genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI13.json ADDED
@@ -0,0 +1,688 @@
1
+ {
2
+ "id": "DSGAI13",
3
+ "name": "Vector Store Platform Security",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0025",
23
+ "control_name": "Exfiltrate via Cyber Means",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Vector store content exfiltrated through unauthenticated access or RBAC bypass"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0035",
31
+ "control_name": "Exfiltrate via ML Inference API",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Embeddings and retrieved passages extracted through vector store query API"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0020",
39
+ "control_name": "Poison Training Data",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Vector store content poisoned through path traversal or unauthenticated write (CVE-2024-3584)"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-2.3",
47
+ "control_name": "Risk categorisation",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Vector store risks mapped — each deployment assessed for RBAC, encryption, and network exposure"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "Vector store security testing — RBAC bypass, path traversal, unauthenticated access scenarios"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-3.3",
63
+ "control_name": "Data quality",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Data integrity controls applied to vector store ingestion and query operations"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Incident response for vector store compromise — containment, data exposure scoping, index rebuild"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Vector store security risks identified and mitigated",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "All vector store deployments assessed in Art. 9 risk management"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "High-risk AI infrastructure protected against cybersecurity risks",
87
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "RBAC, encryption, and CVE patching for vector stores are Art. 15 requirements"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Post-market monitoring covering AI infrastructure components",
95
+ "control_name": "Art. 17 — Quality management",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Vector store security monitoring in post-market monitoring programme"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.3",
103
+ "control_name": "Information access restriction",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "RBAC enforced on all vector store collections — collection-level and namespace-level access control"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.24",
111
+ "control_name": "Use of cryptography",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Encryption of all vector store data at rest and in transit"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.15",
119
+ "control_name": "Logging",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Audit logging on all vector store read, write, and admin operations"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.12",
127
+ "control_name": "Data leakage prevention",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "DLP controls on vector store query results — sensitive content in retrieved passages detected"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — acquisition",
135
+ "control_name": "A.7.2",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Data — preparation",
143
+ "control_name": "A.7.3",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — design",
151
+ "control_name": "A.6.1.2",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Third-party",
159
+ "control_name": "A.10.1",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 3",
167
+ "control_name": "3.11 — Encrypt sensitive data at rest",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 6",
174
+ "control_name": "6.1 — Establish access control inventory",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 16",
181
+ "control_name": "16.7 — Use standard-security components",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V4 Access Control",
188
+ "control_name": "V4.1.3 — Deny by default",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V6 Cryptography",
195
+ "control_name": "V6.1.1 — Sensitive data not stored in cleartext",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V12 Files/Resources",
202
+ "control_name": "V12.1.1 — File upload validation",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "SR 1.2",
209
+ "control_name": "Human user authentication",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "RBAC on all Zone 3 vector stores — no unauthenticated access in any OT environment"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "SR 4.1",
217
+ "control_name": "Data confidentiality",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "Zone 3 vector store content encrypted — equipment documentation and procedure embeddings as sensitive OT data"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 3.7",
225
+ "control_name": "Software and information integrity monitoring",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Vector store integrity monitoring — anomalous access patterns indicating bulk extraction detected"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "Supply chain risks",
233
+ "control_name": "§5.5",
234
+ "tier": "Foundational",
235
+ "scope": "Both",
236
+ "notes": "Third-party OT tool data leakage"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "Supply chain risk management",
241
+ "control_name": "§6.3",
242
+ "tier": "Foundational",
243
+ "scope": "Both",
244
+ "notes": "Tool data scope in OT security assessment"
245
+ },
246
+ {
247
+ "framework": "NIST SP 800-82 Rev 3",
248
+ "control_id": "Network monitoring",
249
+ "control_name": "§7.3",
250
+ "tier": "Foundational",
251
+ "scope": "Both",
252
+ "notes": "Monitor OT tool data flows"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "PR.DS-01",
257
+ "control_name": "Data Security",
258
+ "tier": "Foundational",
259
+ "scope": "Both",
260
+ "notes": "Vector store content encrypted at rest — embeddings treated as sensitive derived data assets"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "PR.AA-05",
265
+ "control_name": "Identity Management, Authentication & Access Control",
266
+ "tier": "Foundational",
267
+ "scope": "Both",
268
+ "notes": "RBAC on all vector stores — no unauthenticated access in any environment"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "PR.PS-02",
273
+ "control_name": "Platform Security",
274
+ "tier": "Foundational",
275
+ "scope": "Both",
276
+ "notes": "Software managed to reduce risk — vector database CVEs patched promptly"
277
+ },
278
+ {
279
+ "framework": "NIST CSF 2.0",
280
+ "control_id": "DE.CM-09",
281
+ "control_name": "Continuous Monitoring",
282
+ "tier": "Foundational",
283
+ "scope": "Both",
284
+ "notes": "Monitoring for anomalous access — bulk extraction, RBAC bypass attempts detected"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Vector store content encrypted at rest — embeddings of confidential data protected",
289
+ "control_name": "C2.1 — Confidential information protection",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "RBAC on all vector store collections — no unauthenticated access",
296
+ "control_name": "CC6.1 — Logical access",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Vector database CVE patching managed through change management — timely remediation documented",
303
+ "control_name": "CC8.1 — Change management",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Vector store query anomaly monitoring — bulk extraction patterns detected",
310
+ "control_name": "CC7.2 — Anomaly detection",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 3.5.1",
317
+ "control_name": "Protect stored account data",
318
+ "tier": "Foundational",
319
+ "scope": "Both",
320
+ "notes": "Vector stores in CDE scope encrypted — embeddings of CHD-adjacent content encrypted at rest"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 7.2.1",
325
+ "control_name": "Restrict access",
326
+ "tier": "Foundational",
327
+ "scope": "Both",
328
+ "notes": "RBAC on all vector stores in PCI scope — no unauthenticated access in any CDE environment"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 6.3.3",
333
+ "control_name": "Vulnerability management",
334
+ "tier": "Foundational",
335
+ "scope": "Both",
336
+ "notes": "Vector database CVEs patched — CVE-2024-3584 class treated as urgent for CDE-scope stores"
337
+ },
338
+ {
339
+ "framework": "PCI DSS v4.0",
340
+ "control_id": "Req 11.3.1",
341
+ "control_name": "Penetration testing",
342
+ "tier": "Foundational",
343
+ "scope": "Both",
344
+ "notes": "Vector store attacks in CDE penetration testing — RBAC bypass, path traversal, bulk extraction"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "L2",
349
+ "control_name": "Data and Model Security (DMS)",
350
+ "tier": "Foundational",
351
+ "scope": "Both",
352
+ "notes": "Vector stores governed as sensitive AI data assets — classified, access-controlled, encrypted, and integrity-verified"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "SCS",
357
+ "control_name": "Supply Chain Security",
358
+ "tier": "Foundational",
359
+ "scope": "Both",
360
+ "notes": "Vector database platforms assessed as AI supply chain components — CVEs tracked, security configuration reviewed"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "MON",
365
+ "control_name": "Monitoring and Detection",
366
+ "tier": "Foundational",
367
+ "scope": "Both",
368
+ "notes": "All vector store query and mutation operations logged — anomaly detection for unexpected access patterns"
369
+ },
370
+ {
371
+ "framework": "ENISA Multilayer Framework",
372
+ "control_id": "L1",
373
+ "control_name": "General ICT — Access Control",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "Vector stores require authentication and authorisation — no unauthenticated access, least-privilege query scopes"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "D-SR",
381
+ "control_name": "Design / Security Requirements",
382
+ "tier": "Foundational",
383
+ "scope": "Both",
384
+ "notes": "Minimum data returned per tool; response scope limitations"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "I-SB",
389
+ "control_name": "Implementation / Secure Build",
390
+ "tier": "Foundational",
391
+ "scope": "Both",
392
+ "notes": "Filter tool responses to minimum data required before passing to model"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "V-ST",
397
+ "control_name": "Verification / Security Testing",
398
+ "tier": "Foundational",
399
+ "scope": "Both",
400
+ "notes": "Automated tests verifying tool responses are scoped to minimum"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "G-PC",
405
+ "control_name": "Governance / Policy & Compliance",
406
+ "tier": "Foundational",
407
+ "scope": "Both",
408
+ "notes": "All tools reviewed for data scope before integration"
409
+ },
410
+ {
411
+ "framework": "OWASP SAMM v2.0",
412
+ "control_id": "O-OM",
413
+ "control_name": "Operations / Operational Management",
414
+ "tier": "Foundational",
415
+ "scope": "Both",
416
+ "notes": "Log all tool responses; alert on anomalous data volumes"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-284",
421
+ "control_name": "CWE-284",
422
+ "tier": "Foundational",
423
+ "scope": "Both",
424
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
425
+ },
426
+ {
427
+ "framework": "CWE/CVE",
428
+ "control_id": "CWE-327",
429
+ "control_name": "CWE-327",
430
+ "tier": "Foundational",
431
+ "scope": "Both",
432
+ "url": "https://cwe.mitre.org/data/definitions/327.html"
433
+ },
434
+ {
435
+ "framework": "MAESTRO",
436
+ "control_id": "L2",
437
+ "control_name": "Data Operations",
438
+ "tier": "Foundational",
439
+ "scope": "Both"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L4",
444
+ "control_name": "Deployment & Infrastructure",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L6",
451
+ "control_name": "Security & Compliance",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "AIUC-1",
457
+ "control_id": "A",
458
+ "control_name": "Data & Privacy domain",
459
+ "tier": "Foundational",
460
+ "scope": "Both",
461
+ "notes": "Foundational"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "B003",
466
+ "control_name": "Third-party security assessment",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "notes": "Hardening"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "B007",
474
+ "control_name": "Third-party permission controls",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Hardening"
478
+ },
479
+ {
480
+ "framework": "AIUC-1",
481
+ "control_id": "E",
482
+ "control_name": "Audit trails and logging",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Foundational"
486
+ },
487
+ {
488
+ "framework": "OWASP NHI Top 10",
489
+ "control_id": "Third-party tool credentials with excessive data access",
490
+ "control_name": "NHI-3 Vulnerable Third-Party NHI",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Review all third-party tool credentials; reduce to minimum scope"
494
+ },
495
+ {
496
+ "framework": "OWASP NHI Top 10",
497
+ "control_id": "Tool integration credentials with broad data access",
498
+ "control_name": "NHI-5 Over-Privileged NHI",
499
+ "tier": "Foundational",
500
+ "scope": "Both",
501
+ "notes": "Minimum scope per tool integration"
502
+ },
503
+ {
504
+ "framework": "OWASP NHI Top 10",
505
+ "control_id": "Same credential used across multiple tool integrations",
506
+ "control_name": "NHI-9 NHI Reuse",
507
+ "tier": "Foundational",
508
+ "scope": "Both",
509
+ "notes": "Separate credentials per tool"
510
+ },
511
+ {
512
+ "framework": "NIST SP 800-218A",
513
+ "control_id": "PW.1.1-PS",
514
+ "control_name": "Define security requirements — purpose limitation controls",
515
+ "tier": "Foundational",
516
+ "scope": "Both",
517
+ "notes": "Define security requirements enforcing data purpose limitation — each dataset must have documented permitted uses and technical controls preventing unauthorised repurposing"
518
+ },
519
+ {
520
+ "framework": "NIST SP 800-218A",
521
+ "control_id": "PW.7.2-PS",
522
+ "control_name": "Review for security vulnerabilities — misuse and manipulation detection",
523
+ "tier": "Foundational",
524
+ "scope": "Both",
525
+ "notes": "Include data misuse and manipulation scenarios in pre-release reviews; verify that purpose limitation controls are enforced and cannot be bypassed"
526
+ },
527
+ {
528
+ "framework": "NIST SP 800-218A",
529
+ "control_id": "RV.1.1-PS",
530
+ "control_name": "Identify and confirm vulnerabilities — production misuse monitoring",
531
+ "tier": "Foundational",
532
+ "scope": "Both",
533
+ "notes": "Establish procedures to detect data misuse and manipulation in production including monitoring for purpose-scope violations and data manipulation patterns"
534
+ },
535
+ {
536
+ "framework": "FedRAMP",
537
+ "control_id": "AC-3",
538
+ "control_name": "Access Enforcement — purpose-limited data access",
539
+ "tier": "Foundational",
540
+ "scope": "Both",
541
+ "notes": "Enforce purpose-limitation on AI data access; restrict usage to approved purposes documented in data processing agreements"
542
+ },
543
+ {
544
+ "framework": "FedRAMP",
545
+ "control_id": "AU-2",
546
+ "control_name": "Event Logging — data operation logging",
547
+ "tier": "Foundational",
548
+ "scope": "Both",
549
+ "notes": "Log all data operations with purpose context; enable detection of purpose drift and unauthorised usage"
550
+ },
551
+ {
552
+ "framework": "FedRAMP",
553
+ "control_id": "SI-4",
554
+ "control_name": "System Monitoring — misuse detection",
555
+ "tier": "Foundational",
556
+ "scope": "Both",
557
+ "notes": "Monitor AI data usage patterns for misuse indicators; alert on data access inconsistent with approved purposes"
558
+ },
559
+ {
560
+ "framework": "DORA",
561
+ "control_id": "Art. 5–7",
562
+ "control_name": "ICT Risk Management — data usage governance",
563
+ "tier": "Foundational",
564
+ "scope": "Both",
565
+ "notes": "Include data usage policies in ICT risk management; define approved purposes for each AI data category; restrict repurposing"
566
+ },
567
+ {
568
+ "framework": "DORA",
569
+ "control_id": "Art. 9",
570
+ "control_name": "Protection and Prevention — purpose-limited data controls",
571
+ "tier": "Foundational",
572
+ "scope": "Both",
573
+ "notes": "Implement controls enforcing purpose-limitation on AI data usage; restrict processing to approved purposes per data classification"
574
+ },
575
+ {
576
+ "framework": "DORA",
577
+ "control_id": "Art. 17–23",
578
+ "control_name": "ICT Incident Management — misuse incident reporting",
579
+ "tier": "Foundational",
580
+ "scope": "Both",
581
+ "notes": "Classify AI data misuse as ICT-related incidents where customer or regulatory impact occurs; report per DORA criteria"
582
+ }
583
+ ],
584
+ "tools": [
585
+ {
586
+ "name": "Weaviate (with RBAC)",
587
+ "type": "open-source",
588
+ "url": "https://weaviate.io"
589
+ },
590
+ {
591
+ "name": "Qdrant (with API key auth)",
592
+ "type": "open-source",
593
+ "url": "https://qdrant.tech"
594
+ },
595
+ {
596
+ "name": "OWASP ZAP",
597
+ "type": "open-source",
598
+ "url": "https://www.zaproxy.org"
599
+ },
600
+ {
601
+ "name": "Weaviate",
602
+ "type": "open-source",
603
+ "url": "https://github.com/weaviate/weaviate"
604
+ },
605
+ {
606
+ "name": "Qdrant",
607
+ "type": "open-source",
608
+ "url": "https://github.com/qdrant/qdrant"
609
+ },
610
+ {
611
+ "name": "Immuta",
612
+ "type": "commercial",
613
+ "url": "https://www.immuta.com"
614
+ },
615
+ {
616
+ "name": "Privacera",
617
+ "type": "commercial",
618
+ "url": "https://privacera.com"
619
+ },
620
+ {
621
+ "name": "Apache Ranger",
622
+ "type": "open-source",
623
+ "url": "https://ranger.apache.org"
624
+ },
625
+ {
626
+ "name": "Collibra",
627
+ "type": "commercial",
628
+ "url": "https://www.collibra.com"
629
+ },
630
+ {
631
+ "name": "Open Policy Agent",
632
+ "type": "open-source",
633
+ "url": "https://www.openpolicyagent.org"
634
+ },
635
+ {
636
+ "name": "OpenTelemetry",
637
+ "type": "open-source",
638
+ "url": "https://opentelemetry.io"
639
+ },
640
+ {
641
+ "name": "Splunk",
642
+ "type": "commercial",
643
+ "url": "https://www.splunk.com"
644
+ }
645
+ ],
646
+ "incidents": [
647
+ {
648
+ "name": "Clearview AI biometric bias — $50M class action settlement",
649
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
650
+ "year": 2025,
651
+ "incident_id": "INC-036"
652
+ },
653
+ {
654
+ "name": "Scale AI / Sama contractor data exposure — third-party AI labeling workforce privacy violations",
655
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
656
+ "year": 2024,
657
+ "incident_id": "INC-044"
658
+ },
659
+ {
660
+ "name": "Stability AI synthetic CSAM generation — training data and output safety failures",
661
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
662
+ "year": 2024,
663
+ "incident_id": "INC-049"
664
+ }
665
+ ],
666
+ "crossrefs": {
667
+ "llm_top10": [
668
+ "LLM08",
669
+ "LLM07",
670
+ "LLM06",
671
+ "LLM03"
672
+ ],
673
+ "agentic_top10": [
674
+ "ASI06",
675
+ "ASI05",
676
+ "ASI01",
677
+ "ASI02"
678
+ ]
679
+ },
680
+ "changelog": [
681
+ {
682
+ "date": "2026-03-27",
683
+ "version": "1.0.0",
684
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
685
+ "author": "emmanuelgjr"
686
+ }
687
+ ]
688
+ }