genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI21.json ADDED
@@ -0,0 +1,881 @@
1
+ {
2
+ "id": "DSGAI21",
3
+ "name": "Disinformation via Data Poisoning",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0045",
23
+ "control_name": "Publish Poisoned Datasets",
24
+ "tier": "Hardening",
25
+ "scope": "Both",
26
+ "notes": "Adversary publishes false content in public repositories, documentation sites, or knowledge bases indexed by RAG systems"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0020",
31
+ "control_name": "Poison Training Data",
32
+ "tier": "Hardening",
33
+ "scope": "Both",
34
+ "notes": "Adversary introduces false content into RAG corpus through ingestion path — no public publication required"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0031",
39
+ "control_name": "Craft Adversarial Data",
40
+ "tier": "Hardening",
41
+ "scope": "Both",
42
+ "notes": "False content crafted to appear authoritative and rank highly in semantic similarity searches"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.7",
47
+ "control_name": "Policies for trustworthy AI",
48
+ "tier": "Hardening",
49
+ "scope": "Both",
50
+ "notes": "Policy on information integrity for AI outputs — source trust verification, cross-verification requirements"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MS-2.5",
55
+ "control_name": "Testing — adversarial",
56
+ "tier": "Hardening",
57
+ "scope": "Both",
58
+ "notes": "Adversarial testing of RAG pipeline integrity — source poisoning and retrieval manipulation scenarios"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-3.3",
63
+ "control_name": "Data quality",
64
+ "tier": "Hardening",
65
+ "scope": "Both",
66
+ "notes": "Data quality controls on all RAG ingestion — provenance, source trust scoring, anomaly detection"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Hardening",
73
+ "scope": "Both",
74
+ "notes": "Response for detected RAG poisoning — source quarantine, index rebuild, output correction"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Training and retrieval data free from errors — source integrity required",
79
+ "control_name": "Art. 10 — Data and data governance",
80
+ "tier": "Hardening",
81
+ "scope": "Both",
82
+ "notes": "RAG corpus integrity controls and source verification are Art. 10 requirements"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "High-risk AI accurate and resilient against adversarial data manipulation",
87
+ "control_name": "Art. 15 — Accuracy, robustness, cybersecurity",
88
+ "tier": "Hardening",
89
+ "scope": "Both",
90
+ "notes": "Source trust scoring and ingestion validation are Art. 15 robustness requirements"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Systemic risk GPAI providers must assess and mitigate risks including disinformation",
95
+ "control_name": "Art. 55(1)(a) — Systemic risk GPAI",
96
+ "tier": "Hardening",
97
+ "scope": "Both",
98
+ "notes": "Disinformation risk assessment and RAG integrity controls are binding Art. 55 obligations"
99
+ },
100
+ {
101
+ "framework": "EU AI Act",
102
+ "control_id": "AI-generated content that could be mistaken as human must be disclosed",
103
+ "control_name": "Art. 50 — Transparency",
104
+ "tier": "Hardening",
105
+ "scope": "Both",
106
+ "notes": "Disinformation risk amplified when users cannot distinguish AI-generated content — Art. 50 applies"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.5.7",
111
+ "control_name": "Threat intelligence",
112
+ "tier": "Hardening",
113
+ "scope": "Both",
114
+ "notes": "Active intelligence on disinformation campaigns and RAG poisoning techniques targeting your sector"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.8.8",
119
+ "control_name": "Management of technical vulnerabilities",
120
+ "tier": "Hardening",
121
+ "scope": "Both",
122
+ "notes": "Vulnerability management extended to cover data integrity vulnerabilities in RAG pipelines"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.27",
127
+ "control_name": "Secure system architecture",
128
+ "tier": "Hardening",
129
+ "scope": "Both",
130
+ "notes": "RAG pipeline designed with source trust verification and integrity controls"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 27001:2022",
134
+ "control_id": "A.8.29",
135
+ "control_name": "Security testing",
136
+ "tier": "Hardening",
137
+ "scope": "Both",
138
+ "notes": "Integrity testing of RAG corpora — anomaly detection, source validation, content verification"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Data — provenance",
143
+ "control_name": "A.7.2",
144
+ "tier": "Hardening",
145
+ "scope": "Both",
146
+ "notes": "Hardening"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Data — quality",
151
+ "control_name": "A.7.3",
152
+ "tier": "Hardening",
153
+ "scope": "Both",
154
+ "notes": "Hardening"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Impact assessment",
159
+ "control_name": "A.5.2",
160
+ "tier": "Hardening",
161
+ "scope": "Both",
162
+ "notes": "Hardening"
163
+ },
164
+ {
165
+ "framework": "ISO/IEC 42001:2023",
166
+ "control_id": "Transparency",
167
+ "control_name": "A.8.1",
168
+ "tier": "Hardening",
169
+ "scope": "Both",
170
+ "notes": "Hardening"
171
+ },
172
+ {
173
+ "framework": "CIS Controls v8.1",
174
+ "control_id": "CIS 7",
175
+ "control_name": "7.1 — Vulnerability management",
176
+ "tier": "Hardening",
177
+ "scope": "Both"
178
+ },
179
+ {
180
+ "framework": "CIS Controls v8.1",
181
+ "control_id": "CIS 16",
182
+ "control_name": "16.11 — Use up-to-date components",
183
+ "tier": "Hardening",
184
+ "scope": "Both"
185
+ },
186
+ {
187
+ "framework": "CIS Controls v8.1",
188
+ "control_id": "CIS 18",
189
+ "control_name": "18.1 — Penetration testing",
190
+ "tier": "Hardening",
191
+ "scope": "Both"
192
+ },
193
+ {
194
+ "framework": "OWASP ASVS 4.0.3",
195
+ "control_id": "V5 Validation",
196
+ "control_name": "V5.1.3 — Server-side input validation",
197
+ "tier": "Hardening",
198
+ "scope": "Both"
199
+ },
200
+ {
201
+ "framework": "OWASP ASVS 4.0.3",
202
+ "control_id": "V11 Business Logic",
203
+ "control_name": "V11.1.4 — Enforce business logic limits",
204
+ "tier": "Hardening",
205
+ "scope": "Both"
206
+ },
207
+ {
208
+ "framework": "ISA/IEC 62443",
209
+ "control_id": "SR 3.3",
210
+ "control_name": "Software and information integrity",
211
+ "tier": "Foundational",
212
+ "scope": "Both",
213
+ "notes": "OT RAG corpus integrity controls — source allowlisting, hash verification, ingestion gates"
214
+ },
215
+ {
216
+ "framework": "ISA/IEC 62443",
217
+ "control_id": "SR 3.7",
218
+ "control_name": "Software and information integrity monitoring",
219
+ "tier": "Foundational",
220
+ "scope": "Both",
221
+ "notes": "Continuous OT RAG corpus monitoring — unauthorised modifications detected before reaching operators"
222
+ },
223
+ {
224
+ "framework": "ISA/IEC 62443",
225
+ "control_id": "SR 6.1",
226
+ "control_name": "Timely response to events",
227
+ "tier": "Foundational",
228
+ "scope": "Both",
229
+ "notes": "OT RAG poisoning treated as Critical security event — source quarantine, index rebuild, process control assessment"
230
+ },
231
+ {
232
+ "framework": "ISA/IEC 62443",
233
+ "control_id": "SR 7.6",
234
+ "control_name": "Denial of service protection",
235
+ "tier": "Foundational",
236
+ "scope": "Both",
237
+ "notes": "Poisoned advisory output blast radius contained — process control fallback if advisory system compromised"
238
+ },
239
+ {
240
+ "framework": "NIST SP 800-82 Rev 3",
241
+ "control_id": "Risk assessment",
242
+ "control_name": "§6.2",
243
+ "tier": "Foundational",
244
+ "scope": "Both",
245
+ "notes": "Provenance as OT data quality and audit risk"
246
+ },
247
+ {
248
+ "framework": "NIST SP 800-82 Rev 3",
249
+ "control_id": "OT security programme",
250
+ "control_name": "§8.2",
251
+ "tier": "Foundational",
252
+ "scope": "Both",
253
+ "notes": "Data lineage as OT governance requirement"
254
+ },
255
+ {
256
+ "framework": "NIST CSF 2.0",
257
+ "control_id": "GV.SC-01",
258
+ "control_name": "Supply Chain Risk Management",
259
+ "tier": "Hardening",
260
+ "scope": "Both",
261
+ "notes": "RAG data source providers treated as suppliers — content integrity requirements in contracts"
262
+ },
263
+ {
264
+ "framework": "NIST CSF 2.0",
265
+ "control_id": "DE.CM-09",
266
+ "control_name": "Continuous Monitoring",
267
+ "tier": "Hardening",
268
+ "scope": "Both",
269
+ "notes": "RAG corpus integrity monitored — anomalous content changes, unusual ingestion patterns detected"
270
+ },
271
+ {
272
+ "framework": "NIST CSF 2.0",
273
+ "control_id": "RS.AN-03",
274
+ "control_name": "Incident Analysis",
275
+ "tier": "Hardening",
276
+ "scope": "Both",
277
+ "notes": "RAG poisoning incidents analysed — affected content identified, operational decisions influenced reviewed"
278
+ },
279
+ {
280
+ "framework": "NIST CSF 2.0",
281
+ "control_id": "PR.DS-01",
282
+ "control_name": "Data Security",
283
+ "tier": "Hardening",
284
+ "scope": "Both",
285
+ "notes": "RAG corpus content integrity protected — hash-based verification, source trust tiering"
286
+ },
287
+ {
288
+ "framework": "SOC 2",
289
+ "control_id": "RAG corpus integrity controls — only accurate, verified content enters the retrieval index",
290
+ "control_name": "PI1.2 — System inputs complete and accurate",
291
+ "tier": "Hardening",
292
+ "scope": "Both"
293
+ },
294
+ {
295
+ "framework": "SOC 2",
296
+ "control_id": "LLM outputs derived from poisoned RAG are a processing integrity failure — detection before delivery",
297
+ "control_name": "PI1.3 — Outputs complete and accurate",
298
+ "tier": "Hardening",
299
+ "scope": "Both"
300
+ },
301
+ {
302
+ "framework": "SOC 2",
303
+ "control_id": "RAG corpus data source providers assessed — content quality, update process, integrity guarantees",
304
+ "control_name": "CC9.1 — Vendor risk",
305
+ "tier": "Hardening",
306
+ "scope": "Both"
307
+ },
308
+ {
309
+ "framework": "SOC 2",
310
+ "control_id": "RAG corpus anomaly detection — unusual content or modifications detected before reaching production",
311
+ "control_name": "CC7.2 — Anomaly detection",
312
+ "tier": "Hardening",
313
+ "scope": "Both"
314
+ },
315
+ {
316
+ "framework": "PCI DSS v4.0",
317
+ "control_id": "Req 6.5.6",
318
+ "control_name": "Secure system changes",
319
+ "tier": "Hardening",
320
+ "scope": "Both",
321
+ "notes": "RAG corpus updates tested for unexpected content — integrity verification before production indexing"
322
+ },
323
+ {
324
+ "framework": "PCI DSS v4.0",
325
+ "control_id": "Req 12.8",
326
+ "control_name": "TPSP programme",
327
+ "tier": "Hardening",
328
+ "scope": "Both",
329
+ "notes": "RAG data source providers as TPSPs — content quality and integrity requirements in agreements"
330
+ },
331
+ {
332
+ "framework": "PCI DSS v4.0",
333
+ "control_id": "Req 10.6.1",
334
+ "control_name": "Audit log review",
335
+ "tier": "Hardening",
336
+ "scope": "Both",
337
+ "notes": "RAG corpus monitoring — anomalous content detected and reviewed as part of Req 10 log analysis"
338
+ },
339
+ {
340
+ "framework": "PCI DSS v4.0",
341
+ "control_id": "Req 11.3.1",
342
+ "control_name": "Penetration testing",
343
+ "tier": "Hardening",
344
+ "scope": "Both",
345
+ "notes": "Adversarial RAG integrity testing for payment advisory systems — false content injection attempts documented"
346
+ },
347
+ {
348
+ "framework": "ENISA Multilayer Framework",
349
+ "control_id": "L2",
350
+ "control_name": "Data and Model Security (DMS)",
351
+ "tier": "Hardening",
352
+ "scope": "Both",
353
+ "notes": "Provenance verification for all fine-tuning corpora — source credibility assessed, integrity verified before ingestion"
354
+ },
355
+ {
356
+ "framework": "ENISA Multilayer Framework",
357
+ "control_id": "L2",
358
+ "control_name": "AI System Integrity (ASI)",
359
+ "tier": "Hardening",
360
+ "scope": "Both",
361
+ "notes": "AI system integrity testing includes factual accuracy validation — model outputs tested against ground truth before deployment"
362
+ },
363
+ {
364
+ "framework": "ENISA Multilayer Framework",
365
+ "control_id": "L2",
366
+ "control_name": "Governance and Risk (GOV)",
367
+ "tier": "Hardening",
368
+ "scope": "Both",
369
+ "notes": "Disinformation risk documented in AI risk register — sector-specific severity assessed for healthcare, finance, critical infrastructure"
370
+ },
371
+ {
372
+ "framework": "ENISA Multilayer Framework",
373
+ "control_id": "L3",
374
+ "control_name": "L3 — Sector-specific",
375
+ "tier": "Hardening",
376
+ "scope": "Both",
377
+ "notes": "For NIS2 essential entities and EU AI Act Annex III deployments — disinformation risk treated as a significant incident category"
378
+ },
379
+ {
380
+ "framework": "OWASP SAMM v2.0",
381
+ "control_id": "G-PC",
382
+ "control_name": "Governance / Policy & Compliance",
383
+ "tier": "Foundational",
384
+ "scope": "Both",
385
+ "notes": "Policy requiring provenance metadata for all GenAI data"
386
+ },
387
+ {
388
+ "framework": "OWASP SAMM v2.0",
389
+ "control_id": "D-SR",
390
+ "control_name": "Design / Security Requirements",
391
+ "tier": "Foundational",
392
+ "scope": "Both",
393
+ "notes": "Provenance metadata built into data pipeline requirements"
394
+ },
395
+ {
396
+ "framework": "OWASP SAMM v2.0",
397
+ "control_id": "O-OM",
398
+ "control_name": "Operations / Operational Management",
399
+ "tier": "Foundational",
400
+ "scope": "Both",
401
+ "notes": "Alert on loss of provenance metadata in data flows"
402
+ },
403
+ {
404
+ "framework": "OWASP SAMM v2.0",
405
+ "control_id": "V-RT",
406
+ "control_name": "Verification / Requirements-Driven Testing",
407
+ "tier": "Foundational",
408
+ "scope": "Both",
409
+ "notes": "Tests verifying provenance metadata is preserved through pipeline"
410
+ },
411
+ {
412
+ "framework": "OWASP SAMM v2.0",
413
+ "control_id": "G-SM",
414
+ "control_name": "Governance / Strategy & Metrics",
415
+ "tier": "Foundational",
416
+ "scope": "Both",
417
+ "notes": "Provenance programme included in data governance roadmap"
418
+ },
419
+ {
420
+ "framework": "CWE/CVE",
421
+ "control_id": "CWE-345",
422
+ "control_name": "CWE-345",
423
+ "tier": "Hardening",
424
+ "scope": "Both",
425
+ "url": "https://cwe.mitre.org/data/definitions/345.html"
426
+ },
427
+ {
428
+ "framework": "CWE/CVE",
429
+ "control_id": "CWE-20",
430
+ "control_name": "CWE-20",
431
+ "tier": "Hardening",
432
+ "scope": "Both",
433
+ "url": "https://cwe.mitre.org/data/definitions/20.html"
434
+ },
435
+ {
436
+ "framework": "MAESTRO",
437
+ "control_id": "L2",
438
+ "control_name": "Data Operations",
439
+ "tier": "Hardening",
440
+ "scope": "Both"
441
+ },
442
+ {
443
+ "framework": "MAESTRO",
444
+ "control_id": "L1",
445
+ "control_name": "Foundation Models",
446
+ "tier": "Hardening",
447
+ "scope": "Both"
448
+ },
449
+ {
450
+ "framework": "MAESTRO",
451
+ "control_id": "L5",
452
+ "control_name": "Evaluation & Observability",
453
+ "tier": "Hardening",
454
+ "scope": "Both"
455
+ },
456
+ {
457
+ "framework": "AIUC-1",
458
+ "control_id": "A",
459
+ "control_name": "Data & Privacy domain",
460
+ "tier": "Foundational",
461
+ "scope": "Both",
462
+ "notes": "Foundational"
463
+ },
464
+ {
465
+ "framework": "AIUC-1",
466
+ "control_id": "E",
467
+ "control_name": "Audit trails and logging",
468
+ "tier": "Foundational",
469
+ "scope": "Both",
470
+ "notes": "Foundational"
471
+ },
472
+ {
473
+ "framework": "AIUC-1",
474
+ "control_id": "Primary DSGAI entries",
475
+ "control_name": "AIUC-1 Domain",
476
+ "tier": "Foundational",
477
+ "scope": "Both",
478
+ "notes": "Status"
479
+ },
480
+ {
481
+ "framework": "AIUC-1",
482
+ "control_id": "DSGAI02, DSGAI03, DSGAI06, DSGAI07, DSGAI08, DSGAI09, DSGAI14, DSGAI15, DSGAI18, DSGAI21",
483
+ "control_name": "A — Data & Privacy",
484
+ "tier": "Foundational",
485
+ "scope": "Both"
486
+ },
487
+ {
488
+ "framework": "AIUC-1",
489
+ "control_id": "DSGAI01, DSGAI04, DSGAI05, DSGAI10, DSGAI12, DSGAI16, DSGAI17",
490
+ "control_name": "B — Security",
491
+ "tier": "Foundational",
492
+ "scope": "Both"
493
+ },
494
+ {
495
+ "framework": "AIUC-1",
496
+ "control_id": "DSGAI05, DSGAI20",
497
+ "control_name": "C — Safety",
498
+ "tier": "Foundational",
499
+ "scope": "Both"
500
+ },
501
+ {
502
+ "framework": "AIUC-1",
503
+ "control_id": "DSGAI12, DSGAI19",
504
+ "control_name": "D — Reliability",
505
+ "tier": "Foundational",
506
+ "scope": "Both"
507
+ },
508
+ {
509
+ "framework": "AIUC-1",
510
+ "control_id": "DSGAI02, DSGAI06, DSGAI09, DSGAI13, DSGAI18, DSGAI20, DSGAI21",
511
+ "control_name": "E — Accountability",
512
+ "tier": "Foundational",
513
+ "scope": "Both"
514
+ },
515
+ {
516
+ "framework": "AIUC-1",
517
+ "control_id": "DSGAI20",
518
+ "control_name": "F — Society",
519
+ "tier": "Foundational",
520
+ "scope": "Both"
521
+ },
522
+ {
523
+ "framework": "AIUC-1",
524
+ "control_id": "Date",
525
+ "control_name": "Version",
526
+ "tier": "Foundational",
527
+ "scope": "Both",
528
+ "notes": "Change"
529
+ },
530
+ {
531
+ "framework": "AIUC-1",
532
+ "control_id": "2026-03-27",
533
+ "control_name": "1.0.0",
534
+ "tier": "Foundational",
535
+ "scope": "Both",
536
+ "notes": "Initial release — full mapping DSGAI01–DSGAI21 to AIUC-1"
537
+ },
538
+ {
539
+ "framework": "OWASP NHI Top 10",
540
+ "control_id": "Machine credentials used for ingestion operations — no individual attribution",
541
+ "control_name": "NHI-10 Human Use of NHI",
542
+ "tier": "Foundational",
543
+ "scope": "Both",
544
+ "notes": "Enforce machine identity per pipeline component; log with component identity"
545
+ },
546
+ {
547
+ "framework": "OWASP NHI Top 10",
548
+ "control_id": "Decommissioned pipeline identities remain in lineage records",
549
+ "control_name": "NHI-1 Improper Offboarding",
550
+ "tier": "Foundational",
551
+ "scope": "Both",
552
+ "notes": "Timely offboarding of pipeline NHIs"
553
+ },
554
+ {
555
+ "framework": "OWASP NHI Top 10",
556
+ "control_id": "Lineage system credentials leaked — provenance records can be tampered",
557
+ "control_name": "NHI-2 Secret Leakage",
558
+ "tier": "Foundational",
559
+ "scope": "Both",
560
+ "notes": "Protect lineage system credentials"
561
+ },
562
+ {
563
+ "framework": "OWASP NHI Top 10",
564
+ "control_id": "DSGAI entries most affected",
565
+ "control_name": "NHI Risk",
566
+ "tier": "Foundational",
567
+ "scope": "Both"
568
+ },
569
+ {
570
+ "framework": "OWASP NHI Top 10",
571
+ "control_id": "DSGAI21",
572
+ "control_name": "NHI-1 Improper Offboarding",
573
+ "tier": "Foundational",
574
+ "scope": "Both"
575
+ },
576
+ {
577
+ "framework": "OWASP NHI Top 10",
578
+ "control_id": "DSGAI03, DSGAI06, DSGAI16",
579
+ "control_name": "NHI-2 Secret Leakage",
580
+ "tier": "Foundational",
581
+ "scope": "Both",
582
+ "notes": "DevSecOps"
583
+ },
584
+ {
585
+ "framework": "OWASP NHI Top 10",
586
+ "control_id": "DSGAI13, DSGAI16, DSGAI17",
587
+ "control_name": "NHI-3 Third-Party NHI",
588
+ "tier": "Foundational",
589
+ "scope": "Both",
590
+ "notes": "Security"
591
+ },
592
+ {
593
+ "framework": "OWASP NHI Top 10",
594
+ "control_id": "DSGAI04, DSGAI08",
595
+ "control_name": "NHI-4 Insecure Authentication",
596
+ "tier": "Foundational",
597
+ "scope": "Both",
598
+ "notes": "Platform"
599
+ },
600
+ {
601
+ "framework": "OWASP NHI Top 10",
602
+ "control_id": "DSGAI02, DSGAI07, DSGAI08, DSGAI09",
603
+ "control_name": "NHI-5 Over-Privileged NHI",
604
+ "tier": "Foundational",
605
+ "scope": "Both"
606
+ },
607
+ {
608
+ "framework": "OWASP NHI Top 10",
609
+ "control_id": "DSGAI02, DSGAI09, DSGAI14",
610
+ "control_name": "NHI-6 Insecure Storage",
611
+ "tier": "Foundational",
612
+ "scope": "Both",
613
+ "notes": "Platform"
614
+ },
615
+ {
616
+ "framework": "OWASP NHI Top 10",
617
+ "control_id": "DSGAI02, DSGAI07, DSGAI09, DSGAI12",
618
+ "control_name": "NHI-7 Long-Lived",
619
+ "tier": "Foundational",
620
+ "scope": "Both"
621
+ },
622
+ {
623
+ "framework": "OWASP NHI Top 10",
624
+ "control_id": "DSGAI16, DSGAI17",
625
+ "control_name": "NHI-8 Env Isolation",
626
+ "tier": "Foundational",
627
+ "scope": "Both",
628
+ "notes": "DevSecOps"
629
+ },
630
+ {
631
+ "framework": "OWASP NHI Top 10",
632
+ "control_id": "DSGAI04, DSGAI07, DSGAI08, DSGAI19",
633
+ "control_name": "NHI-9 NHI Reuse",
634
+ "tier": "Foundational",
635
+ "scope": "Both"
636
+ },
637
+ {
638
+ "framework": "OWASP NHI Top 10",
639
+ "control_id": "DSGAI18, DSGAI20, DSGAI21",
640
+ "control_name": "NHI-10 Human Use",
641
+ "tier": "Foundational",
642
+ "scope": "Both"
643
+ },
644
+ {
645
+ "framework": "OWASP NHI Top 10",
646
+ "control_id": "Date",
647
+ "control_name": "Version",
648
+ "tier": "Foundational",
649
+ "scope": "Both",
650
+ "notes": "Change"
651
+ },
652
+ {
653
+ "framework": "OWASP NHI Top 10",
654
+ "control_id": "2026-03-27",
655
+ "control_name": "1.0.0",
656
+ "tier": "Foundational",
657
+ "scope": "Both",
658
+ "notes": "Initial release — full mapping DSGAI01–DSGAI21 to NHI Top 10"
659
+ },
660
+ {
661
+ "framework": "NIST SP 800-218A",
662
+ "control_id": "PW.1.1-PS",
663
+ "control_name": "Define security requirements — regulatory compliance requirements",
664
+ "tier": "Foundational",
665
+ "scope": "Both",
666
+ "notes": "Define security requirements that mandate compliance with all applicable data protection, privacy, and AI-specific regulations for each AI system deployment"
667
+ },
668
+ {
669
+ "framework": "NIST SP 800-218A",
670
+ "control_id": "PW.2.1-PS",
671
+ "control_name": "Design software — compliance-by-design",
672
+ "tier": "Foundational",
673
+ "scope": "Both",
674
+ "notes": "Design AI systems with regulatory compliance built into architecture; embed compliance controls, audit capabilities, and regulatory reporting into pipeline design"
675
+ },
676
+ {
677
+ "framework": "NIST SP 800-218A",
678
+ "control_id": "RV.3.1-PS",
679
+ "control_name": "Analyse root causes — compliance failure analysis",
680
+ "tier": "Foundational",
681
+ "scope": "Both",
682
+ "notes": "When regulatory non-compliance is identified, conduct root cause analysis to determine the gap, affected data subjects, and required remediation"
683
+ },
684
+ {
685
+ "framework": "FedRAMP",
686
+ "control_id": "PM-9",
687
+ "control_name": "Risk Management Strategy — regulatory compliance",
688
+ "tier": "Foundational",
689
+ "scope": "Both",
690
+ "notes": "Include regulatory compliance in AI risk management; map applicable data laws to AI processing activities and define compliance requirements"
691
+ },
692
+ {
693
+ "framework": "FedRAMP",
694
+ "control_id": "RA-3",
695
+ "control_name": "Risk Assessment — compliance gap analysis",
696
+ "tier": "Foundational",
697
+ "scope": "Both",
698
+ "notes": "Conduct regulatory compliance gap analysis for AI systems; identify areas of non-compliance and define remediation plans"
699
+ },
700
+ {
701
+ "framework": "FedRAMP",
702
+ "control_id": "AU-2",
703
+ "control_name": "Event Logging — regulatory evidence",
704
+ "tier": "Foundational",
705
+ "scope": "Both",
706
+ "notes": "Maintain comprehensive logs for regulatory compliance evidence; ensure audit trails meet requirements of applicable data laws"
707
+ },
708
+ {
709
+ "framework": "FedRAMP",
710
+ "control_id": "AC-3",
711
+ "control_name": "Access Enforcement — legally mandated controls",
712
+ "tier": "Foundational",
713
+ "scope": "Both",
714
+ "notes": "Implement access controls mandated by applicable data laws; enforce data subject rights, purpose limitation, and processing restrictions"
715
+ },
716
+ {
717
+ "framework": "DORA",
718
+ "control_id": "Art. 5–7",
719
+ "control_name": "ICT Risk Management — regulatory compliance governance",
720
+ "tier": "Foundational",
721
+ "scope": "Both",
722
+ "notes": "Include regulatory compliance in ICT risk management; map applicable data laws to AI processing activities; define compliance requirements and accountability"
723
+ },
724
+ {
725
+ "framework": "DORA",
726
+ "control_id": "Art. 17–23",
727
+ "control_name": "ICT Incident Management — compliance incident reporting",
728
+ "tier": "Foundational",
729
+ "scope": "Both",
730
+ "notes": "Classify material regulatory non-compliance events as ICT incidents; report to competent authorities per DORA criteria; coordinate with DPO for GDPR notifications"
731
+ },
732
+ {
733
+ "framework": "DORA",
734
+ "control_id": "Art. 13",
735
+ "control_name": "Learning and Evolving — compliance improvement",
736
+ "tier": "Foundational",
737
+ "scope": "Both",
738
+ "notes": "Apply lessons learned from compliance failures; update controls and processes based on regulatory changes, enforcement actions, and incident analysis"
739
+ },
740
+ {
741
+ "framework": "DORA",
742
+ "control_id": "Art. 8",
743
+ "control_name": "Identification — regulated data mapping",
744
+ "tier": "Foundational",
745
+ "scope": "Both",
746
+ "notes": "Map all AI data subject to regulatory requirements; ensure complete coverage in compliance programme"
747
+ }
748
+ ],
749
+ "tools": [
750
+ {
751
+ "name": "Great Expectations",
752
+ "type": "open-source",
753
+ "url": "https://greatexpectations.io"
754
+ },
755
+ {
756
+ "name": "Deepchecks",
757
+ "type": "open-source",
758
+ "url": "https://deepchecks.com"
759
+ },
760
+ {
761
+ "name": "TruLens",
762
+ "type": "open-source",
763
+ "url": "https://github.com/truera/trulens"
764
+ },
765
+ {
766
+ "name": "CleanLab",
767
+ "type": "open-source",
768
+ "url": "https://github.com/cleanlab/cleanlab"
769
+ },
770
+ {
771
+ "name": "FactScore",
772
+ "type": "open-source",
773
+ "url": "https://github.com/shmsw25/FActScoring"
774
+ },
775
+ {
776
+ "name": "Cleanlab",
777
+ "type": "open-source",
778
+ "url": "https://github.com/cleanlab/cleanlab"
779
+ },
780
+ {
781
+ "name": "RAGAS",
782
+ "type": "open-source",
783
+ "url": "https://github.com/explodinggradients/ragas"
784
+ },
785
+ {
786
+ "name": "OneTrust",
787
+ "type": "commercial",
788
+ "url": "https://www.onetrust.com"
789
+ },
790
+ {
791
+ "name": "TrustArc",
792
+ "type": "commercial",
793
+ "url": "https://trustarc.com"
794
+ },
795
+ {
796
+ "name": "Open Policy Agent",
797
+ "type": "open-source",
798
+ "url": "https://www.openpolicyagent.org"
799
+ },
800
+ {
801
+ "name": "Transcend",
802
+ "type": "commercial",
803
+ "url": "https://transcend.io"
804
+ },
805
+ {
806
+ "name": "ServiceNow GRC",
807
+ "type": "commercial",
808
+ "url": "https://www.servicenow.com"
809
+ }
810
+ ],
811
+ "incidents": [
812
+ {
813
+ "name": "Italy Garante orders ChatGPT GDPR enforcement — consent and data minimization failures",
814
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
815
+ "year": 2025,
816
+ "incident_id": "INC-035"
817
+ },
818
+ {
819
+ "name": "NYT v OpenAI — copyright training data ruling implications",
820
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
821
+ "year": 2025,
822
+ "incident_id": "INC-039"
823
+ },
824
+ {
825
+ "name": "TikTok EU data localization enforcement — Project Clover + EUR 345M GDPR fine",
826
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
827
+ "year": 2023,
828
+ "incident_id": "INC-043"
829
+ },
830
+ {
831
+ "name": "OpenAI ChatGPT data retention GDPR challenge — right to erasure vs model training",
832
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
833
+ "year": 2024,
834
+ "incident_id": "INC-050"
835
+ }
836
+ ],
837
+ "crossrefs": {
838
+ "llm_top10": [
839
+ "LLM04",
840
+ "LLM09",
841
+ "LLM06",
842
+ "LLM07",
843
+ "LLM02"
844
+ ],
845
+ "agentic_top10": [
846
+ "ASI06",
847
+ "ASI09",
848
+ "ASI02"
849
+ ],
850
+ "dsgai_2026": [
851
+ "DSGAI01",
852
+ "DSGAI03",
853
+ "DSGAI07",
854
+ "DSGAI08",
855
+ "DSGAI02",
856
+ "DSGAI06",
857
+ "DSGAI12",
858
+ "DSGAI13",
859
+ "DSGAI04",
860
+ "DSGAI05",
861
+ "DSGAI11",
862
+ "DSGAI18",
863
+ "DSGAI17",
864
+ "DSGAI14",
865
+ "DSGAI15",
866
+ "DSGAI09",
867
+ "DSGAI16",
868
+ "DSGAI10",
869
+ "DSGAI19",
870
+ "DSGAI20"
871
+ ]
872
+ },
873
+ "changelog": [
874
+ {
875
+ "date": "2026-03-27",
876
+ "version": "1.0.0",
877
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
878
+ "author": "emmanuelgjr"
879
+ }
880
+ ]
881
+ }