genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI12.json ADDED
@@ -0,0 +1,695 @@
1
+ {
2
+ "id": "DSGAI12",
3
+ "name": "Unsafe Natural Language Data Gateways",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "Critical",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0051",
23
+ "control_name": "Exploit Public-Facing Application",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "NL gateway interface exploited through crafted natural language to generate destructive or exfiltrating queries"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0057",
31
+ "control_name": "Data from Information Repositories",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Database accessed through LLM-generated queries — adversary extracts sensitive records without direct database access"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0035",
39
+ "control_name": "Exfiltrate via ML Inference API",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "LLM inference API used to generate queries that extract data from connected databases"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-2.3",
47
+ "control_name": "Risk categorisation",
48
+ "tier": "Foundational",
49
+ "scope": "Build",
50
+ "notes": "LLM-to-database interface risks mapped — privilege level, query scope, and data exposure per interface"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Foundational",
57
+ "scope": "Build",
58
+ "notes": "SQL injection, privilege escalation, and bulk extraction testing on all LLM gateway interfaces"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MG-2.2",
63
+ "control_name": "Risk response",
64
+ "tier": "Foundational",
65
+ "scope": "Build",
66
+ "notes": "Incident response for LLM gateway misuse — query log forensics, data exposure scoping"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "GV-1.7",
71
+ "control_name": "Policies for trustworthy AI",
72
+ "tier": "Foundational",
73
+ "scope": "Build",
74
+ "notes": "Policy requiring least-privilege execution and read-only defaults for all LLM-to-database interfaces"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "LLM gateway risks identified and mitigated",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "All LLM-to-database interfaces mapped in Art. 9 risk management"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "High-risk AI designed to allow effective human oversight — ability to pause, stop, and override",
87
+ "control_name": "Art. 14 — Human oversight",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "LLM-generated destructive database queries executing autonomously are an Art. 14 human oversight failure"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Cybersecurity measures protecting against adversarial misuse",
95
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Least-privilege execution, query allowlisting, and SQL injection prevention are Art. 15 requirements"
99
+ },
100
+ {
101
+ "framework": "EU AI Act",
102
+ "control_id": "Documented procedures for LLM gateway security",
103
+ "control_name": "Art. 17 — Quality management",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Security testing procedures and query log retention documented in quality management"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.26",
111
+ "control_name": "Application security requirements",
112
+ "tier": "Foundational",
113
+ "scope": "Build",
114
+ "notes": "Security requirements for LLM-to-SQL interfaces — read-only by default, parameterisation mandatory"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.3",
119
+ "control_name": "Information access restriction",
120
+ "tier": "Foundational",
121
+ "scope": "Build",
122
+ "notes": "LLM-generated queries execute under least-privilege credentials matching the requesting user's access"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.28",
127
+ "control_name": "Secure coding",
128
+ "tier": "Foundational",
129
+ "scope": "Build",
130
+ "notes": "Parameterised queries, allowlisted operations, and row-level policy enforcement in LLM gateway code"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 27001:2022",
134
+ "control_id": "A.8.29",
135
+ "control_name": "Security testing",
136
+ "tier": "Foundational",
137
+ "scope": "Build",
138
+ "notes": "SQL injection and privilege escalation testing on all LLM-to-database interfaces"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — operational",
143
+ "control_name": "A.6.2.3",
144
+ "tier": "Foundational",
145
+ "scope": "Build",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — testing",
151
+ "control_name": "A.6.2.6",
152
+ "tier": "Foundational",
153
+ "scope": "Build",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Data — access control",
159
+ "control_name": "A.7.2",
160
+ "tier": "Foundational",
161
+ "scope": "Build",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "ISO/IEC 42001:2023",
166
+ "control_id": "Use of AI systems",
167
+ "control_name": "A.9.1",
168
+ "tier": "Foundational",
169
+ "scope": "Build",
170
+ "notes": "Foundational"
171
+ },
172
+ {
173
+ "framework": "CIS Controls v8.1",
174
+ "control_id": "CIS 16",
175
+ "control_name": "16.2 — Establish secure configuration for software",
176
+ "tier": "Foundational",
177
+ "scope": "Build"
178
+ },
179
+ {
180
+ "framework": "CIS Controls v8.1",
181
+ "control_id": "CIS 6",
182
+ "control_name": "6.3 — Require password manager for service accounts",
183
+ "tier": "Foundational",
184
+ "scope": "Build"
185
+ },
186
+ {
187
+ "framework": "CIS Controls v8.1",
188
+ "control_id": "CIS 18",
189
+ "control_name": "18.1 — Establish penetration testing programme",
190
+ "tier": "Foundational",
191
+ "scope": "Build"
192
+ },
193
+ {
194
+ "framework": "OWASP ASVS 4.0.3",
195
+ "control_id": "V5 Validation",
196
+ "control_name": "V5.1.1 — Allowlist input validation",
197
+ "tier": "Foundational",
198
+ "scope": "Build"
199
+ },
200
+ {
201
+ "framework": "OWASP ASVS 4.0.3",
202
+ "control_id": "V5 Validation",
203
+ "control_name": "V5.3.4 — SQL injection prevention",
204
+ "tier": "Foundational",
205
+ "scope": "Build"
206
+ },
207
+ {
208
+ "framework": "OWASP ASVS 4.0.3",
209
+ "control_id": "V4 Access Control",
210
+ "control_name": "V4.1.1 — Access control on every request",
211
+ "tier": "Foundational",
212
+ "scope": "Build"
213
+ },
214
+ {
215
+ "framework": "OWASP ASVS 4.0.3",
216
+ "control_id": "V13 API",
217
+ "control_name": "V13.1.1 — API protection against enumeration",
218
+ "tier": "Foundational",
219
+ "scope": "Build"
220
+ },
221
+ {
222
+ "framework": "ISA/IEC 62443",
223
+ "control_id": "SR 2.2",
224
+ "control_name": "Least privilege",
225
+ "tier": "Foundational",
226
+ "scope": "Both",
227
+ "notes": "NL gateway executes under requesting operator's permissions — never shared high-privilege OT service account"
228
+ },
229
+ {
230
+ "framework": "ISA/IEC 62443",
231
+ "control_id": "SR 2.1",
232
+ "control_name": "Use control enforcement",
233
+ "tier": "Foundational",
234
+ "scope": "Both",
235
+ "notes": "NL gateway query allowlisting — only pre-approved query patterns permitted to OT data systems"
236
+ },
237
+ {
238
+ "framework": "ISA/IEC 62443",
239
+ "control_id": "SR 3.3",
240
+ "control_name": "Software and information integrity",
241
+ "tier": "Foundational",
242
+ "scope": "Both",
243
+ "notes": "NL gateway input validation — injection addressed as a known vulnerability class in Zone 3"
244
+ },
245
+ {
246
+ "framework": "ISA/IEC 62443",
247
+ "control_id": "SR 6.1",
248
+ "control_name": "Timely response to events",
249
+ "tier": "Foundational",
250
+ "scope": "Both",
251
+ "notes": "NL gateway misuse treated as Critical security event — query log forensics, data exposure scope"
252
+ },
253
+ {
254
+ "framework": "NIST SP 800-82 Rev 3",
255
+ "control_id": "Data confidentiality",
256
+ "control_name": "§5.4",
257
+ "tier": "Hardening",
258
+ "scope": "Both",
259
+ "notes": "OT knowledge encoded in models requires protection"
260
+ },
261
+ {
262
+ "framework": "NIST SP 800-82 Rev 3",
263
+ "control_id": "Risk assessment",
264
+ "control_name": "§6.2",
265
+ "tier": "Hardening",
266
+ "scope": "Both",
267
+ "notes": "Model extraction as OT intelligence gathering vector"
268
+ },
269
+ {
270
+ "framework": "NIST SP 800-82 Rev 3",
271
+ "control_id": "Network monitoring",
272
+ "control_name": "§7.3",
273
+ "tier": "Hardening",
274
+ "scope": "Both",
275
+ "notes": "Monitor for systematic extraction query patterns"
276
+ },
277
+ {
278
+ "framework": "NIST CSF 2.0",
279
+ "control_id": "PR.AA-05",
280
+ "control_name": "Identity Management, Authentication & Access Control",
281
+ "tier": "Foundational",
282
+ "scope": "Both",
283
+ "notes": "LLM-generated queries execute under requesting user's permissions — not shared high-privilege service account"
284
+ },
285
+ {
286
+ "framework": "NIST CSF 2.0",
287
+ "control_id": "PR.PS-04",
288
+ "control_name": "Platform Security",
289
+ "tier": "Foundational",
290
+ "scope": "Both",
291
+ "notes": "Secure development — query allowlisting, parameterised execution as platform security requirements"
292
+ },
293
+ {
294
+ "framework": "NIST CSF 2.0",
295
+ "control_id": "DE.CM-01",
296
+ "control_name": "Continuous Monitoring",
297
+ "tier": "Foundational",
298
+ "scope": "Both",
299
+ "notes": "All LLM-generated queries to data systems logged and monitored — bulk extraction patterns detected"
300
+ },
301
+ {
302
+ "framework": "NIST CSF 2.0",
303
+ "control_id": "ID.RA-01",
304
+ "control_name": "Risk Assessment",
305
+ "tier": "Foundational",
306
+ "scope": "Both",
307
+ "notes": "NL gateway interfaces documented in risk assessment — privilege level, query scope, data categories accessible"
308
+ },
309
+ {
310
+ "framework": "SOC 2",
311
+ "control_id": "LLM-generated queries execute under requesting user's permissions — least privilege, no shared high-privilege accounts",
312
+ "control_name": "CC6.1 — Logical access",
313
+ "tier": "Foundational",
314
+ "scope": "Both"
315
+ },
316
+ {
317
+ "framework": "SOC 2",
318
+ "control_id": "Policy requiring LLM-generated queries to be validated before execution — only authorised processing permitted",
319
+ "control_name": "PI1.1 — Processing integrity policy",
320
+ "tier": "Foundational",
321
+ "scope": "Both"
322
+ },
323
+ {
324
+ "framework": "SOC 2",
325
+ "control_id": "LLM-generated query results validated — destructive or over-broad queries blocked before execution",
326
+ "control_name": "PI1.3 — Outputs complete and accurate",
327
+ "tier": "Foundational",
328
+ "scope": "Both"
329
+ },
330
+ {
331
+ "framework": "SOC 2",
332
+ "control_id": "LLM-generated query anomaly monitoring — bulk extraction, unusual patterns, out-of-scope queries alerted",
333
+ "control_name": "CC7.2 — Anomaly detection",
334
+ "tier": "Foundational",
335
+ "scope": "Both"
336
+ },
337
+ {
338
+ "framework": "SOC 2",
339
+ "control_id": "Query allowlisting and human confirmation procedures documented",
340
+ "control_name": "CC5.2 — Control activities",
341
+ "tier": "Foundational",
342
+ "scope": "Both"
343
+ },
344
+ {
345
+ "framework": "PCI DSS v4.0",
346
+ "control_id": "Req 7.2.1",
347
+ "control_name": "Restrict access",
348
+ "tier": "Foundational",
349
+ "scope": "Both",
350
+ "notes": "LLM-generated queries execute under requesting user's CDE permissions — never shared high-privilege account"
351
+ },
352
+ {
353
+ "framework": "PCI DSS v4.0",
354
+ "control_id": "Req 6.2.4",
355
+ "control_name": "Bespoke software",
356
+ "tier": "Foundational",
357
+ "scope": "Both",
358
+ "notes": "LLM-to-SQL interfaces address injection as a known vulnerability class — query allowlisting, parameterised execution"
359
+ },
360
+ {
361
+ "framework": "PCI DSS v4.0",
362
+ "control_id": "Req 6.4.1",
363
+ "control_name": "Public-facing application protection",
364
+ "tier": "Foundational",
365
+ "scope": "Both",
366
+ "notes": "LLM-powered query interfaces in CDE scope protected — WAF or equivalent, input validation"
367
+ },
368
+ {
369
+ "framework": "PCI DSS v4.0",
370
+ "control_id": "Req 10.2.1",
371
+ "control_name": "Logging",
372
+ "tier": "Foundational",
373
+ "scope": "Both",
374
+ "notes": "All LLM-generated queries to CDE systems logged — full audit trail with user identity"
375
+ },
376
+ {
377
+ "framework": "ENISA Multilayer Framework",
378
+ "control_id": "L2",
379
+ "control_name": "AI System Integrity (ASI)",
380
+ "tier": "Foundational",
381
+ "scope": "Both",
382
+ "notes": "All NL gateway inputs validated and query scope enforced — generated queries reviewed before execution as AI system integrity requirement"
383
+ },
384
+ {
385
+ "framework": "ENISA Multilayer Framework",
386
+ "control_id": "MON",
387
+ "control_name": "Monitoring and Detection",
388
+ "tier": "Foundational",
389
+ "scope": "Both",
390
+ "notes": "All NL gateway queries logged — anomaly detection for unexpected data volumes, query patterns, or access scope"
391
+ },
392
+ {
393
+ "framework": "ENISA Multilayer Framework",
394
+ "control_id": "L2",
395
+ "control_name": "Data and Model Security (DMS)",
396
+ "tier": "Foundational",
397
+ "scope": "Both",
398
+ "notes": "Data access through NL gateways governed by the same classification and authorisation controls as direct API access"
399
+ },
400
+ {
401
+ "framework": "ENISA Multilayer Framework",
402
+ "control_id": "L1",
403
+ "control_name": "General ICT — Access Control",
404
+ "tier": "Foundational",
405
+ "scope": "Both",
406
+ "notes": "NL gateway operates under database least-privilege credentials — cannot execute DDL, cannot access tables outside defined scope"
407
+ },
408
+ {
409
+ "framework": "OWASP SAMM v2.0",
410
+ "control_id": "D-TA",
411
+ "control_name": "Design / Threat Assessment",
412
+ "tier": "Hardening",
413
+ "scope": "Both",
414
+ "notes": "Model extraction attack surface: API rate limits, confidence scores, output verbosity"
415
+ },
416
+ {
417
+ "framework": "OWASP SAMM v2.0",
418
+ "control_id": "V-ST",
419
+ "control_name": "Verification / Security Testing",
420
+ "tier": "Hardening",
421
+ "scope": "Both",
422
+ "notes": "Attempt model extraction via systematic querying; verify detection and rate limiting"
423
+ },
424
+ {
425
+ "framework": "OWASP SAMM v2.0",
426
+ "control_id": "O-OM",
427
+ "control_name": "Operations / Operational Management",
428
+ "tier": "Hardening",
429
+ "scope": "Both",
430
+ "notes": "Alert on systematic query patterns consistent with extraction attempts"
431
+ },
432
+ {
433
+ "framework": "OWASP SAMM v2.0",
434
+ "control_id": "D-SR",
435
+ "control_name": "Design / Security Requirements",
436
+ "tier": "Hardening",
437
+ "scope": "Both",
438
+ "notes": "Minimise logit exposure, confidence scores, and internal state leakage"
439
+ },
440
+ {
441
+ "framework": "CWE/CVE",
442
+ "control_id": "CWE-89",
443
+ "control_name": "CWE-89",
444
+ "tier": "Foundational",
445
+ "scope": "Build",
446
+ "url": "https://cwe.mitre.org/data/definitions/89.html"
447
+ },
448
+ {
449
+ "framework": "CWE/CVE",
450
+ "control_id": "CWE-20",
451
+ "control_name": "CWE-20",
452
+ "tier": "Foundational",
453
+ "scope": "Build",
454
+ "url": "https://cwe.mitre.org/data/definitions/20.html"
455
+ },
456
+ {
457
+ "framework": "CWE/CVE",
458
+ "control_id": "CWE-284",
459
+ "control_name": "CWE-284",
460
+ "tier": "Foundational",
461
+ "scope": "Build",
462
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
463
+ },
464
+ {
465
+ "framework": "MAESTRO",
466
+ "control_id": "L3",
467
+ "control_name": "Agent Frameworks",
468
+ "tier": "Foundational",
469
+ "scope": "Both"
470
+ },
471
+ {
472
+ "framework": "MAESTRO",
473
+ "control_id": "L2",
474
+ "control_name": "Data Operations",
475
+ "tier": "Foundational",
476
+ "scope": "Both"
477
+ },
478
+ {
479
+ "framework": "MAESTRO",
480
+ "control_id": "L6",
481
+ "control_name": "Security & Compliance",
482
+ "tier": "Foundational",
483
+ "scope": "Both"
484
+ },
485
+ {
486
+ "framework": "AIUC-1",
487
+ "control_id": "A",
488
+ "control_name": "Data & Privacy domain",
489
+ "tier": "Hardening",
490
+ "scope": "Both",
491
+ "notes": "Foundational"
492
+ },
493
+ {
494
+ "framework": "AIUC-1",
495
+ "control_id": "B006",
496
+ "control_name": "Prevent unauthorized AI actions",
497
+ "tier": "Hardening",
498
+ "scope": "Both",
499
+ "notes": "Foundational"
500
+ },
501
+ {
502
+ "framework": "AIUC-1",
503
+ "control_id": "D",
504
+ "control_name": "Reliability domain",
505
+ "tier": "Hardening",
506
+ "scope": "Both",
507
+ "notes": "Foundational"
508
+ },
509
+ {
510
+ "framework": "AIUC-1",
511
+ "control_id": "E",
512
+ "control_name": "Audit trails and logging",
513
+ "tier": "Hardening",
514
+ "scope": "Both",
515
+ "notes": "Foundational"
516
+ },
517
+ {
518
+ "framework": "OWASP NHI Top 10",
519
+ "control_id": "API credentials with high quota enabling systematic extraction",
520
+ "control_name": "NHI-5 Over-Privileged NHI",
521
+ "tier": "Hardening",
522
+ "scope": "Both",
523
+ "notes": "Per-user quotas; minimum default quota"
524
+ },
525
+ {
526
+ "framework": "OWASP NHI Top 10",
527
+ "control_id": "Long-lived inference API credentials enable sustained extraction campaigns",
528
+ "control_name": "NHI-7 Long-Lived Credentials",
529
+ "tier": "Hardening",
530
+ "scope": "Both",
531
+ "notes": "Rotate API credentials; implement per-session tokens"
532
+ },
533
+ {
534
+ "framework": "NIST SP 800-218A",
535
+ "control_id": "PW.1.1-PS",
536
+ "control_name": "Define security requirements — data ownership and rights management",
537
+ "tier": "Foundational",
538
+ "scope": "Both",
539
+ "notes": "Define security requirements that establish clear data ownership, licensing terms, and permitted use for all datasets in AI pipelines"
540
+ },
541
+ {
542
+ "framework": "NIST SP 800-218A",
543
+ "control_id": "PS.1.1-PS",
544
+ "control_name": "Protect all code from unauthorised access — ownership-based access controls",
545
+ "tier": "Foundational",
546
+ "scope": "Both",
547
+ "notes": "Implement access controls that enforce data ownership boundaries; prevent use of datasets outside their licensed scope or ownership agreement"
548
+ },
549
+ {
550
+ "framework": "FedRAMP",
551
+ "control_id": "PM-9",
552
+ "control_name": "Risk Management Strategy — ownership governance",
553
+ "tier": "Foundational",
554
+ "scope": "Both",
555
+ "notes": "Define data ownership policies for AI data; clarify rights and responsibilities for training data, outputs, and derived insights"
556
+ },
557
+ {
558
+ "framework": "FedRAMP",
559
+ "control_id": "AC-3",
560
+ "control_name": "Access Enforcement — ownership-based access",
561
+ "tier": "Foundational",
562
+ "scope": "Both",
563
+ "notes": "Enforce access controls aligned with data ownership; restrict usage based on ownership rights and licence terms"
564
+ },
565
+ {
566
+ "framework": "FedRAMP",
567
+ "control_id": "AU-2",
568
+ "control_name": "Event Logging — usage tracking",
569
+ "tier": "Foundational",
570
+ "scope": "Both",
571
+ "notes": "Log data usage for ownership compliance; track how data is used across AI systems for licence and rights management"
572
+ },
573
+ {
574
+ "framework": "DORA",
575
+ "control_id": "Art. 5–7",
576
+ "control_name": "ICT Risk Management — ownership governance",
577
+ "tier": "Foundational",
578
+ "scope": "Both",
579
+ "notes": "Define data ownership policies for AI data; clarify rights and responsibilities for training data, model outputs, and derived financial insights"
580
+ },
581
+ {
582
+ "framework": "DORA",
583
+ "control_id": "Art. 28–44",
584
+ "control_name": "Third-Party Risk — data rights management",
585
+ "tier": "Foundational",
586
+ "scope": "Both",
587
+ "notes": "Address data ownership and usage rights in third-party agreements; clarify ownership of AI outputs and derived data produced using vendor models"
588
+ },
589
+ {
590
+ "framework": "DORA",
591
+ "control_id": "Art. 8",
592
+ "control_name": "Identification — ownership mapping",
593
+ "tier": "Foundational",
594
+ "scope": "Both",
595
+ "notes": "Map ownership for all AI data assets; document rights, restrictions, and licensing for training data and outputs"
596
+ }
597
+ ],
598
+ "tools": [
599
+ {
600
+ "name": "Semgrep",
601
+ "type": "open-source",
602
+ "url": "https://semgrep.dev"
603
+ },
604
+ {
605
+ "name": "OWASP ZAP",
606
+ "type": "open-source",
607
+ "url": "https://www.zaproxy.org"
608
+ },
609
+ {
610
+ "name": "Immuta",
611
+ "type": "commercial",
612
+ "url": "https://www.immuta.com"
613
+ },
614
+ {
615
+ "name": "Rebuff",
616
+ "type": "open-source",
617
+ "url": "https://github.com/protectai/rebuff"
618
+ },
619
+ {
620
+ "name": "Garak",
621
+ "type": "open-source",
622
+ "url": "https://github.com/leondz/garak"
623
+ },
624
+ {
625
+ "name": "SQLFluff",
626
+ "type": "open-source",
627
+ "url": "https://github.com/sqlfluff/sqlfluff"
628
+ },
629
+ {
630
+ "name": "Collibra",
631
+ "type": "commercial",
632
+ "url": "https://www.collibra.com"
633
+ },
634
+ {
635
+ "name": "Alation",
636
+ "type": "commercial",
637
+ "url": "https://www.alation.com"
638
+ },
639
+ {
640
+ "name": "Apache Atlas",
641
+ "type": "open-source",
642
+ "url": "https://atlas.apache.org"
643
+ },
644
+ {
645
+ "name": "CycloneDX",
646
+ "type": "open-source",
647
+ "url": "https://cyclonedx.org"
648
+ },
649
+ {
650
+ "name": "Open Policy Agent",
651
+ "type": "open-source",
652
+ "url": "https://www.openpolicyagent.org"
653
+ },
654
+ {
655
+ "name": "OneTrust",
656
+ "type": "commercial",
657
+ "url": "https://www.onetrust.com"
658
+ }
659
+ ],
660
+ "incidents": [
661
+ {
662
+ "name": "NYT v OpenAI — copyright training data ruling implications",
663
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
664
+ "year": 2025,
665
+ "incident_id": "INC-039"
666
+ }
667
+ ],
668
+ "crossrefs": {
669
+ "llm_top10": [
670
+ "LLM05",
671
+ "LLM01",
672
+ "LLM02",
673
+ "LLM03",
674
+ "LLM09"
675
+ ],
676
+ "agentic_top10": [
677
+ "ASI02",
678
+ "ASI05",
679
+ "ASI01",
680
+ "ASI04",
681
+ "ASI09"
682
+ ],
683
+ "dsgai_2026": [
684
+ "DSGAI14"
685
+ ]
686
+ },
687
+ "changelog": [
688
+ {
689
+ "date": "2026-03-27",
690
+ "version": "1.0.0",
691
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
692
+ "author": "emmanuelgjr"
693
+ }
694
+ ]
695
+ }