genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI20.json ADDED
@@ -0,0 +1,671 @@
1
+ {
2
+ "id": "DSGAI20",
3
+ "name": "Model Exfiltration and IP Replication",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0016",
23
+ "control_name": "Extract ML Model",
24
+ "tier": "Hardening",
25
+ "scope": "Both",
26
+ "notes": "Adversary systematically queries model to extract sufficient information to replicate its functionality"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0025",
31
+ "control_name": "Exfiltrate via Cyber Means",
32
+ "tier": "Hardening",
33
+ "scope": "Both",
34
+ "notes": "Query results and model outputs systematically collected and transmitted to adversary infrastructure"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0034",
39
+ "control_name": "Cost Harvesting",
40
+ "tier": "Hardening",
41
+ "scope": "Both",
42
+ "notes": "High-volume model extraction queries consume significant compute resources — financial impact alongside IP theft"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "MP-2.3",
47
+ "control_name": "Risk categorisation",
48
+ "tier": "Hardening",
49
+ "scope": "Both",
50
+ "notes": "Model extraction risks mapped per public-facing deployment — query volume limits, diversity monitoring"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Hardening",
57
+ "scope": "Both",
58
+ "notes": "Model extraction red team exercises — attempt replication using your own API"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.6",
63
+ "control_name": "Testing — data leakage",
64
+ "tier": "Hardening",
65
+ "scope": "Both",
66
+ "notes": "Monitoring for systematic extraction patterns — anomalous query diversity and volume"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Hardening",
73
+ "scope": "Both",
74
+ "notes": "Response for detected model extraction — rate limit tightening, session blocking, forensic capture"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Cybersecurity measures protecting AI system integrity",
79
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
80
+ "tier": "Hardening",
81
+ "scope": "Both",
82
+ "notes": "API rate limiting, output perturbation, and extraction monitoring are Art. 15 requirements"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "GPAI technical documentation includes model architecture and capability details",
87
+ "control_name": "Art. 53(1)(a) — GPAI documentation",
88
+ "tier": "Hardening",
89
+ "scope": "Both",
90
+ "notes": "Technical documentation must be protected — model extraction enables circumvention of documentation obligations"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Post-market monitoring covering security incidents",
95
+ "control_name": "Art. 17 — Quality management",
96
+ "tier": "Hardening",
97
+ "scope": "Both",
98
+ "notes": "Model extraction detection in post-market monitoring programme"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.5.12",
103
+ "control_name": "Classification of information",
104
+ "tier": "Hardening",
105
+ "scope": "Both",
106
+ "notes": "Model weights, architectures, and fine-tuning configurations classified as intellectual property"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.3",
111
+ "control_name": "Information access restriction",
112
+ "tier": "Hardening",
113
+ "scope": "Both",
114
+ "notes": "API rate limiting, query restrictions, and anomaly detection limiting systematic model extraction"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.12",
119
+ "control_name": "Data leakage prevention",
120
+ "tier": "Hardening",
121
+ "scope": "Both",
122
+ "notes": "Monitoring for systematic querying patterns indicative of model extraction attacks"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.5.19",
127
+ "control_name": "Supplier relationships",
128
+ "tier": "Hardening",
129
+ "scope": "Both",
130
+ "notes": "Security requirements for any third-party access to proprietary model capabilities"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Data — model artefacts",
135
+ "control_name": "A.7.3",
136
+ "tier": "Hardening",
137
+ "scope": "Both",
138
+ "notes": "Hardening"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — design",
143
+ "control_name": "A.6.1.2",
144
+ "tier": "Hardening",
145
+ "scope": "Both",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Lifecycle — testing",
151
+ "control_name": "A.6.2.6",
152
+ "tier": "Hardening",
153
+ "scope": "Both",
154
+ "notes": "Advanced"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Planning — risk",
159
+ "control_name": "Cl.6.1",
160
+ "tier": "Hardening",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 6",
167
+ "control_name": "6.2 — Allowlist authorised access",
168
+ "tier": "Hardening",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 8",
174
+ "control_name": "8.6 — Collect DNS query audit logs",
175
+ "tier": "Hardening",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 18",
181
+ "control_name": "18.1 — Penetration testing",
182
+ "tier": "Hardening",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V4 Access Control",
188
+ "control_name": "V4.1.1 — Access control per request",
189
+ "tier": "Hardening",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V8 Data Protection",
195
+ "control_name": "V8.1.4 — Data minimisation in responses",
196
+ "tier": "Hardening",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V10 Malicious Code",
202
+ "control_name": "V10.2.2 — Component integrity checking",
203
+ "tier": "Hardening",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "SR 4.1",
209
+ "control_name": "Data confidentiality",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "OT GenAI model APIs rate-limited — systematic extraction requires high query volumes, rate limiting raises cost"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "SR 1.2",
217
+ "control_name": "Human user authentication",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "Authentication on all OT GenAI model inference APIs — unauthenticated systematic querying blocked"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 6.6",
225
+ "control_name": "Timely response to events",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Model extraction patterns detected — unusual query diversity alerted as potential AML.T0016"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "Risk assessment",
233
+ "control_name": "§6.2",
234
+ "tier": "Foundational",
235
+ "scope": "Both",
236
+ "notes": "Regulatory compliance as OT risk scenario"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "OT security programme",
241
+ "control_name": "§8.2",
242
+ "tier": "Foundational",
243
+ "scope": "Both",
244
+ "notes": "Compliance programme for OT GenAI deployments"
245
+ },
246
+ {
247
+ "framework": "NIST CSF 2.0",
248
+ "control_id": "PR.AA-05",
249
+ "control_name": "Identity Management, Authentication & Access Control",
250
+ "tier": "Hardening",
251
+ "scope": "Both",
252
+ "notes": "API rate limiting as access control — systematic extraction requires high query volumes"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "DE.CM-01",
257
+ "control_name": "Continuous Monitoring",
258
+ "tier": "Hardening",
259
+ "scope": "Both",
260
+ "notes": "Production API monitoring — unusual query diversity and volume indicative of extraction alerted"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "DE.CM-09",
265
+ "control_name": "Continuous Monitoring",
266
+ "tier": "Hardening",
267
+ "scope": "Both",
268
+ "notes": "Monitoring for extraction behaviour — systematic output space coverage pattern detected"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "ID.RA-01",
273
+ "control_name": "Risk Assessment",
274
+ "tier": "Hardening",
275
+ "scope": "Both",
276
+ "notes": "Model extraction risk documented — IP exposure, CHD reconstruction potential assessed"
277
+ },
278
+ {
279
+ "framework": "SOC 2",
280
+ "control_id": "Proprietary model artifacts classified as confidential — access controls, rate limiting, extraction detection",
281
+ "control_name": "C2.1 — Confidential information protection",
282
+ "tier": "Hardening",
283
+ "scope": "Both"
284
+ },
285
+ {
286
+ "framework": "SOC 2",
287
+ "control_id": "API rate limiting as access control limiting systematic model extraction",
288
+ "control_name": "CC6.1 — Logical access",
289
+ "tier": "Hardening",
290
+ "scope": "Both"
291
+ },
292
+ {
293
+ "framework": "SOC 2",
294
+ "control_id": "Model extraction pattern monitoring — unusual query diversity and volume detected",
295
+ "control_name": "CC7.2 — Anomaly detection",
296
+ "tier": "Hardening",
297
+ "scope": "Both"
298
+ },
299
+ {
300
+ "framework": "SOC 2",
301
+ "control_id": "Model extraction risks identified in risk assessment — extraction vectors, IP exposure assessed",
302
+ "control_name": "CC3.2 — Risk assessment",
303
+ "tier": "Hardening",
304
+ "scope": "Both"
305
+ },
306
+ {
307
+ "framework": "PCI DSS v4.0",
308
+ "control_id": "Req 7.2.1",
309
+ "control_name": "Restrict access",
310
+ "tier": "Hardening",
311
+ "scope": "Both",
312
+ "notes": "API rate limiting as access control — systematic model extraction requires high query volumes"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 6.4.1",
317
+ "control_name": "Public-facing application protection",
318
+ "tier": "Hardening",
319
+ "scope": "Both",
320
+ "notes": "Model extraction pattern detection as application protection — systematic API abuse detected"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 10.6.1",
325
+ "control_name": "Audit log review",
326
+ "tier": "Hardening",
327
+ "scope": "Both",
328
+ "notes": "Automated monitoring for extraction patterns — unusual query diversity alerted"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 12.3.2",
333
+ "control_name": "Targeted risk analysis",
334
+ "tier": "Hardening",
335
+ "scope": "Both",
336
+ "notes": "Targeted risk analysis for model extraction — IP exposure, CHD reconstruction potential assessed"
337
+ },
338
+ {
339
+ "framework": "ENISA Multilayer Framework",
340
+ "control_id": "L2",
341
+ "control_name": "Data and Model Security (DMS)",
342
+ "tier": "Hardening",
343
+ "scope": "Both",
344
+ "notes": "Model weights and training artefacts protected as high-value IP — access controls, encryption, and exfiltration monitoring"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "L2",
349
+ "control_name": "AI System Integrity (ASI)",
350
+ "tier": "Hardening",
351
+ "scope": "Both",
352
+ "notes": "Output restrictions, query rate limiting, and watermarking applied as ASI model extraction defences"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "L2",
357
+ "control_name": "Monitoring and Detection (MON)",
358
+ "tier": "Hardening",
359
+ "scope": "Both",
360
+ "notes": "API query patterns monitored for model extraction signatures — systematic, high-volume queries from single sources"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "L2",
365
+ "control_name": "Supply Chain Security (SCS)",
366
+ "tier": "Hardening",
367
+ "scope": "Both",
368
+ "notes": "Model weights protected throughout distribution — signed artefacts, access-controlled distribution channels"
369
+ },
370
+ {
371
+ "framework": "OWASP SAMM v2.0",
372
+ "control_id": "G-PC",
373
+ "control_name": "Governance / Policy & Compliance",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "Mapped regulatory obligations for all applicable jurisdictions"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "G-SM",
381
+ "control_name": "Governance / Strategy & Metrics",
382
+ "tier": "Foundational",
383
+ "scope": "Both",
384
+ "notes": "Compliance KPIs tracked and reported to leadership"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "D-SR",
389
+ "control_name": "Design / Security Requirements",
390
+ "tier": "Foundational",
391
+ "scope": "Both",
392
+ "notes": "Regulatory obligations surfaced as design requirements for all data flows"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "O-OM",
397
+ "control_name": "Operations / Operational Management",
398
+ "tier": "Foundational",
399
+ "scope": "Both",
400
+ "notes": "Continuous monitoring for regulatory control effectiveness"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "G-EG",
405
+ "control_name": "Governance / Education & Guidance",
406
+ "tier": "Foundational",
407
+ "scope": "Both",
408
+ "notes": "All staff handling regulated data understand applicable obligations"
409
+ },
410
+ {
411
+ "framework": "CWE/CVE",
412
+ "control_id": "CWE-284",
413
+ "control_name": "CWE-284",
414
+ "tier": "Hardening",
415
+ "scope": "Both",
416
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-201",
421
+ "control_name": "CWE-201",
422
+ "tier": "Hardening",
423
+ "scope": "Both",
424
+ "url": "https://cwe.mitre.org/data/definitions/201.html"
425
+ },
426
+ {
427
+ "framework": "MAESTRO",
428
+ "control_id": "L1",
429
+ "control_name": "Foundation Models",
430
+ "tier": "Hardening",
431
+ "scope": "Both"
432
+ },
433
+ {
434
+ "framework": "MAESTRO",
435
+ "control_id": "L5",
436
+ "control_name": "Evaluation & Observability",
437
+ "tier": "Hardening",
438
+ "scope": "Both"
439
+ },
440
+ {
441
+ "framework": "MAESTRO",
442
+ "control_id": "L6",
443
+ "control_name": "Security & Compliance",
444
+ "tier": "Hardening",
445
+ "scope": "Both"
446
+ },
447
+ {
448
+ "framework": "AIUC-1",
449
+ "control_id": "A",
450
+ "control_name": "Data & Privacy domain",
451
+ "tier": "Foundational",
452
+ "scope": "Both",
453
+ "notes": "Foundational"
454
+ },
455
+ {
456
+ "framework": "AIUC-1",
457
+ "control_id": "C",
458
+ "control_name": "Safety domain",
459
+ "tier": "Foundational",
460
+ "scope": "Both",
461
+ "notes": "Foundational"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "E",
466
+ "control_name": "Accountability domain",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "notes": "Foundational"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "F",
474
+ "control_name": "Society domain",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Foundational"
478
+ },
479
+ {
480
+ "framework": "OWASP NHI Top 10",
481
+ "control_id": "Humans using machine credentials — no attribution for compliance evidence",
482
+ "control_name": "NHI-10 Human Use of NHI",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Enforce human identity for all regulated data operations"
486
+ },
487
+ {
488
+ "framework": "OWASP NHI Top 10",
489
+ "control_id": "Compliance audit credentials leaked — tampering with evidence possible",
490
+ "control_name": "NHI-2 Secret Leakage",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Protect audit credential integrity"
494
+ },
495
+ {
496
+ "framework": "NIST SP 800-218A",
497
+ "control_id": "PW.1.1-PS",
498
+ "control_name": "Define security requirements — data localization requirements",
499
+ "tier": "Foundational",
500
+ "scope": "Both",
501
+ "notes": "Define security requirements mandating compliance with data localization laws for all AI pipeline data; document jurisdictional restrictions for each dataset"
502
+ },
503
+ {
504
+ "framework": "NIST SP 800-218A",
505
+ "control_id": "PS.1.1-PS",
506
+ "control_name": "Protect all code from unauthorised access — jurisdictional access controls",
507
+ "tier": "Foundational",
508
+ "scope": "Both",
509
+ "notes": "Implement access controls that enforce data localization boundaries; prevent data transfer or processing outside authorised jurisdictions"
510
+ },
511
+ {
512
+ "framework": "NIST SP 800-218A",
513
+ "control_id": "PS.3.1-PS",
514
+ "control_name": "Archive and protect software releases — jurisdiction-aware artefact management",
515
+ "tier": "Foundational",
516
+ "scope": "Both",
517
+ "notes": "Maintain jurisdiction metadata on all data and model artefacts; enable verification that training and serving comply with localization requirements"
518
+ },
519
+ {
520
+ "framework": "FedRAMP",
521
+ "control_id": "SC-7",
522
+ "control_name": "Boundary Protection — data flow enforcement",
523
+ "tier": "Foundational",
524
+ "scope": "Both",
525
+ "notes": "Enforce data flow controls preventing AI data from crossing jurisdictional boundaries; restrict to approved data centres and regions"
526
+ },
527
+ {
528
+ "framework": "FedRAMP",
529
+ "control_id": "PM-9",
530
+ "control_name": "Risk Management Strategy — localisation governance",
531
+ "tier": "Foundational",
532
+ "scope": "Both",
533
+ "notes": "Include data localisation in AI risk management; define data residency requirements per jurisdiction and data type"
534
+ },
535
+ {
536
+ "framework": "FedRAMP",
537
+ "control_id": "CM-3",
538
+ "control_name": "Configuration Change Control — data location management",
539
+ "tier": "Foundational",
540
+ "scope": "Both",
541
+ "notes": "Maintain documentation of AI data storage locations; require change control for data location modifications"
542
+ },
543
+ {
544
+ "framework": "DORA",
545
+ "control_id": "Art. 5–7",
546
+ "control_name": "ICT Risk Management — localisation governance",
547
+ "tier": "Foundational",
548
+ "scope": "Both",
549
+ "notes": "Include data localisation in ICT risk management; define residency requirements per jurisdiction and data type for AI systems"
550
+ },
551
+ {
552
+ "framework": "DORA",
553
+ "control_id": "Art. 28–44",
554
+ "control_name": "Third-Party Risk — cross-border data oversight",
555
+ "tier": "Foundational",
556
+ "scope": "Both",
557
+ "notes": "Address data localisation in third-party agreements; verify provider data processing locations meet residency requirements; monitor for unauthorised cross-border transfers"
558
+ },
559
+ {
560
+ "framework": "DORA",
561
+ "control_id": "Art. 8",
562
+ "control_name": "Identification — data location mapping",
563
+ "tier": "Foundational",
564
+ "scope": "Both",
565
+ "notes": "Map physical and logical locations of all AI data; document processing jurisdictions for training, inference, and storage"
566
+ }
567
+ ],
568
+ "tools": [
569
+ {
570
+ "name": "LiteLLM",
571
+ "type": "open-source",
572
+ "url": "https://github.com/BerriAI/litellm"
573
+ },
574
+ {
575
+ "name": "Fiddler AI",
576
+ "type": "commercial",
577
+ "url": "https://www.fiddler.ai"
578
+ },
579
+ {
580
+ "name": "Watermarking via Watermark-Anything",
581
+ "type": "open-source",
582
+ "url": "https://github.com/facebookresearch/watermark-anything"
583
+ },
584
+ {
585
+ "name": "ModelScan",
586
+ "type": "open-source",
587
+ "url": "https://github.com/protectai/modelscan"
588
+ },
589
+ {
590
+ "name": "Knockoff Nets detection",
591
+ "type": "open-source",
592
+ "url": "https://arxiv.org/abs/1812.02766"
593
+ },
594
+ {
595
+ "name": "Garak",
596
+ "type": "open-source",
597
+ "url": "https://github.com/leondz/garak"
598
+ },
599
+ {
600
+ "name": "ART (Adversarial Robustness Toolbox)",
601
+ "type": "open-source",
602
+ "url": "https://github.com/Trusted-AI/adversarial-robustness-toolbox"
603
+ },
604
+ {
605
+ "name": "Azure Policy",
606
+ "type": "commercial",
607
+ "url": "https://azure.microsoft.com/en-us/products/azure-policy"
608
+ },
609
+ {
610
+ "name": "AWS Config",
611
+ "type": "commercial",
612
+ "url": "https://aws.amazon.com/config/"
613
+ },
614
+ {
615
+ "name": "Open Policy Agent",
616
+ "type": "open-source",
617
+ "url": "https://www.openpolicyagent.org"
618
+ },
619
+ {
620
+ "name": "Privacera",
621
+ "type": "commercial",
622
+ "url": "https://privacera.com"
623
+ },
624
+ {
625
+ "name": "AWS Region Controls / Azure Policy",
626
+ "type": "commercial",
627
+ "url": "https://aws.amazon.com/compliance/data-residency/"
628
+ },
629
+ {
630
+ "name": "Netskope",
631
+ "type": "commercial",
632
+ "url": "https://www.netskope.com"
633
+ },
634
+ {
635
+ "name": "OneTrust",
636
+ "type": "commercial",
637
+ "url": "https://www.onetrust.com"
638
+ }
639
+ ],
640
+ "incidents": [
641
+ {
642
+ "name": "TikTok EU data localization enforcement — Project Clover + EUR 345M GDPR fine",
643
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
644
+ "year": 2023,
645
+ "incident_id": "INC-043"
646
+ }
647
+ ],
648
+ "crossrefs": {
649
+ "llm_top10": [
650
+ "LLM02",
651
+ "LLM04",
652
+ "LLM07",
653
+ "LLM05"
654
+ ],
655
+ "dsgai_2026": [
656
+ "DSGAI18",
657
+ "DSGAI04"
658
+ ],
659
+ "agentic_top10": [
660
+ "ASI04"
661
+ ]
662
+ },
663
+ "changelog": [
664
+ {
665
+ "date": "2026-03-27",
666
+ "version": "1.0.0",
667
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
668
+ "author": "emmanuelgjr"
669
+ }
670
+ ]
671
+ }