2024,
637
+ "incident_id": "INC-050"
638
+ }
639
+ ],
640
+ "crossrefs": {
641
+ "llm_top10": [
642
+ "LLM02",
643
+ "LLM07",
644
+ "LLM03",
645
+ "LLM08"
646
+ ],
647
+ "dsgai_2026": [
648
+ "DSGAI13"
649
+ ],
650
+ "agentic_top10": [
651
+ "ASI06",
652
+ "ASI03"
653
+ ]
654
+ },
655
+ "changelog": [
656
+ {
657
+ "date": "2026-03-27",
658
+ "version": "1.0.0",
659
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
660
+ "author": "emmanuelgjr"
661
+ }
662
+ ]
663
+ }