genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI14.json ADDED
@@ -0,0 +1,703 @@
1
+ {
2
+ "id": "DSGAI14",
3
+ "name": "Excessive Telemetry and Monitoring Leakage",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0035",
23
+ "control_name": "Exfiltrate via ML Inference API",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Sensitive inference inputs and outputs captured in telemetry stores accessed through weaker controls"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0025",
31
+ "control_name": "Exfiltrate via Cyber Means",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Telemetry stores containing sensitive GenAI interaction data exfiltrated through standard data access paths"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0057",
39
+ "control_name": "Data from Information Repositories",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Observability databases and log stores accessed as information repositories — sensitive content available at scale"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.6",
47
+ "control_name": "Policies for data privacy",
48
+ "tier": "Foundational",
49
+ "scope": "Build",
50
+ "notes": "Telemetry governance policy — least-logging defaults, classification of captured data, retention limits"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MP-2.3",
55
+ "control_name": "Risk categorisation",
56
+ "tier": "Foundational",
57
+ "scope": "Build",
58
+ "notes": "Telemetry leakage risks mapped — identify which pipelines capture full payload and at what retention"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Foundational",
65
+ "scope": "Build",
66
+ "notes": "Data leakage testing on telemetry stores — sensitive content in logs and traces"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.4",
71
+ "control_name": "Risk response — data",
72
+ "tier": "Foundational",
73
+ "scope": "Build",
74
+ "notes": "Response for telemetry data leakage incidents — access log review, data deletion, notification"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Data governance applies to all data in AI system scope — including telemetry and monitoring data",
79
+ "control_name": "Art. 10 — Data and data governance",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Telemetry data governance — classification, access controls, retention — is an Art. 10 requirement"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Post-market monitoring required — but the monitoring infrastructure must itself be secured",
87
+ "control_name": "Art. 17 — Quality management",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Telemetry security is both an Art. 17 obligation and an Art. 10 data governance requirement"
91
+ },
92
+ {
93
+ "framework": "ISO/IEC 27001:2022",
94
+ "control_id": "A.8.15",
95
+ "control_name": "Logging",
96
+ "tier": "Foundational",
97
+ "scope": "Build",
98
+ "notes": "Logging controls applied to AI telemetry — least-logging defaults, no full payload capture by default"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.12",
103
+ "control_name": "Data leakage prevention",
104
+ "tier": "Foundational",
105
+ "scope": "Build",
106
+ "notes": "DLP applied to telemetry streams — sensitive content redacted before storage"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.12",
111
+ "control_name": "Classification of information",
112
+ "tier": "Foundational",
113
+ "scope": "Build",
114
+ "notes": "Telemetry data classified — full prompt captures classified at same level as content they contain"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.11",
119
+ "control_name": "Data masking",
120
+ "tier": "Foundational",
121
+ "scope": "Build",
122
+ "notes": "Masking of sensitive content in logs and traces before storage"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 42001:2023",
126
+ "control_id": "Data — governance",
127
+ "control_name": "A.7.2",
128
+ "tier": "Foundational",
129
+ "scope": "Build",
130
+ "notes": "Foundational"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Policies",
135
+ "control_name": "A.2.2",
136
+ "tier": "Foundational",
137
+ "scope": "Build",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — testing",
143
+ "control_name": "A.6.2.6",
144
+ "tier": "Foundational",
145
+ "scope": "Build",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Performance evaluation",
151
+ "control_name": "Cl.9",
152
+ "tier": "Foundational",
153
+ "scope": "Build",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "CIS Controls v8.1",
158
+ "control_id": "CIS 8",
159
+ "control_name": "8.2 — Collect audit logs",
160
+ "tier": "Foundational",
161
+ "scope": "Build"
162
+ },
163
+ {
164
+ "framework": "CIS Controls v8.1",
165
+ "control_id": "CIS 8",
166
+ "control_name": "8.10 — Retain audit logs",
167
+ "tier": "Foundational",
168
+ "scope": "Build"
169
+ },
170
+ {
171
+ "framework": "CIS Controls v8.1",
172
+ "control_id": "CIS 3",
173
+ "control_name": "3.13 — Deploy DLP on log pipelines",
174
+ "tier": "Foundational",
175
+ "scope": "Build"
176
+ },
177
+ {
178
+ "framework": "CIS Controls v8.1",
179
+ "control_id": "CIS 6",
180
+ "control_name": "6.3 — Access control on log infrastructure",
181
+ "tier": "Foundational",
182
+ "scope": "Build"
183
+ },
184
+ {
185
+ "framework": "OWASP ASVS 4.0.3",
186
+ "control_id": "V7 Logging",
187
+ "control_name": "V7.1.1 — No credential logging",
188
+ "tier": "Foundational",
189
+ "scope": "Build"
190
+ },
191
+ {
192
+ "framework": "OWASP ASVS 4.0.3",
193
+ "control_id": "V7 Logging",
194
+ "control_name": "V7.1.2 — No sensitive data in logs",
195
+ "tier": "Foundational",
196
+ "scope": "Build"
197
+ },
198
+ {
199
+ "framework": "OWASP ASVS 4.0.3",
200
+ "control_id": "V8 Data Protection",
201
+ "control_name": "V8.1.1 — Sensitive data not in URLs",
202
+ "tier": "Foundational",
203
+ "scope": "Build"
204
+ },
205
+ {
206
+ "framework": "OWASP ASVS 4.0.3",
207
+ "control_id": "V4 Access Control",
208
+ "control_name": "V4.1.1 — Access control on log stores",
209
+ "tier": "Foundational",
210
+ "scope": "Build"
211
+ },
212
+ {
213
+ "framework": "ISA/IEC 62443",
214
+ "control_id": "SR 4.1",
215
+ "control_name": "Data confidentiality",
216
+ "tier": "Foundational",
217
+ "scope": "Both",
218
+ "notes": "OT GenAI telemetry stores classified and protected — process data in logs requires same protection as live data"
219
+ },
220
+ {
221
+ "framework": "ISA/IEC 62443",
222
+ "control_id": "SR 4.4",
223
+ "control_name": "Use of physical diagnostic and test interfaces",
224
+ "tier": "Foundational",
225
+ "scope": "Both",
226
+ "notes": "OT-specific data masking before telemetry capture — tag IDs, equipment identifiers masked before logging"
227
+ },
228
+ {
229
+ "framework": "ISA/IEC 62443",
230
+ "control_id": "SR 1.2",
231
+ "control_name": "Human user authentication",
232
+ "tier": "Foundational",
233
+ "scope": "Both",
234
+ "notes": "Access controls on OT GenAI telemetry stores — need-to-know enforced"
235
+ },
236
+ {
237
+ "framework": "NIST SP 800-82 Rev 3",
238
+ "control_id": "Data confidentiality",
239
+ "control_name": "§5.4",
240
+ "tier": "Hardening",
241
+ "scope": "Both",
242
+ "notes": "OT-trained model weights are sensitive OT intellectual property"
243
+ },
244
+ {
245
+ "framework": "NIST SP 800-82 Rev 3",
246
+ "control_id": "Risk assessment",
247
+ "control_name": "§6.2",
248
+ "tier": "Hardening",
249
+ "scope": "Both",
250
+ "notes": "Model theft as OT IP theft scenario"
251
+ },
252
+ {
253
+ "framework": "NIST SP 800-82 Rev 3",
254
+ "control_id": "Network monitoring",
255
+ "control_name": "§7.3",
256
+ "tier": "Hardening",
257
+ "scope": "Both",
258
+ "notes": "Monitor model storage access patterns"
259
+ },
260
+ {
261
+ "framework": "NIST CSF 2.0",
262
+ "control_id": "GV.OC-01",
263
+ "control_name": "Organisational Context",
264
+ "tier": "Foundational",
265
+ "scope": "Both",
266
+ "notes": "Telemetry governance policy — least-logging defaults, classification of captured data, retention limits"
267
+ },
268
+ {
269
+ "framework": "NIST CSF 2.0",
270
+ "control_id": "PR.DS-01",
271
+ "control_name": "Data Security",
272
+ "tier": "Foundational",
273
+ "scope": "Both",
274
+ "notes": "Telemetry stores containing sensitive data protected — same requirements as production data stores"
275
+ },
276
+ {
277
+ "framework": "NIST CSF 2.0",
278
+ "control_id": "PR.AA-05",
279
+ "control_name": "Identity Management, Authentication & Access Control",
280
+ "tier": "Foundational",
281
+ "scope": "Both",
282
+ "notes": "Access controls on telemetry stores — need-to-know enforced, not open access because \"just logs\""
283
+ },
284
+ {
285
+ "framework": "NIST CSF 2.0",
286
+ "control_id": "DE.CM-09",
287
+ "control_name": "Continuous Monitoring",
288
+ "tier": "Foundational",
289
+ "scope": "Both",
290
+ "notes": "Telemetry store access monitored — anomalous access patterns detected"
291
+ },
292
+ {
293
+ "framework": "SOC 2",
294
+ "control_id": "GenAI telemetry classified and encrypted — content captured in traces protected at same level as source data",
295
+ "control_name": "C2.1 — Confidential information protection",
296
+ "tier": "Foundational",
297
+ "scope": "Both"
298
+ },
299
+ {
300
+ "framework": "SOC 2",
301
+ "control_id": "Personal information in telemetry used only for authorised purposes — same restrictions as production data",
302
+ "control_name": "P5.1 — Personal information use",
303
+ "tier": "Foundational",
304
+ "scope": "Both"
305
+ },
306
+ {
307
+ "framework": "SOC 2",
308
+ "control_id": "Access controls on telemetry stores — same rigour as production data stores",
309
+ "control_name": "CC6.1 — Logical access",
310
+ "tier": "Foundational",
311
+ "scope": "Both"
312
+ },
313
+ {
314
+ "framework": "SOC 2",
315
+ "control_id": "Access anomaly monitoring on telemetry stores — bulk access patterns detected",
316
+ "control_name": "CC7.2 — Monitoring",
317
+ "tier": "Foundational",
318
+ "scope": "Both"
319
+ },
320
+ {
321
+ "framework": "PCI DSS v4.0",
322
+ "control_id": "Req 3.5.1",
323
+ "control_name": "Protect stored account data",
324
+ "tier": "Foundational",
325
+ "scope": "Both",
326
+ "notes": "Telemetry stores containing CHD encrypted — observability data is CHD if it contains PANs"
327
+ },
328
+ {
329
+ "framework": "PCI DSS v4.0",
330
+ "control_id": "Req 3.4.1",
331
+ "control_name": "PAN rendering",
332
+ "tier": "Foundational",
333
+ "scope": "Both",
334
+ "notes": "PANs in telemetry masked before logging — cleartext PANs in observability data is a Req 3 finding"
335
+ },
336
+ {
337
+ "framework": "PCI DSS v4.0",
338
+ "control_id": "Req 7.2.1",
339
+ "control_name": "Restrict access",
340
+ "tier": "Foundational",
341
+ "scope": "Both",
342
+ "notes": "Access controls on CDE telemetry stores — Req 7 need-to-know applies"
343
+ },
344
+ {
345
+ "framework": "PCI DSS v4.0",
346
+ "control_id": "Req 10.2.1",
347
+ "control_name": "Logging",
348
+ "tier": "Foundational",
349
+ "scope": "Both",
350
+ "notes": "Access to CDE telemetry stores logged — accessing observability data containing CHD requires Req 10 trail"
351
+ },
352
+ {
353
+ "framework": "ENISA Multilayer Framework",
354
+ "control_id": "L2",
355
+ "control_name": "Governance and Risk (GOV)",
356
+ "tier": "Foundational",
357
+ "scope": "Both",
358
+ "notes": "Telemetry data classified and governed — observability pipelines subject to the same data governance policy as primary data assets"
359
+ },
360
+ {
361
+ "framework": "ENISA Multilayer Framework",
362
+ "control_id": "MON",
363
+ "control_name": "Monitoring and Detection",
364
+ "tier": "Foundational",
365
+ "scope": "Both",
366
+ "notes": "Observability stores protected against unauthorised access — access controls, encryption, and retention limits applied to all telemetry"
367
+ },
368
+ {
369
+ "framework": "ENISA Multilayer Framework",
370
+ "control_id": "L2",
371
+ "control_name": "Data and Model Security (DMS)",
372
+ "tier": "Foundational",
373
+ "scope": "Both",
374
+ "notes": "Telemetry pipelines scanned for sensitive data before storage — redaction and masking applied to GenAI inputs and outputs in logs"
375
+ },
376
+ {
377
+ "framework": "ENISA Multilayer Framework",
378
+ "control_id": "L1",
379
+ "control_name": "General ICT — Logging",
380
+ "tier": "Foundational",
381
+ "scope": "Both",
382
+ "notes": "Logs protected from tampering and unauthorised access — separation between security logs and operational telemetry"
383
+ },
384
+ {
385
+ "framework": "OWASP SAMM v2.0",
386
+ "control_id": "D-SA",
387
+ "control_name": "Design / Security Architecture",
388
+ "tier": "Hardening",
389
+ "scope": "Both",
390
+ "notes": "Treat model weights as crown-jewel assets with appropriate access controls"
391
+ },
392
+ {
393
+ "framework": "OWASP SAMM v2.0",
394
+ "control_id": "G-PC",
395
+ "control_name": "Governance / Policy & Compliance",
396
+ "tier": "Hardening",
397
+ "scope": "Both",
398
+ "notes": "Classify model weights; require formal access control and custodian assignment"
399
+ },
400
+ {
401
+ "framework": "OWASP SAMM v2.0",
402
+ "control_id": "V-AA",
403
+ "control_name": "Verification / Architecture Assessment",
404
+ "tier": "Hardening",
405
+ "scope": "Both",
406
+ "notes": "Periodic review of model storage access controls"
407
+ },
408
+ {
409
+ "framework": "OWASP SAMM v2.0",
410
+ "control_id": "O-OM",
411
+ "control_name": "Operations / Operational Management",
412
+ "tier": "Hardening",
413
+ "scope": "Both",
414
+ "notes": "Alert on unexpected access to model weight storage"
415
+ },
416
+ {
417
+ "framework": "OWASP SAMM v2.0",
418
+ "control_id": "G-SM",
419
+ "control_name": "Governance / Strategy & Metrics",
420
+ "tier": "Hardening",
421
+ "scope": "Both",
422
+ "notes": "Document model IP protection controls in security programme roadmap"
423
+ },
424
+ {
425
+ "framework": "CWE/CVE",
426
+ "control_id": "CWE-312",
427
+ "control_name": "CWE-312",
428
+ "tier": "Foundational",
429
+ "scope": "Build",
430
+ "url": "https://cwe.mitre.org/data/definitions/312.html"
431
+ },
432
+ {
433
+ "framework": "CWE/CVE",
434
+ "control_id": "CWE-532",
435
+ "control_name": "CWE-532",
436
+ "tier": "Foundational",
437
+ "scope": "Build",
438
+ "url": "https://cwe.mitre.org/data/definitions/532.html"
439
+ },
440
+ {
441
+ "framework": "CWE/CVE",
442
+ "control_id": "CWE-200",
443
+ "control_name": "CWE-200",
444
+ "tier": "Foundational",
445
+ "scope": "Build",
446
+ "url": "https://cwe.mitre.org/data/definitions/200.html"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L5",
451
+ "control_name": "Evaluation & Observability",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "MAESTRO",
457
+ "control_id": "L2",
458
+ "control_name": "Data Operations",
459
+ "tier": "Foundational",
460
+ "scope": "Both"
461
+ },
462
+ {
463
+ "framework": "MAESTRO",
464
+ "control_id": "L6",
465
+ "control_name": "Security & Compliance",
466
+ "tier": "Foundational",
467
+ "scope": "Both"
468
+ },
469
+ {
470
+ "framework": "AIUC-1",
471
+ "control_id": "A",
472
+ "control_name": "Data & Privacy domain",
473
+ "tier": "Hardening",
474
+ "scope": "Both",
475
+ "notes": "Foundational"
476
+ },
477
+ {
478
+ "framework": "AIUC-1",
479
+ "control_id": "B006",
480
+ "control_name": "Prevent unauthorized AI actions",
481
+ "tier": "Hardening",
482
+ "scope": "Both",
483
+ "notes": "Foundational"
484
+ },
485
+ {
486
+ "framework": "AIUC-1",
487
+ "control_id": "E",
488
+ "control_name": "Audit trails and logging",
489
+ "tier": "Hardening",
490
+ "scope": "Both",
491
+ "notes": "Foundational"
492
+ },
493
+ {
494
+ "framework": "OWASP NHI Top 10",
495
+ "control_id": "Model storage service account with read access from unexpected paths",
496
+ "control_name": "NHI-5 Over-Privileged NHI",
497
+ "tier": "Hardening",
498
+ "scope": "Both",
499
+ "notes": "Minimum scope: only authorised inference service can read model weights"
500
+ },
501
+ {
502
+ "framework": "OWASP NHI Top 10",
503
+ "control_id": "Model storage credentials in plaintext config",
504
+ "control_name": "NHI-6 Insecure Credential Storage",
505
+ "tier": "Hardening",
506
+ "scope": "Both",
507
+ "notes": "Vault all model storage credentials"
508
+ },
509
+ {
510
+ "framework": "NIST SP 800-218A",
511
+ "control_id": "PW.1.1-PS",
512
+ "control_name": "Define security requirements — consent management requirements",
513
+ "tier": "Foundational",
514
+ "scope": "Both",
515
+ "notes": "Define security requirements mandating consent verification before personal data enters AI training, fine-tuning, or inference pipelines"
516
+ },
517
+ {
518
+ "framework": "NIST SP 800-218A",
519
+ "control_id": "PW.2.1-PS",
520
+ "control_name": "Design software — consent enforcement architecture",
521
+ "tier": "Foundational",
522
+ "scope": "Both",
523
+ "notes": "Design AI systems with consent enforcement mechanisms that validate consent status before data processing and honour consent withdrawal across all pipeline stages"
524
+ },
525
+ {
526
+ "framework": "FedRAMP",
527
+ "control_id": "PM-9",
528
+ "control_name": "Risk Management Strategy — consent governance",
529
+ "tier": "Foundational",
530
+ "scope": "Both",
531
+ "notes": "Include consent management in AI risk management strategy; define consent requirements per data type and processing activity"
532
+ },
533
+ {
534
+ "framework": "FedRAMP",
535
+ "control_id": "AC-3",
536
+ "control_name": "Access Enforcement — consent-based access",
537
+ "tier": "Foundational",
538
+ "scope": "Both",
539
+ "notes": "Enforce access controls aligned with consent status; block AI processing on data where consent has been withdrawn"
540
+ },
541
+ {
542
+ "framework": "FedRAMP",
543
+ "control_id": "AU-2",
544
+ "control_name": "Event Logging — consent compliance logging",
545
+ "tier": "Foundational",
546
+ "scope": "Both",
547
+ "notes": "Log consent status and changes; enable audit of consent compliance for all AI data processing activities"
548
+ },
549
+ {
550
+ "framework": "DORA",
551
+ "control_id": "Art. 5–7",
552
+ "control_name": "ICT Risk Management — consent governance",
553
+ "tier": "Foundational",
554
+ "scope": "Both",
555
+ "notes": "Include consent management in ICT risk management; define consent requirements per data type and AI processing activity for financial services"
556
+ },
557
+ {
558
+ "framework": "DORA",
559
+ "control_id": "Art. 9",
560
+ "control_name": "Protection and Prevention — consent-aligned controls",
561
+ "tier": "Foundational",
562
+ "scope": "Both",
563
+ "notes": "Implement access controls aligned with consent status; block AI processing on data where consent has been withdrawn or is insufficient"
564
+ },
565
+ {
566
+ "framework": "DORA",
567
+ "control_id": "Art. 10",
568
+ "control_name": "Detection — consent violation monitoring",
569
+ "tier": "Foundational",
570
+ "scope": "Both",
571
+ "notes": "Monitor for AI processing inconsistent with consent status; alert on violations"
572
+ }
573
+ ],
574
+ "tools": [
575
+ {
576
+ "name": "OpenTelemetry",
577
+ "type": "open-source",
578
+ "url": "https://opentelemetry.io"
579
+ },
580
+ {
581
+ "name": "Langfuse",
582
+ "type": "open-source",
583
+ "url": "https://langfuse.com"
584
+ },
585
+ {
586
+ "name": "Helicone",
587
+ "type": "open-source",
588
+ "url": "https://www.helicone.ai"
589
+ },
590
+ {
591
+ "name": "Grafana Loki",
592
+ "type": "open-source",
593
+ "url": "https://github.com/grafana/loki"
594
+ },
595
+ {
596
+ "name": "Presidio",
597
+ "type": "open-source",
598
+ "url": "https://github.com/microsoft/presidio"
599
+ },
600
+ {
601
+ "name": "Fluent Bit",
602
+ "type": "open-source",
603
+ "url": "https://github.com/fluent/fluent-bit"
604
+ },
605
+ {
606
+ "name": "OneTrust",
607
+ "type": "commercial",
608
+ "url": "https://www.onetrust.com"
609
+ },
610
+ {
611
+ "name": "Transcend",
612
+ "type": "commercial",
613
+ "url": "https://transcend.io"
614
+ },
615
+ {
616
+ "name": "CookieYes",
617
+ "type": "open-source",
618
+ "url": "https://www.cookieyes.com"
619
+ },
620
+ {
621
+ "name": "Osano",
622
+ "type": "commercial",
623
+ "url": "https://www.osano.com"
624
+ },
625
+ {
626
+ "name": "Collibra",
627
+ "type": "commercial",
628
+ "url": "https://www.collibra.com"
629
+ },
630
+ {
631
+ "name": "Open Policy Agent",
632
+ "type": "open-source",
633
+ "url": "https://www.openpolicyagent.org"
634
+ },
635
+ {
636
+ "name": "TrustArc",
637
+ "type": "commercial",
638
+ "url": "https://trustarc.com"
639
+ }
640
+ ],
641
+ "incidents": [
642
+ {
643
+ "name": "Cursor AI code agent leaking repository secrets via context window",
644
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
645
+ "year": 2025,
646
+ "incident_id": "INC-034"
647
+ },
648
+ {
649
+ "name": "Italy Garante orders ChatGPT GDPR enforcement — consent and data minimization failures",
650
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
651
+ "year": 2025,
652
+ "incident_id": "INC-035"
653
+ },
654
+ {
655
+ "name": "Clearview AI biometric bias — $50M class action settlement",
656
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
657
+ "year": 2025,
658
+ "incident_id": "INC-036"
659
+ },
660
+ {
661
+ "name": "TikTok EU data localization enforcement — Project Clover + EUR 345M GDPR fine",
662
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
663
+ "year": 2023,
664
+ "incident_id": "INC-043"
665
+ },
666
+ {
667
+ "name": "Scale AI / Sama contractor data exposure — third-party AI labeling workforce privacy violations",
668
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
669
+ "year": 2024,
670
+ "incident_id": "INC-044"
671
+ },
672
+ {
673
+ "name": "OpenAI ChatGPT data retention GDPR challenge — right to erasure vs model training",
674
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
675
+ "year": 2024,
676
+ "incident_id": "INC-050"
677
+ }
678
+ ],
679
+ "crossrefs": {
680
+ "dsgai_2026": [
681
+ "DSGAI01",
682
+ "DSGAI07",
683
+ "DSGAI12"
684
+ ],
685
+ "llm_top10": [
686
+ "LLM02",
687
+ "LLM03",
688
+ "LLM06"
689
+ ],
690
+ "agentic_top10": [
691
+ "ASI09",
692
+ "ASI02"
693
+ ]
694
+ },
695
+ "changelog": [
696
+ {
697
+ "date": "2026-03-27",
698
+ "version": "1.0.0",
699
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
700
+ "author": "emmanuelgjr"
701
+ }
702
+ ]
703
+ }