genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI17.json ADDED
@@ -0,0 +1,690 @@
1
+ {
2
+ "id": "DSGAI17",
3
+ "name": "Data Availability and Resilience Failures",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0029",
23
+ "control_name": "Denial of ML Service",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Adversary saturates GenAI pipeline — vector store, RAG retrieval, or inference endpoint rendered unavailable"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0034",
31
+ "control_name": "Cost Harvesting",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Adversary triggers disproportionate resource consumption through crafted queries — financial or operational DoS"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0057",
39
+ "control_name": "Data from Information Repositories",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Pipeline failures may expose data through error messages or fallback paths that lack normal access controls"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-4.1",
47
+ "control_name": "Risk tolerance",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Availability risk tolerance defined for AI pipelines — RTO/RPO per component documented"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "Resilience testing of RAG pipelines — vector store saturation, stale replica, index corruption"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MG-2.2",
63
+ "control_name": "Risk response",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Incident response for AI pipeline availability failures — silent degradation detection and response"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-3.2",
71
+ "control_name": "Residual risk",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Residual availability risk documented — BCP coverage for AI pipeline components"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "High-risk AI must remain accurate and available under adverse conditions",
79
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Vector store redundancy, circuit breakers, and staleness detection are Art. 15 requirements"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "Post-market monitoring covering availability and resilience",
87
+ "control_name": "Art. 17 — Quality management",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "AI pipeline availability monitoring in quality management and post-market monitoring programme"
91
+ },
92
+ {
93
+ "framework": "ISO/IEC 27001:2022",
94
+ "control_id": "A.5.30",
95
+ "control_name": "ICT readiness for business continuity",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "AI pipeline availability requirements included in BCP — RTO/RPO defined for vector stores and RAG components"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.13",
103
+ "control_name": "Backup",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Backup and recovery for all AI data assets — vector stores, embedding indexes, RAG corpora"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.14",
111
+ "control_name": "Redundancy",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Redundancy and failover for production RAG and vector store infrastructure"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.5.24",
119
+ "control_name": "Incident management",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Incident management procedures covering AI pipeline availability failures"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 42001:2023",
126
+ "control_id": "Lifecycle — decommissioning",
127
+ "control_name": "A.6.2.8",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "Foundational"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Lifecycle — testing",
135
+ "control_name": "A.6.2.6",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Hardening"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Operation",
143
+ "control_name": "Cl.8",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Improvement",
151
+ "control_name": "Cl.10",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "CIS Controls v8.1",
158
+ "control_id": "CIS 11",
159
+ "control_name": "11.1 — Establish recovery capability",
160
+ "tier": "Foundational",
161
+ "scope": "Both"
162
+ },
163
+ {
164
+ "framework": "CIS Controls v8.1",
165
+ "control_id": "CIS 11",
166
+ "control_name": "11.4 — Test data recovery",
167
+ "tier": "Foundational",
168
+ "scope": "Both"
169
+ },
170
+ {
171
+ "framework": "CIS Controls v8.1",
172
+ "control_id": "CIS 13",
173
+ "control_name": "13.8 — Deploy DNS filtering",
174
+ "tier": "Foundational",
175
+ "scope": "Both"
176
+ },
177
+ {
178
+ "framework": "OWASP ASVS 4.0.3",
179
+ "control_id": "V11 Business Logic",
180
+ "control_name": "V11.1.7 — Anti-automation controls",
181
+ "tier": "Foundational",
182
+ "scope": "Both"
183
+ },
184
+ {
185
+ "framework": "OWASP ASVS 4.0.3",
186
+ "control_id": "V13 API",
187
+ "control_name": "V13.1.2 — API throttling",
188
+ "tier": "Foundational",
189
+ "scope": "Both"
190
+ },
191
+ {
192
+ "framework": "ISA/IEC 62443",
193
+ "control_id": "SR 7.6",
194
+ "control_name": "Denial of service protection",
195
+ "tier": "Foundational",
196
+ "scope": "Both",
197
+ "notes": "Circuit breakers preventing OT GenAI service degradation from affecting process control"
198
+ },
199
+ {
200
+ "framework": "ISA/IEC 62443",
201
+ "control_id": "SR 7.7",
202
+ "control_name": "Control system backup",
203
+ "tier": "Foundational",
204
+ "scope": "Both",
205
+ "notes": "OT GenAI failures cannot affect backup and recovery of process control — independence verified"
206
+ },
207
+ {
208
+ "framework": "ISA/IEC 62443",
209
+ "control_id": "SR 6.6",
210
+ "control_name": "Timely response to events",
211
+ "tier": "Foundational",
212
+ "scope": "Both",
213
+ "notes": "OT GenAI pipeline failures treated as security events — process control fallback activated"
214
+ },
215
+ {
216
+ "framework": "ISA/IEC 62443",
217
+ "control_id": "SR 5.1",
218
+ "control_name": "Information flow restriction",
219
+ "tier": "Foundational",
220
+ "scope": "Both",
221
+ "notes": "OT GenAI availability events do not propagate to process control — architectural separation"
222
+ },
223
+ {
224
+ "framework": "NIST SP 800-82 Rev 3",
225
+ "control_id": "Supply chain risks",
226
+ "control_name": "§5.5",
227
+ "tier": "Foundational",
228
+ "scope": "Both",
229
+ "notes": "Model components are supply chain assets in OT"
230
+ },
231
+ {
232
+ "framework": "NIST SP 800-82 Rev 3",
233
+ "control_id": "Supply chain risk management",
234
+ "control_name": "§6.3",
235
+ "tier": "Foundational",
236
+ "scope": "Both",
237
+ "notes": "Model provenance for OT deployments"
238
+ },
239
+ {
240
+ "framework": "NIST SP 800-82 Rev 3",
241
+ "control_id": "Third-party management",
242
+ "control_name": "§8.4",
243
+ "tier": "Foundational",
244
+ "scope": "Both",
245
+ "notes": "Vendor assessment for model providers"
246
+ },
247
+ {
248
+ "framework": "NIST CSF 2.0",
249
+ "control_id": "PR.IR-01",
250
+ "control_name": "Infrastructure Resilience",
251
+ "tier": "Foundational",
252
+ "scope": "Both",
253
+ "notes": "Networks and environments protected for resilience — circuit breakers, freshness monitoring, redundancy"
254
+ },
255
+ {
256
+ "framework": "NIST CSF 2.0",
257
+ "control_id": "DE.CM-01",
258
+ "control_name": "Continuous Monitoring",
259
+ "tier": "Foundational",
260
+ "scope": "Both",
261
+ "notes": "GenAI pipeline health monitored — freshness, availability metrics reviewed continuously"
262
+ },
263
+ {
264
+ "framework": "NIST CSF 2.0",
265
+ "control_id": "RS.MI-01",
266
+ "control_name": "Incident Mitigation",
267
+ "tier": "Foundational",
268
+ "scope": "Both",
269
+ "notes": "Pipeline failures contained — circuit breaker activation, graceful degradation, user notification"
270
+ },
271
+ {
272
+ "framework": "NIST CSF 2.0",
273
+ "control_id": "RC.RP-01",
274
+ "control_name": "Incident Recovery",
275
+ "tier": "Foundational",
276
+ "scope": "Both",
277
+ "notes": "Recovery plan includes GenAI pipeline failures — BCP covers AI availability, RTO/RPO defined"
278
+ },
279
+ {
280
+ "framework": "SOC 2",
281
+ "control_id": "LLM service availability commitments cover RAG freshness — stale data producing misinformation is an availability failure",
282
+ "control_name": "A1.1 — Availability policy",
283
+ "tier": "Foundational",
284
+ "scope": "Both"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Circuit breakers and freshness monitoring protect availability commitments — graceful degradation over silent failure",
289
+ "control_name": "A1.2 — Environmental protections",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "RAG freshness monitoring — alert when index staleness exceeds threshold before misinformation reaches users",
296
+ "control_name": "CC7.2 — Anomaly detection",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Silent RAG degradation identified as availability risk in assessment",
303
+ "control_name": "CC3.2 — Risk assessment",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "PCI DSS v4.0",
309
+ "control_id": "Req 12.3.2",
310
+ "control_name": "Targeted risk analysis",
311
+ "tier": "Foundational",
312
+ "scope": "Both",
313
+ "notes": "Targeted risk analysis for GenAI availability in payment processing — silent failure impact on fraud detection"
314
+ },
315
+ {
316
+ "framework": "PCI DSS v4.0",
317
+ "control_id": "Req 1.3.2",
318
+ "control_name": "Network security",
319
+ "tier": "Foundational",
320
+ "scope": "Both",
321
+ "notes": "Rate limiting protecting availability of CDE-facing LLM endpoints — DoS prevention"
322
+ },
323
+ {
324
+ "framework": "PCI DSS v4.0",
325
+ "control_id": "Req 10.6.1",
326
+ "control_name": "Audit log review",
327
+ "tier": "Foundational",
328
+ "scope": "Both",
329
+ "notes": "Automated monitoring for GenAI pipeline health in CDE — freshness and availability metrics reviewed"
330
+ },
331
+ {
332
+ "framework": "PCI DSS v4.0",
333
+ "control_id": "Req 12.10.1",
334
+ "control_name": "Incident response",
335
+ "tier": "Foundational",
336
+ "scope": "Both",
337
+ "notes": "Incident response procedure covers GenAI pipeline failures affecting payment processing"
338
+ },
339
+ {
340
+ "framework": "ENISA Multilayer Framework",
341
+ "control_id": "L1",
342
+ "control_name": "General ICT — Business Continuity",
343
+ "tier": "Foundational",
344
+ "scope": "Both",
345
+ "notes": "All GenAI critical assets backed up — training data, model weights, embedding stores, RAG corpora subject to backup and recovery testing"
346
+ },
347
+ {
348
+ "framework": "ENISA Multilayer Framework",
349
+ "control_id": "IRS",
350
+ "control_name": "Incident Response",
351
+ "tier": "Foundational",
352
+ "scope": "Both",
353
+ "notes": "AI incident response plan covers availability failures — model rollback procedure, RAG corpus recovery, embedding store restoration"
354
+ },
355
+ {
356
+ "framework": "ENISA Multilayer Framework",
357
+ "control_id": "MON",
358
+ "control_name": "Monitoring and Detection",
359
+ "tier": "Foundational",
360
+ "scope": "Both",
361
+ "notes": "GenAI asset availability monitored — alerts on data store unavailability, model health degradation, pipeline failures"
362
+ },
363
+ {
364
+ "framework": "ENISA Multilayer Framework",
365
+ "control_id": "L2",
366
+ "control_name": "Data and Model Security (DMS)",
367
+ "tier": "Foundational",
368
+ "scope": "Both",
369
+ "notes": "Model weights and training artefacts protected against accidental or malicious deletion — versioned storage, immutable backups"
370
+ },
371
+ {
372
+ "framework": "OWASP SAMM v2.0",
373
+ "control_id": "G-PC",
374
+ "control_name": "Governance / Policy & Compliance",
375
+ "tier": "Foundational",
376
+ "scope": "Both",
377
+ "notes": "Only approved model sources; provenance verification required"
378
+ },
379
+ {
380
+ "framework": "OWASP SAMM v2.0",
381
+ "control_id": "I-SB",
382
+ "control_name": "Implementation / Secure Build",
383
+ "tier": "Foundational",
384
+ "scope": "Both",
385
+ "notes": "SBOM covering base models, adapters, and ML framework dependencies"
386
+ },
387
+ {
388
+ "framework": "OWASP SAMM v2.0",
389
+ "control_id": "V-AA",
390
+ "control_name": "Verification / Architecture Assessment",
391
+ "tier": "Foundational",
392
+ "scope": "Both",
393
+ "notes": "Architecture review validates model sourcing against policy"
394
+ },
395
+ {
396
+ "framework": "OWASP SAMM v2.0",
397
+ "control_id": "D-TA",
398
+ "control_name": "Design / Threat Assessment",
399
+ "tier": "Foundational",
400
+ "scope": "Both",
401
+ "notes": "Model compromise scenarios for base models, adapters, and frameworks"
402
+ },
403
+ {
404
+ "framework": "OWASP SAMM v2.0",
405
+ "control_id": "O-OM",
406
+ "control_name": "Operations / Operational Management",
407
+ "tier": "Foundational",
408
+ "scope": "Both",
409
+ "notes": "Track CVEs and security advisories for all model components"
410
+ },
411
+ {
412
+ "framework": "CWE/CVE",
413
+ "control_id": "CWE-400",
414
+ "control_name": "CWE-400",
415
+ "tier": "Foundational",
416
+ "scope": "Both",
417
+ "url": "https://cwe.mitre.org/data/definitions/400.html"
418
+ },
419
+ {
420
+ "framework": "CWE/CVE",
421
+ "control_id": "CWE-770",
422
+ "control_name": "CWE-770",
423
+ "tier": "Foundational",
424
+ "scope": "Both",
425
+ "url": "https://cwe.mitre.org/data/definitions/770.html"
426
+ },
427
+ {
428
+ "framework": "MAESTRO",
429
+ "control_id": "L4",
430
+ "control_name": "Deployment & Infrastructure",
431
+ "tier": "Foundational",
432
+ "scope": "Both"
433
+ },
434
+ {
435
+ "framework": "MAESTRO",
436
+ "control_id": "L7",
437
+ "control_name": "Agent Ecosystem",
438
+ "tier": "Foundational",
439
+ "scope": "Both"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L5",
444
+ "control_name": "Evaluation & Observability",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "AIUC-1",
450
+ "control_id": "B001",
451
+ "control_name": "Third-party adversarial robustness testing",
452
+ "tier": "Foundational",
453
+ "scope": "Both",
454
+ "notes": "Foundational"
455
+ },
456
+ {
457
+ "framework": "AIUC-1",
458
+ "control_id": "B003",
459
+ "control_name": "Third-party security assessment",
460
+ "tier": "Foundational",
461
+ "scope": "Both",
462
+ "notes": "Hardening"
463
+ },
464
+ {
465
+ "framework": "AIUC-1",
466
+ "control_id": "B008",
467
+ "control_name": "Third-party NHI controls",
468
+ "tier": "Foundational",
469
+ "scope": "Both",
470
+ "notes": "Hardening"
471
+ },
472
+ {
473
+ "framework": "AIUC-1",
474
+ "control_id": "A",
475
+ "control_name": "Data & Privacy domain",
476
+ "tier": "Foundational",
477
+ "scope": "Both",
478
+ "notes": "Foundational"
479
+ },
480
+ {
481
+ "framework": "OWASP NHI Top 10",
482
+ "control_id": "Model provider API keys with excessive access to model versions",
483
+ "control_name": "NHI-3 Vulnerable Third-Party NHI",
484
+ "tier": "Foundational",
485
+ "scope": "Both",
486
+ "notes": "Review and scope all model provider credentials"
487
+ },
488
+ {
489
+ "framework": "OWASP NHI Top 10",
490
+ "control_id": "Same model registry token used across dev/staging/production",
491
+ "control_name": "NHI-8 Environment Isolation Failure",
492
+ "tier": "Foundational",
493
+ "scope": "Both",
494
+ "notes": "Separate credentials per environment"
495
+ },
496
+ {
497
+ "framework": "OWASP NHI Top 10",
498
+ "control_id": "Model provider credentials in pipeline config",
499
+ "control_name": "NHI-2 Secret Leakage",
500
+ "tier": "Foundational",
501
+ "scope": "Both",
502
+ "notes": "Vault all model provider credentials"
503
+ },
504
+ {
505
+ "framework": "NIST SP 800-218A",
506
+ "control_id": "PW.7.2-PS",
507
+ "control_name": "Review for security vulnerabilities — bias and fairness review",
508
+ "tier": "Foundational",
509
+ "scope": "Both",
510
+ "notes": "Include bias, fairness, and discrimination testing in pre-release model behaviour reviews; assess model outputs across protected attributes and demographic groups"
511
+ },
512
+ {
513
+ "framework": "NIST SP 800-218A",
514
+ "control_id": "PW.8.2-PS",
515
+ "control_name": "Test for security vulnerabilities — adversarial fairness testing",
516
+ "tier": "Foundational",
517
+ "scope": "Both",
518
+ "notes": "Conduct adversarial testing for discriminatory outputs; test model behaviour across demographic groups, intersectional categories, and edge cases"
519
+ },
520
+ {
521
+ "framework": "NIST SP 800-218A",
522
+ "control_id": "RV.3.1-PS",
523
+ "control_name": "Analyse root causes — bias source tracing",
524
+ "tier": "Foundational",
525
+ "scope": "Both",
526
+ "notes": "When discriminatory behaviour is identified, conduct root cause analysis tracing bias to specific training data sources, labelling processes, or preprocessing steps"
527
+ },
528
+ {
529
+ "framework": "FedRAMP",
530
+ "control_id": "SI-4",
531
+ "control_name": "System Monitoring — bias detection",
532
+ "tier": "Foundational",
533
+ "scope": "Both",
534
+ "notes": "Monitor AI outputs for bias indicators; track fairness metrics across demographic groups and use cases"
535
+ },
536
+ {
537
+ "framework": "FedRAMP",
538
+ "control_id": "CA-7",
539
+ "control_name": "Continuous Monitoring — fairness monitoring",
540
+ "tier": "Foundational",
541
+ "scope": "Both",
542
+ "notes": "Include bias and fairness metrics in continuous monitoring; track output equity over time"
543
+ },
544
+ {
545
+ "framework": "FedRAMP",
546
+ "control_id": "RA-5",
547
+ "control_name": "Vulnerability Scanning — bias assessment",
548
+ "tier": "Foundational",
549
+ "scope": "Both",
550
+ "notes": "Include bias detection and fairness assessment in vulnerability scanning; test for disparate impact"
551
+ },
552
+ {
553
+ "framework": "DORA",
554
+ "control_id": "Art. 5–7",
555
+ "control_name": "ICT Risk Management — fairness governance",
556
+ "tier": "Foundational",
557
+ "scope": "Both",
558
+ "notes": "Include AI bias and fairness in ICT risk management; define fairness requirements for financial AI systems and acceptable disparity thresholds"
559
+ },
560
+ {
561
+ "framework": "DORA",
562
+ "control_id": "Art. 24–27",
563
+ "control_name": "Resilience Testing — bias testing",
564
+ "tier": "Foundational",
565
+ "scope": "Both",
566
+ "notes": "Include bias detection and fairness testing in resilience testing programme; test for disparate impact in financial AI outputs across demographic groups"
567
+ },
568
+ {
569
+ "framework": "DORA",
570
+ "control_id": "Art. 13",
571
+ "control_name": "Learning and Evolving — fairness improvement",
572
+ "tier": "Foundational",
573
+ "scope": "Both",
574
+ "notes": "Apply lessons learned from bias incidents; update training data, model parameters, and controls based on fairness assessments"
575
+ }
576
+ ],
577
+ "tools": [
578
+ {
579
+ "name": "OpenTelemetry",
580
+ "type": "open-source",
581
+ "url": "https://opentelemetry.io"
582
+ },
583
+ {
584
+ "name": "Resilience4j",
585
+ "type": "open-source",
586
+ "url": "https://resilience4j.readme.io"
587
+ },
588
+ {
589
+ "name": "DVC (Data Version Control)",
590
+ "type": "open-source",
591
+ "url": "https://github.com/iterative/dvc"
592
+ },
593
+ {
594
+ "name": "MLflow",
595
+ "type": "open-source",
596
+ "url": "https://github.com/mlflow/mlflow"
597
+ },
598
+ {
599
+ "name": "Velero",
600
+ "type": "open-source",
601
+ "url": "https://github.com/vmware-tanzu/velero"
602
+ },
603
+ {
604
+ "name": "Chaos Monkey",
605
+ "type": "open-source",
606
+ "url": "https://github.com/Netflix/chaosmonkey"
607
+ },
608
+ {
609
+ "name": "Fairlearn",
610
+ "type": "open-source",
611
+ "url": "https://fairlearn.org"
612
+ },
613
+ {
614
+ "name": "AI Fairness 360",
615
+ "type": "open-source",
616
+ "url": "https://aif360.mybluemix.net"
617
+ },
618
+ {
619
+ "name": "What-If Tool",
620
+ "type": "open-source",
621
+ "url": "https://pair-code.github.io/what-if-tool"
622
+ },
623
+ {
624
+ "name": "Aequitas",
625
+ "type": "open-source",
626
+ "url": "https://github.com/dssg/aequitas"
627
+ },
628
+ {
629
+ "name": "IBM AI Fairness 360",
630
+ "type": "open-source",
631
+ "url": "https://aif360.mybluemix.net"
632
+ },
633
+ {
634
+ "name": "Fiddler AI",
635
+ "type": "commercial",
636
+ "url": "https://www.fiddler.ai"
637
+ },
638
+ {
639
+ "name": "Evidently",
640
+ "url": "https://github.com/evidentlyai/evidently",
641
+ "type": "open-source"
642
+ },
643
+ {
644
+ "name": "WhyLogs",
645
+ "url": "https://github.com/whylabs/whylogs",
646
+ "type": "open-source"
647
+ }
648
+ ],
649
+ "incidents": [
650
+ {
651
+ "name": "Meta Galactica model withdrawn after misinformation at launch",
652
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
653
+ "year": 2022,
654
+ "incident_id": "INC-031"
655
+ },
656
+ {
657
+ "name": "Clearview AI biometric bias — $50M class action settlement",
658
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
659
+ "year": 2025,
660
+ "incident_id": "INC-036"
661
+ },
662
+ {
663
+ "name": "Stability AI synthetic CSAM generation — training data and output safety failures",
664
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
665
+ "year": 2024,
666
+ "incident_id": "INC-049"
667
+ }
668
+ ],
669
+ "crossrefs": {
670
+ "llm_top10": [
671
+ "LLM10",
672
+ "LLM03",
673
+ "LLM04",
674
+ "LLM09"
675
+ ],
676
+ "agentic_top10": [
677
+ "ASI08",
678
+ "ASI07",
679
+ "ASI09"
680
+ ]
681
+ },
682
+ "changelog": [
683
+ {
684
+ "date": "2026-03-27",
685
+ "version": "1.0.0",
686
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
687
+ "author": "emmanuelgjr"
688
+ }
689
+ ]
690
+ }