genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI15.json ADDED
@@ -0,0 +1,655 @@
1
+ {
2
+ "id": "DSGAI15",
3
+ "name": "Over-Broad Context Windows",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0051",
23
+ "control_name": "Exploit Public-Facing Application",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Prompt injection via LLM interface accesses all content injected into over-broad context window"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0025",
31
+ "control_name": "Exfiltrate via Cyber Means",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Over-broad context window content exfiltrated through successful injection — adversary retrieves aggregated sensitive data"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0035",
39
+ "control_name": "Exfiltrate via ML Inference API",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Inference API queries designed to surface maximum context window content through crafted prompts"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-2.3",
47
+ "control_name": "Risk categorisation",
48
+ "tier": "Foundational",
49
+ "scope": "Build",
50
+ "notes": "Context window risks mapped — identify which deployments aggregate data across trust domains"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Foundational",
57
+ "scope": "Build",
58
+ "notes": "Adversarial testing of context window content — cross-trust-domain aggregation and injection scenarios"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Foundational",
65
+ "scope": "Build",
66
+ "notes": "Data leakage testing on context window content — sensitive data accessible to injection attacks"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Foundational",
73
+ "scope": "Build",
74
+ "notes": "Response for context window exploitation — session containment, content audit, impact scoping"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Data governance applies to all data in AI system scope — including context window content",
79
+ "control_name": "Art. 10 — Data and data governance",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Context window data governance — minimum content, classification tracking — is Art. 10 requirement"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Cybersecurity against adversarial exploitation of context window content",
87
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Context minimisation and access controls are Art. 15 cybersecurity measures"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Post-market monitoring covering context window exploitation incidents",
95
+ "control_name": "Art. 17 — Quality management",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Context window security in post-market monitoring programme"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.3",
103
+ "control_name": "Information access restriction",
104
+ "tier": "Foundational",
105
+ "scope": "Build",
106
+ "notes": "Context window content restricted to minimum required — no cross-trust-domain aggregation without access control"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.12",
111
+ "control_name": "Classification of information",
112
+ "tier": "Foundational",
113
+ "scope": "Build",
114
+ "notes": "All content injected into context window classified — highest classification drives handling requirement"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.11",
119
+ "control_name": "Data masking",
120
+ "tier": "Foundational",
121
+ "scope": "Build",
122
+ "notes": "Sensitive content redacted or masked before injection into shared context windows"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.5.14",
127
+ "control_name": "Information transfer",
128
+ "tier": "Foundational",
129
+ "scope": "Build",
130
+ "notes": "Controls on content transfer into context windows — documented data flow for each RAG pipeline"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — minimisation",
135
+ "control_name": "A.7.2",
136
+ "tier": "Foundational",
137
+ "scope": "Build",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — operational",
143
+ "control_name": "A.6.2.3",
144
+ "tier": "Foundational",
145
+ "scope": "Build",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Impact assessment",
151
+ "control_name": "A.5.2",
152
+ "tier": "Foundational",
153
+ "scope": "Build",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Operation",
159
+ "control_name": "Cl.8",
160
+ "tier": "Foundational",
161
+ "scope": "Build",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 3",
167
+ "control_name": "3.3 — Configure data access control lists",
168
+ "tier": "Foundational",
169
+ "scope": "Build"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 3",
174
+ "control_name": "3.1 — Data minimisation",
175
+ "tier": "Foundational",
176
+ "scope": "Build"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 16",
181
+ "control_name": "16.6 — Security requirements",
182
+ "tier": "Foundational",
183
+ "scope": "Build"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V4 Access Control",
188
+ "control_name": "V4.1.3 — Deny by default access control",
189
+ "tier": "Foundational",
190
+ "scope": "Build"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V8 Data Protection",
195
+ "control_name": "V8.1.4 — Data minimisation",
196
+ "tier": "Foundational",
197
+ "scope": "Build"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V3 Session Management",
202
+ "control_name": "V3.1.1 — Session isolation",
203
+ "tier": "Foundational",
204
+ "scope": "Build"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "SR 2.2",
209
+ "control_name": "Least privilege",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "OT context assembly restricted to minimum data required for the specific query — not broad process datasets"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "SR 4.1",
217
+ "control_name": "Data confidentiality",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "OT context window classification tracking — highest classification drives response handling"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 5.1",
225
+ "control_name": "Information flow restriction",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Context assembly limits in Zone 3 — cross-trust-domain aggregation restricted"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "OT data confidentiality",
233
+ "control_name": "§5.4",
234
+ "tier": "Foundational",
235
+ "scope": "Both",
236
+ "notes": "Inference inputs are OT data and require protection"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "Risk assessment",
241
+ "control_name": "§6.2",
242
+ "tier": "Foundational",
243
+ "scope": "Both",
244
+ "notes": "Inference data exposure in OT risk assessment"
245
+ },
246
+ {
247
+ "framework": "NIST SP 800-82 Rev 3",
248
+ "control_id": "Network monitoring",
249
+ "control_name": "§7.3",
250
+ "tier": "Foundational",
251
+ "scope": "Both",
252
+ "notes": "Monitor inference data leaving OT boundary"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "PR.AA-05",
257
+ "control_name": "Identity Management, Authentication & Access Control",
258
+ "tier": "Foundational",
259
+ "scope": "Both",
260
+ "notes": "Access permissions applied to context assembly — minimum-necessary context injection enforced"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "PR.DS-01",
265
+ "control_name": "Data Security",
266
+ "tier": "Foundational",
267
+ "scope": "Both",
268
+ "notes": "Context window content protected — highest classification of any included document drives handling"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "DE.CM-01",
273
+ "control_name": "Continuous Monitoring",
274
+ "tier": "Foundational",
275
+ "scope": "Both",
276
+ "notes": "Context assembly monitored — over-broad injection patterns detected"
277
+ },
278
+ {
279
+ "framework": "NIST CSF 2.0",
280
+ "control_id": "ID.RA-01",
281
+ "control_name": "Risk Assessment",
282
+ "tier": "Foundational",
283
+ "scope": "Both",
284
+ "notes": "Context window risks documented — which deployments aggregate data across trust domains"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Context window assembly respects user authorisation — no content from higher classification tier than user's access level",
289
+ "control_name": "CC6.1 — Logical access",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "Highest classification in context window drives handling — response treated as confidential if context contains confidential data",
296
+ "control_name": "C2.1 — Confidential information protection",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Minimum-necessary context injection procedures — documented and enforced",
303
+ "control_name": "CC5.2 — Control activities",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Over-broad context risks identified — cross-trust-domain aggregation assessed",
310
+ "control_name": "CC3.2 — Risk assessment",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 7.2.1",
317
+ "control_name": "Restrict access",
318
+ "tier": "Foundational",
319
+ "scope": "Both",
320
+ "notes": "Context assembly restricted to minimum CHD required — users cannot access CHD beyond their authorised scope through context injection"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 3.4.1",
325
+ "control_name": "PAN rendering",
326
+ "tier": "Foundational",
327
+ "scope": "Both",
328
+ "notes": "PANs in context window masked — cleartext PANs in LLM context is a Req 3 exposure"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 12.3.2",
333
+ "control_name": "Targeted risk analysis",
334
+ "tier": "Foundational",
335
+ "scope": "Both",
336
+ "notes": "Targeted risk analysis for context window CHD exposure — blast radius of over-broad injection documented"
337
+ },
338
+ {
339
+ "framework": "PCI DSS v4.0",
340
+ "control_id": "Req 10.2.1",
341
+ "control_name": "Logging",
342
+ "tier": "Foundational",
343
+ "scope": "Both",
344
+ "notes": "Context window assembly logged — all CHD accessed through context injection traceable"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "L2",
349
+ "control_name": "Data and Model Security (DMS)",
350
+ "tier": "Foundational",
351
+ "scope": "Both",
352
+ "notes": "Context window population governed by data minimisation principle — only data necessary for the current task included"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "L2",
357
+ "control_name": "AI System Integrity (ASI)",
358
+ "tier": "Foundational",
359
+ "scope": "Both",
360
+ "notes": "AI system integrity controls include context window scope limits — over-broad context documented as a risk in AI risk assessment"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "L2",
365
+ "control_name": "Governance and Risk (GOV)",
366
+ "tier": "Foundational",
367
+ "scope": "Both",
368
+ "notes": "Over-broad context included as a risk factor in AI risk assessment — treatment controls and data minimisation requirements documented"
369
+ },
370
+ {
371
+ "framework": "ENISA Multilayer Framework",
372
+ "control_id": "L1",
373
+ "control_name": "General ICT — Data Protection",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "Data minimisation principle applied as a baseline data protection requirement for all AI system design"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "D-SR",
381
+ "control_name": "Design / Security Requirements",
382
+ "tier": "Foundational",
383
+ "scope": "Both",
384
+ "notes": "Define what inference data may be logged, retained, and shared"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "I-SB",
389
+ "control_name": "Implementation / Secure Build",
390
+ "tier": "Foundational",
391
+ "scope": "Both",
392
+ "notes": "Log only what is operationally necessary; scrub sensitive data from logs"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "O-EM",
397
+ "control_name": "Operations / Environment Management",
398
+ "tier": "Foundational",
399
+ "scope": "Both",
400
+ "notes": "Access controls, encryption, and retention policies for all inference logs"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "G-PC",
405
+ "control_name": "Governance / Policy & Compliance",
406
+ "tier": "Foundational",
407
+ "scope": "Both",
408
+ "notes": "Documented policy on inference data retention periods and deletion"
409
+ },
410
+ {
411
+ "framework": "CWE/CVE",
412
+ "control_id": "CWE-200",
413
+ "control_name": "CWE-200",
414
+ "tier": "Foundational",
415
+ "scope": "Build",
416
+ "url": "https://cwe.mitre.org/data/definitions/200.html"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-201",
421
+ "control_name": "CWE-201",
422
+ "tier": "Foundational",
423
+ "scope": "Build",
424
+ "url": "https://cwe.mitre.org/data/definitions/201.html"
425
+ },
426
+ {
427
+ "framework": "CWE/CVE",
428
+ "control_id": "CWE-285",
429
+ "control_name": "CWE-285",
430
+ "tier": "Foundational",
431
+ "scope": "Build",
432
+ "url": "https://cwe.mitre.org/data/definitions/285.html"
433
+ },
434
+ {
435
+ "framework": "MAESTRO",
436
+ "control_id": "L2",
437
+ "control_name": "Data Operations",
438
+ "tier": "Foundational",
439
+ "scope": "Both"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L1",
444
+ "control_name": "Foundation Models",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L3",
451
+ "control_name": "Agent Frameworks",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "AIUC-1",
457
+ "control_id": "A",
458
+ "control_name": "Data & Privacy domain",
459
+ "tier": "Foundational",
460
+ "scope": "Both",
461
+ "notes": "Foundational"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "B006",
466
+ "control_name": "Prevent unauthorized AI actions",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "notes": "Foundational"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "E",
474
+ "control_name": "Audit trails and logging",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Foundational"
478
+ },
479
+ {
480
+ "framework": "OWASP NHI Top 10",
481
+ "control_id": "Inference log service account with broad read access",
482
+ "control_name": "NHI-5 Over-Privileged NHI",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Minimum scope: only authorised audit function can read inference logs"
486
+ },
487
+ {
488
+ "framework": "OWASP NHI Top 10",
489
+ "control_id": "Service account credentials embedded in inference log entries",
490
+ "control_name": "NHI-2 Secret Leakage",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Scan and scrub credentials from inference logs"
494
+ },
495
+ {
496
+ "framework": "NIST SP 800-218A",
497
+ "control_id": "PW.1.1-PS",
498
+ "control_name": "Define security requirements — data minimisation requirements",
499
+ "tier": "Foundational",
500
+ "scope": "Build",
501
+ "notes": "Define security requirements enforcing data minimisation — AI systems must collect and process only the data necessary for their documented purpose"
502
+ },
503
+ {
504
+ "framework": "NIST SP 800-218A",
505
+ "control_id": "PW.2.1-PS",
506
+ "control_name": "Design software — minimisation-by-design",
507
+ "tier": "Foundational",
508
+ "scope": "Build",
509
+ "notes": "Design AI data pipelines with data minimisation controls built in; implement field-level filtering, aggregation, and anonymisation at ingestion"
510
+ },
511
+ {
512
+ "framework": "FedRAMP",
513
+ "control_id": "AC-6",
514
+ "control_name": "Least Privilege — data collection restrictions",
515
+ "tier": "Foundational",
516
+ "scope": "Build",
517
+ "notes": "Restrict AI data collection to minimum necessary for stated purpose; enforce at pipeline ingestion points"
518
+ },
519
+ {
520
+ "framework": "FedRAMP",
521
+ "control_id": "CM-7",
522
+ "control_name": "Least Functionality — data processing restrictions",
523
+ "tier": "Foundational",
524
+ "scope": "Build",
525
+ "notes": "Restrict AI data processing to minimum necessary scope; disable collection of non-essential data fields"
526
+ },
527
+ {
528
+ "framework": "FedRAMP",
529
+ "control_id": "PM-9",
530
+ "control_name": "Risk Management Strategy — minimisation governance",
531
+ "tier": "Foundational",
532
+ "scope": "Build",
533
+ "notes": "Include data minimisation in AI risk management; define minimum necessary data per AI use case"
534
+ },
535
+ {
536
+ "framework": "DORA",
537
+ "control_id": "Art. 5–7",
538
+ "control_name": "ICT Risk Management — minimisation governance",
539
+ "tier": "Foundational",
540
+ "scope": "Build",
541
+ "notes": "Include data minimisation in ICT risk management; define minimum necessary data per AI use case and processing activity"
542
+ },
543
+ {
544
+ "framework": "DORA",
545
+ "control_id": "Art. 9",
546
+ "control_name": "Protection and Prevention — collection restrictions",
547
+ "tier": "Foundational",
548
+ "scope": "Build",
549
+ "notes": "Implement controls restricting AI data collection to minimum necessary; enforce at pipeline ingestion points and model training configuration"
550
+ },
551
+ {
552
+ "framework": "DORA",
553
+ "control_id": "Art. 8",
554
+ "control_name": "Identification — data necessity mapping",
555
+ "tier": "Foundational",
556
+ "scope": "Build",
557
+ "notes": "Document data necessity justification for each AI data asset; map minimum required data per use case"
558
+ }
559
+ ],
560
+ "tools": [
561
+ {
562
+ "name": "LlamaIndex",
563
+ "type": "open-source",
564
+ "url": "https://www.llamaindex.ai"
565
+ },
566
+ {
567
+ "name": "Guardrails AI",
568
+ "type": "open-source",
569
+ "url": "https://github.com/guardrails-ai/guardrails"
570
+ },
571
+ {
572
+ "name": "LLM Guard",
573
+ "type": "open-source",
574
+ "url": "https://github.com/protectai/llm-guard"
575
+ },
576
+ {
577
+ "name": "Garak",
578
+ "type": "open-source",
579
+ "url": "https://github.com/leondz/garak"
580
+ },
581
+ {
582
+ "name": "Presidio",
583
+ "type": "open-source",
584
+ "url": "https://github.com/microsoft/presidio"
585
+ },
586
+ {
587
+ "name": "ARX Data Anonymization",
588
+ "type": "open-source",
589
+ "url": "https://arx.deidentifier.org"
590
+ },
591
+ {
592
+ "name": "Amnesia",
593
+ "type": "open-source",
594
+ "url": "https://amnesia.openaire.eu"
595
+ },
596
+ {
597
+ "name": "Google Differential Privacy",
598
+ "type": "open-source",
599
+ "url": "https://github.com/google/differential-privacy"
600
+ },
601
+ {
602
+ "name": "Microsoft Presidio",
603
+ "type": "open-source",
604
+ "url": "https://github.com/microsoft/presidio"
605
+ },
606
+ {
607
+ "name": "Open Policy Agent",
608
+ "type": "open-source",
609
+ "url": "https://www.openpolicyagent.org"
610
+ },
611
+ {
612
+ "name": "OneTrust",
613
+ "type": "commercial",
614
+ "url": "https://www.onetrust.com"
615
+ }
616
+ ],
617
+ "incidents": [
618
+ {
619
+ "name": "Italy Garante orders ChatGPT GDPR enforcement — consent and data minimization failures",
620
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
621
+ "year": 2025,
622
+ "incident_id": "INC-035"
623
+ },
624
+ {
625
+ "name": "Synthetic data re-identification — de-anonymized patients from synthetic health records",
626
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
627
+ "year": 2025,
628
+ "incident_id": "INC-040"
629
+ }
630
+ ],
631
+ "crossrefs": {
632
+ "llm_top10": [
633
+ "LLM07",
634
+ "LLM02",
635
+ "LLM08",
636
+ "LLM06"
637
+ ],
638
+ "agentic_top10": [
639
+ "ASI01",
640
+ "ASI06",
641
+ "ASI02"
642
+ ],
643
+ "dsgai_2026": [
644
+ "DSGAI03"
645
+ ]
646
+ },
647
+ "changelog": [
648
+ {
649
+ "date": "2026-03-27",
650
+ "version": "1.0.0",
651
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
652
+ "author": "emmanuelgjr"
653
+ }
654
+ ]
655
+ }