genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/LLM09.json ADDED
@@ -0,0 +1,760 @@
1
+ {
2
+ "id": "LLM09",
3
+ "name": "Misinformation",
4
+ "source_list": "LLM-Top10-2025",
5
+ "version": "2026-Q1",
6
+ "severity": "Medium",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "developer",
12
+ "ml-engineer",
13
+ "ot-engineer",
14
+ "ciso",
15
+ "compliance",
16
+ "auditor"
17
+ ],
18
+ "mappings": [
19
+ {
20
+ "framework": "MITRE ATLAS",
21
+ "control_id": "AML.T0045",
22
+ "control_name": "Disinformation",
23
+ "tier": "Foundational",
24
+ "scope": "Both",
25
+ "url": "https://atlas.mitre.org/techniques/AML.T0045",
26
+ "notes": "Using AI-generated content to deliberately spread false information"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0047",
31
+ "control_name": "Influence via Automated Content",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "url": "https://atlas.mitre.org/techniques/AML.T0047",
35
+ "notes": "Generating high-volume automated content to shape perception or overwhelm fact-checking"
36
+ },
37
+ {
38
+ "framework": "NIST AI RMF 1.0",
39
+ "control_id": "GV-1.7",
40
+ "control_name": "Policies for trustworthy AI",
41
+ "tier": "Foundational",
42
+ "scope": "Both",
43
+ "notes": "Organisational policy on AI-generated content accuracy and human oversight requirements"
44
+ },
45
+ {
46
+ "framework": "NIST AI RMF 1.0",
47
+ "control_id": "MS-2.6",
48
+ "control_name": "Testing — output quality",
49
+ "tier": "Foundational",
50
+ "scope": "Both",
51
+ "notes": "Accuracy and hallucination testing included in AI evaluation programme"
52
+ },
53
+ {
54
+ "framework": "NIST AI RMF 1.0",
55
+ "control_id": "MS-4.1",
56
+ "control_name": "Feedback mechanisms",
57
+ "tier": "Foundational",
58
+ "scope": "Both",
59
+ "notes": "Feedback channels for detecting and tracking misinformation in production"
60
+ },
61
+ {
62
+ "framework": "NIST AI RMF 1.0",
63
+ "control_id": "MG-2.4",
64
+ "control_name": "Risk response — data",
65
+ "tier": "Foundational",
66
+ "scope": "Both",
67
+ "notes": "Procedures for responding to detected misinformation incidents"
68
+ },
69
+ {
70
+ "framework": "EU AI Act",
71
+ "control_id": "High-risk AI system information must include accuracy metrics and known limitations",
72
+ "control_name": "Art. 13 — Transparency",
73
+ "tier": "Foundational",
74
+ "scope": "Both",
75
+ "notes": "Hallucination rates and accuracy limitations must be disclosed to deployers and users"
76
+ },
77
+ {
78
+ "framework": "EU AI Act",
79
+ "control_id": "AI-generated content must be marked as such — chatbots must disclose AI nature",
80
+ "control_name": "Art. 50 — Transparency for certain AI systems",
81
+ "tier": "Foundational",
82
+ "scope": "Both",
83
+ "notes": "Mandatory AI disclosure prevents users from treating hallucinated content as authoritative human output"
84
+ },
85
+ {
86
+ "framework": "EU AI Act",
87
+ "control_id": "Systemic risk GPAI providers must assess and mitigate risks including disinformation",
88
+ "control_name": "Art. 55(1)(a) — Systemic risk GPAI",
89
+ "tier": "Foundational",
90
+ "scope": "Both",
91
+ "notes": "Misinformation risk assessment and mitigation is a binding obligation for systemic risk models"
92
+ },
93
+ {
94
+ "framework": "ISO/IEC 27001:2022",
95
+ "control_id": "A.8.16",
96
+ "control_name": "Monitoring activities",
97
+ "tier": "Foundational",
98
+ "scope": "Both",
99
+ "notes": "Production monitoring for output accuracy — hallucination rate tracking, anomaly detection on model drift"
100
+ },
101
+ {
102
+ "framework": "ISO/IEC 27001:2022",
103
+ "control_id": "A.5.7",
104
+ "control_name": "Threat intelligence",
105
+ "tier": "Foundational",
106
+ "scope": "Both",
107
+ "notes": "Intelligence on disinformation campaigns and active manipulation of RAG sources"
108
+ },
109
+ {
110
+ "framework": "ISO/IEC 27001:2022",
111
+ "control_id": "A.6.3",
112
+ "control_name": "Information security awareness training",
113
+ "tier": "Foundational",
114
+ "scope": "Both",
115
+ "notes": "User training on LLM output limitations — verification requirements and critical evaluation"
116
+ },
117
+ {
118
+ "framework": "ISO/IEC 27001:2022",
119
+ "control_id": "A.5.36",
120
+ "control_name": "Compliance with policies",
121
+ "tier": "Foundational",
122
+ "scope": "Both",
123
+ "notes": "Policy on AI-generated content accuracy — disclosure requirements, human verification thresholds"
124
+ },
125
+ {
126
+ "framework": "ISO/IEC 42001:2023",
127
+ "control_id": "A.5.2",
128
+ "control_name": "Impact assessment",
129
+ "tier": "Foundational",
130
+ "scope": "Both",
131
+ "notes": "AI impact assessment covers misinformation risk — which domains are affected, what is the consequence of incorrect output per stakeholder"
132
+ },
133
+ {
134
+ "framework": "ISO/IEC 42001:2023",
135
+ "control_id": "A.6.2.8",
136
+ "control_name": "Monitoring of AI systems",
137
+ "tier": "Foundational",
138
+ "scope": "Both",
139
+ "notes": "Production monitoring for accuracy degradation — hallucination rates tracked as AIMS operational monitoring"
140
+ },
141
+ {
142
+ "framework": "ISO/IEC 42001:2023",
143
+ "control_id": "A.8.1",
144
+ "control_name": "Information for interested parties",
145
+ "tier": "Foundational",
146
+ "scope": "Both",
147
+ "notes": "Transparency about AI system limitations — users informed of advisory status, accuracy limitations, verification requirements"
148
+ },
149
+ {
150
+ "framework": "ISO/IEC 42001:2023",
151
+ "control_id": "A.9.1",
152
+ "control_name": "Use of AI systems",
153
+ "tier": "Foundational",
154
+ "scope": "Both",
155
+ "notes": "Guidance on appropriate AI system use — domains requiring human verification documented as AIMS use guidance"
156
+ },
157
+ {
158
+ "framework": "CIS Controls v8.1",
159
+ "control_id": "14.1 Establish security awareness programme",
160
+ "control_name": "CIS 14 — Security Awareness",
161
+ "tier": "Foundational",
162
+ "scope": "Both",
163
+ "notes": "User training on LLM output limitations — verification requirements and critical evaluation"
164
+ },
165
+ {
166
+ "framework": "CIS Controls v8.1",
167
+ "control_id": "17.1 Designate personnel for incident response",
168
+ "control_name": "CIS 17 — Incident Response",
169
+ "tier": "Foundational",
170
+ "scope": "Both",
171
+ "notes": "Defined response for LLM misinformation incidents — correction, notification, root cause"
172
+ },
173
+ {
174
+ "framework": "CIS Controls v8.1",
175
+ "control_id": "3.1 Establish data management process",
176
+ "control_name": "CIS 3 — Data Protection",
177
+ "tier": "Foundational",
178
+ "scope": "Both",
179
+ "notes": "RAG data governance — quality and freshness controls on retrieval sources"
180
+ },
181
+ {
182
+ "framework": "OWASP ASVS 4.0.3",
183
+ "control_id": "V11.1.1",
184
+ "control_name": "Verify business logic assumptions documented",
185
+ "tier": "Foundational",
186
+ "scope": "Both",
187
+ "notes": "LLM accuracy limitations documented as business logic assumptions — verification requirements defined"
188
+ },
189
+ {
190
+ "framework": "OWASP ASVS 4.0.3",
191
+ "control_id": "V7.4.1",
192
+ "control_name": "Verify all security controls logged",
193
+ "tier": "Foundational",
194
+ "scope": "Both",
195
+ "notes": "LLM accuracy metrics and hallucination rate logged — production monitoring for output quality"
196
+ },
197
+ {
198
+ "framework": "OWASP ASVS 4.0.3",
199
+ "control_id": "V5.2.1",
200
+ "control_name": "Verify outputs encoded before rendering",
201
+ "tier": "Foundational",
202
+ "scope": "Both",
203
+ "notes": "LLM advisory outputs clearly labelled — users cannot mistake model output for authoritative source"
204
+ },
205
+ {
206
+ "framework": "ISA/IEC 62443",
207
+ "control_id": "SR 3.1",
208
+ "control_name": "Software and information integrity",
209
+ "tier": "Foundational",
210
+ "scope": "Both",
211
+ "notes": "LLM outputs for safety-relevant guidance cross-validated against authoritative sources"
212
+ },
213
+ {
214
+ "framework": "ISA/IEC 62443",
215
+ "control_id": "SR 6.2",
216
+ "control_name": "Timely response to events",
217
+ "tier": "Foundational",
218
+ "scope": "Both",
219
+ "notes": "Procedures for detecting and responding to LLM misinformation incidents"
220
+ },
221
+ {
222
+ "framework": "ISA/IEC 62443",
223
+ "control_id": "SR 2.3",
224
+ "control_name": "Use control",
225
+ "tier": "Foundational",
226
+ "scope": "Both",
227
+ "notes": "LLM advisory outputs clearly distinguished from authoritative procedural documentation"
228
+ },
229
+ {
230
+ "framework": "NIST SP 800-82 Rev 3",
231
+ "control_id": "Attacks degrading the reliability of OT decision-support",
232
+ "control_name": "Section 5.3 — Integrity threats",
233
+ "tier": "Foundational",
234
+ "scope": "Both",
235
+ "notes": "LLM misinformation as an integrity attack on operator decision-making"
236
+ },
237
+ {
238
+ "framework": "NIST SP 800-82 Rev 3",
239
+ "control_id": "Assess reliability of OT advisory systems",
240
+ "control_name": "Section 6.2 — Risk assessment",
241
+ "tier": "Foundational",
242
+ "scope": "Both",
243
+ "notes": "LLM accuracy limitations assessed in OT risk assessment per use case"
244
+ },
245
+ {
246
+ "framework": "NIST SP 800-82 Rev 3",
247
+ "control_id": "OT security awareness and training",
248
+ "control_name": "Section 8.2 — Training",
249
+ "tier": "Foundational",
250
+ "scope": "Both",
251
+ "notes": "Operator training on LLM limitations and verification requirements"
252
+ },
253
+ {
254
+ "framework": "NIST SP 800-82 Rev 3",
255
+ "control_id": "Title",
256
+ "control_name": "Control",
257
+ "tier": "Foundational",
258
+ "scope": "Both",
259
+ "notes": "Application"
260
+ },
261
+ {
262
+ "framework": "NIST SP 800-82 Rev 3",
263
+ "control_id": "Malicious Code Protection",
264
+ "control_name": "SI-3",
265
+ "tier": "Foundational",
266
+ "scope": "Both",
267
+ "notes": "Analogy: LLM misinformation detection controls as an integrity assurance layer on advisory outputs"
268
+ },
269
+ {
270
+ "framework": "NIST SP 800-82 Rev 3",
271
+ "control_id": "Access Enforcement",
272
+ "control_name": "AC-3",
273
+ "tier": "Foundational",
274
+ "scope": "Both",
275
+ "notes": "LLM advisory outputs restricted to defined advisory roles — never authoritative source for safety-critical procedures"
276
+ },
277
+ {
278
+ "framework": "NIST SP 800-82 Rev 3",
279
+ "control_id": "Role-Based Training",
280
+ "control_name": "AT-3",
281
+ "tier": "Foundational",
282
+ "scope": "Both",
283
+ "notes": "Operator training on LLM advisory limitations — mandatory for all operators using LLM decision-support tools"
284
+ },
285
+ {
286
+ "framework": "NIST CSF 2.0",
287
+ "control_id": "GV.OC-01",
288
+ "control_name": "Organisational Context",
289
+ "tier": "Foundational",
290
+ "scope": "Both",
291
+ "notes": "Acceptable use policy defines which LLM outputs require verification — high-stakes domains identified"
292
+ },
293
+ {
294
+ "framework": "NIST CSF 2.0",
295
+ "control_id": "DE.CM-09",
296
+ "control_name": "Continuous Monitoring",
297
+ "tier": "Foundational",
298
+ "scope": "Both",
299
+ "notes": "Production monitoring for accuracy degradation — hallucination rates tracked per domain"
300
+ },
301
+ {
302
+ "framework": "NIST CSF 2.0",
303
+ "control_id": "ID.RA-01",
304
+ "control_name": "Risk Assessment",
305
+ "tier": "Foundational",
306
+ "scope": "Both",
307
+ "notes": "LLM misinformation risk assessed per use case — what decisions are influenced, what is the consequence"
308
+ },
309
+ {
310
+ "framework": "NIST CSF 2.0",
311
+ "control_id": "PR.AT-01",
312
+ "control_name": "Awareness and Training",
313
+ "tier": "Foundational",
314
+ "scope": "Both",
315
+ "notes": "Users trained on LLM output limitations — verification requirements for each use case"
316
+ },
317
+ {
318
+ "framework": "SOC 2",
319
+ "control_id": "Policy on LLM output accuracy — acceptable accuracy thresholds, verification requirements for high-stakes use cases",
320
+ "control_name": "PI1.1 — Processing integrity policy",
321
+ "tier": "Foundational",
322
+ "scope": "Both"
323
+ },
324
+ {
325
+ "framework": "SOC 2",
326
+ "control_id": "LLM inputs (RAG sources, training data) quality controls — authoritative, current, verified sources",
327
+ "control_name": "PI1.2 — System inputs are complete and accurate",
328
+ "tier": "Foundational",
329
+ "scope": "Both"
330
+ },
331
+ {
332
+ "framework": "SOC 2",
333
+ "control_id": "Misinformation risk identified in LLM risk assessment — harm potential of incorrect outputs per use case",
334
+ "control_name": "CC3.2 — Risk assessment",
335
+ "tier": "Foundational",
336
+ "scope": "Both"
337
+ },
338
+ {
339
+ "framework": "SOC 2",
340
+ "control_id": "Production monitoring for accuracy degradation and hallucination patterns — drift detection",
341
+ "control_name": "CC7.2 — Anomaly detection",
342
+ "tier": "Foundational",
343
+ "scope": "Both"
344
+ },
345
+ {
346
+ "framework": "PCI DSS v4.0",
347
+ "control_id": "Req 12.3.2",
348
+ "control_name": "Targeted risk analysis",
349
+ "tier": "Foundational",
350
+ "scope": "Both",
351
+ "notes": "Targeted risk analysis for LLM advisory outputs in payment context — what decisions are influenced, what is the consequence of incorrect output"
352
+ },
353
+ {
354
+ "framework": "PCI DSS v4.0",
355
+ "control_id": "Req 6.2",
356
+ "control_name": "Bespoke software security",
357
+ "tier": "Foundational",
358
+ "scope": "Both",
359
+ "notes": "LLM integration code specifies accuracy requirements — high-stakes payment outputs require verification before action"
360
+ },
361
+ {
362
+ "framework": "PCI DSS v4.0",
363
+ "control_id": "Req 10.6.1",
364
+ "control_name": "Audit log review",
365
+ "tier": "Foundational",
366
+ "scope": "Both",
367
+ "notes": "Monitoring for LLM accuracy degradation — output quality metrics reviewed"
368
+ },
369
+ {
370
+ "framework": "PCI DSS v4.0",
371
+ "control_id": "Req 12.6.1",
372
+ "control_name": "Security awareness programme",
373
+ "tier": "Foundational",
374
+ "scope": "Both",
375
+ "notes": "PCI staff trained on LLM output limitations — advisory status of AI recommendations communicated"
376
+ },
377
+ {
378
+ "framework": "ENISA Multilayer Framework",
379
+ "control_id": "L2",
380
+ "control_name": "Governance and Risk (GOV)",
381
+ "tier": "Foundational",
382
+ "scope": "Both",
383
+ "notes": "Acceptable accuracy thresholds defined per use case — domains requiring human verification documented in AI governance"
384
+ },
385
+ {
386
+ "framework": "ENISA Multilayer Framework",
387
+ "control_id": "L2",
388
+ "control_name": "AI System Integrity (ASI)",
389
+ "tier": "Foundational",
390
+ "scope": "Both",
391
+ "notes": "Production accuracy monitoring as ASI practice — hallucination rates tracked per domain, drift detected"
392
+ },
393
+ {
394
+ "framework": "ENISA Multilayer Framework",
395
+ "control_id": "L2",
396
+ "control_name": "Monitoring and Detection (MON)",
397
+ "tier": "Foundational",
398
+ "scope": "Both",
399
+ "notes": "Accuracy degradation monitoring — ENISA L2 monitoring covering AI-specific failure modes"
400
+ },
401
+ {
402
+ "framework": "ENISA Multilayer Framework",
403
+ "control_id": "L1",
404
+ "control_name": "General ICT — Awareness",
405
+ "tier": "Foundational",
406
+ "scope": "Both",
407
+ "notes": "Users of LLM decision-support tools trained on output limitations — ENISA awareness practice"
408
+ },
409
+ {
410
+ "framework": "OWASP SAMM v2.0",
411
+ "control_id": "G-EG",
412
+ "control_name": "Education & Guidance",
413
+ "tier": "Foundational",
414
+ "scope": "Both",
415
+ "notes": "All users of LLM decision-support tools trained on output limitations — SAMM awareness practice applied to AI limitations"
416
+ },
417
+ {
418
+ "framework": "OWASP SAMM v2.0",
419
+ "control_id": "D-SR",
420
+ "control_name": "Security Requirements",
421
+ "tier": "Foundational",
422
+ "scope": "Both",
423
+ "notes": "Accuracy thresholds as security requirements — domains requiring verification documented before development"
424
+ },
425
+ {
426
+ "framework": "OWASP SAMM v2.0",
427
+ "control_id": "V-RT",
428
+ "control_name": "Requirements-Driven Testing",
429
+ "tier": "Foundational",
430
+ "scope": "Both",
431
+ "notes": "Accuracy requirements verified in testing — hallucination rates measured against thresholds per domain"
432
+ },
433
+ {
434
+ "framework": "OWASP SAMM v2.0",
435
+ "control_id": "Monitoring",
436
+ "control_name": "Operational Management (O-OM)",
437
+ "tier": "Foundational",
438
+ "scope": "Both",
439
+ "notes": "Production accuracy monitoring as operational management — drift detection, degradation alerted"
440
+ },
441
+ {
442
+ "framework": "STRIDE",
443
+ "control_id": "T",
444
+ "control_name": "Output Tampering via Hallucination",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "STRIDE",
450
+ "control_id": "R",
451
+ "control_name": "Hallucination Repudiation",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "CWE/CVE",
457
+ "control_id": "CWE-1021",
458
+ "control_name": "CWE-1021",
459
+ "tier": "Foundational",
460
+ "scope": "Both",
461
+ "url": "https://cwe.mitre.org/data/definitions/1021.html"
462
+ },
463
+ {
464
+ "framework": "CWE/CVE",
465
+ "control_id": "CWE-116",
466
+ "control_name": "CWE-116",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "url": "https://cwe.mitre.org/data/definitions/116.html"
470
+ },
471
+ {
472
+ "framework": "OWASP AI Testing Guide",
473
+ "control_id": "Factual accuracy and hallucination rate",
474
+ "control_name": "MBT — Model Behaviour",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Test model outputs against known-correct facts across the deployment use case domain; measure hallucination rate against benchmark ground truth"
478
+ },
479
+ {
480
+ "framework": "OWASP AI Testing Guide",
481
+ "control_id": "Citation verifiability",
482
+ "control_name": "OHT — Output Handling",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Verify that citations generated by the LLM are real and accurately represent source content; test that outputs requiring citations enforce this"
486
+ },
487
+ {
488
+ "framework": "OWASP AI Testing Guide",
489
+ "control_id": "Misinformation incident detection",
490
+ "control_name": "LMT — Logging & Monitoring",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Verify that the monitoring pipeline can detect and flag systematic misinformation patterns — accuracy drift, citation fabrication rate"
494
+ },
495
+ {
496
+ "framework": "MAESTRO",
497
+ "control_id": "L1",
498
+ "control_name": "Foundation Models",
499
+ "tier": "Foundational",
500
+ "scope": "Both"
501
+ },
502
+ {
503
+ "framework": "MAESTRO",
504
+ "control_id": "L2",
505
+ "control_name": "Data Operations",
506
+ "tier": "Foundational",
507
+ "scope": "Both"
508
+ },
509
+ {
510
+ "framework": "MAESTRO",
511
+ "control_id": "L5",
512
+ "control_name": "Evaluation & Observability",
513
+ "tier": "Foundational",
514
+ "scope": "Both"
515
+ },
516
+ {
517
+ "framework": "AIUC-1",
518
+ "control_id": "C",
519
+ "control_name": "Safety domain (harm prevention)",
520
+ "tier": "Foundational",
521
+ "scope": "Both",
522
+ "notes": "Foundational"
523
+ },
524
+ {
525
+ "framework": "AIUC-1",
526
+ "control_id": "F",
527
+ "control_name": "Society domain",
528
+ "tier": "Foundational",
529
+ "scope": "Both",
530
+ "notes": "Foundational"
531
+ },
532
+ {
533
+ "framework": "AIUC-1",
534
+ "control_id": "B009",
535
+ "control_name": "Validate AI-generated content",
536
+ "tier": "Foundational",
537
+ "scope": "Both",
538
+ "notes": "Foundational"
539
+ },
540
+ {
541
+ "framework": "AIUC-1",
542
+ "control_id": "E",
543
+ "control_name": "Accountability domain",
544
+ "tier": "Foundational",
545
+ "scope": "Both",
546
+ "notes": "Foundational"
547
+ },
548
+ {
549
+ "framework": "OWASP NHI Top 10",
550
+ "control_id": "Audit log service credentials leaked or compromised",
551
+ "control_name": "NHI-2 Secret Leakage",
552
+ "tier": "Foundational",
553
+ "scope": "Both",
554
+ "notes": "Protect audit log credentials as sensitive NHI"
555
+ },
556
+ {
557
+ "framework": "OWASP NHI Top 10",
558
+ "control_id": "Humans using LLM service account credentials — no attribution",
559
+ "control_name": "NHI-10 Human Use of NHI",
560
+ "tier": "Foundational",
561
+ "scope": "Both",
562
+ "notes": "Enforce separate human and machine credentials"
563
+ },
564
+ {
565
+ "framework": "NIST SP 800-218A",
566
+ "control_id": "PW.7.2-PS",
567
+ "control_name": "Review for security vulnerabilities — output validation",
568
+ "tier": "Foundational",
569
+ "scope": "Both",
570
+ "notes": "Include accuracy, hallucination, and misinformation scenarios in pre-release model behaviour reviews; validate output quality against domain benchmarks"
571
+ },
572
+ {
573
+ "framework": "NIST SP 800-218A",
574
+ "control_id": "PW.8.2-PS",
575
+ "control_name": "Test for security vulnerabilities — behavioural and accuracy testing",
576
+ "tier": "Foundational",
577
+ "scope": "Both",
578
+ "notes": "Conduct adversarial and behavioural testing covering hallucination rates, factual accuracy, and misinformation generation potential before each release"
579
+ },
580
+ {
581
+ "framework": "NIST SP 800-218A",
582
+ "control_id": "RV.1.1-PS",
583
+ "control_name": "Identify and confirm vulnerabilities — emergent behaviour monitoring",
584
+ "tier": "Foundational",
585
+ "scope": "Both",
586
+ "notes": "Establish procedures to detect and triage misinformation incidents in production including user feedback channels, automated fact-checking, and output monitoring"
587
+ },
588
+ {
589
+ "framework": "NIST SP 800-218A",
590
+ "control_id": "PW.2.1-PS",
591
+ "control_name": "Design software — output confidence and citation requirements",
592
+ "tier": "Foundational",
593
+ "scope": "Both",
594
+ "notes": "Design AI systems to surface confidence indicators, source citations, and uncertainty signals in output; include as explicit security and quality requirements"
595
+ },
596
+ {
597
+ "framework": "FedRAMP",
598
+ "control_id": "SI-4",
599
+ "control_name": "System Monitoring — output quality monitoring",
600
+ "tier": "Foundational",
601
+ "scope": "Both",
602
+ "notes": "Monitor model outputs for factual accuracy, consistency, and hallucination indicators; alert when confidence scores or factual grounding drops below thresholds"
603
+ },
604
+ {
605
+ "framework": "FedRAMP",
606
+ "control_id": "CA-7",
607
+ "control_name": "Continuous Monitoring — model drift detection",
608
+ "tier": "Foundational",
609
+ "scope": "Both",
610
+ "notes": "Include model output quality and drift monitoring in FedRAMP continuous monitoring programme; track accuracy metrics, hallucination rates, and output consistency over time"
611
+ },
612
+ {
613
+ "framework": "FedRAMP",
614
+ "control_id": "AU-6",
615
+ "control_name": "Audit Review — AI behaviour review",
616
+ "tier": "Foundational",
617
+ "scope": "Both",
618
+ "notes": "Regularly review AI inference logs and output samples for hallucination patterns, factual errors, and misleading content; escalate findings through security channels"
619
+ },
620
+ {
621
+ "framework": "FedRAMP",
622
+ "control_id": "SI-10",
623
+ "control_name": "Information Input Validation — grounding and retrieval validation",
624
+ "tier": "Foundational",
625
+ "scope": "Both",
626
+ "notes": "Validate retrieval sources and grounding data provided to the model; ensure factual grounding sources are authoritative and current"
627
+ },
628
+ {
629
+ "framework": "DORA",
630
+ "control_id": "Art. 10",
631
+ "control_name": "Detection — output quality monitoring",
632
+ "tier": "Foundational",
633
+ "scope": "Both",
634
+ "notes": "Deploy detection mechanisms for AI output quality degradation — hallucinations, factual errors, and misleading content in financial AI outputs"
635
+ },
636
+ {
637
+ "framework": "DORA",
638
+ "control_id": "Art. 5–7",
639
+ "control_name": "ICT Risk Management — AI reliability governance",
640
+ "tier": "Foundational",
641
+ "scope": "Both",
642
+ "notes": "Include AI output reliability in the ICT risk management framework; define acceptable accuracy thresholds for financial AI use cases"
643
+ },
644
+ {
645
+ "framework": "DORA",
646
+ "control_id": "Art. 13",
647
+ "control_name": "Learning and Evolving — misinformation post-mortem",
648
+ "tier": "Foundational",
649
+ "scope": "Both",
650
+ "notes": "Conduct post-incident analysis for misinformation events; identify root cause, assess customer and regulatory impact, and update controls"
651
+ },
652
+ {
653
+ "framework": "DORA",
654
+ "control_id": "Art. 9",
655
+ "control_name": "Protection and Prevention — grounding controls",
656
+ "tier": "Foundational",
657
+ "scope": "Both",
658
+ "notes": "Implement factual grounding controls for financial AI outputs — RAG with authoritative sources, confidence scoring, and human review for high-stakes outputs"
659
+ }
660
+ ],
661
+ "tools": [
662
+ {
663
+ "name": "TruLens",
664
+ "type": "open-source",
665
+ "url": "https://github.com/truera/trulens"
666
+ },
667
+ {
668
+ "name": "RAGAS",
669
+ "type": "open-source",
670
+ "url": "https://github.com/explodinggradients/ragas"
671
+ },
672
+ {
673
+ "name": "DeepEval",
674
+ "type": "open-source",
675
+ "url": "https://github.com/confident-ai/deepeval"
676
+ },
677
+ {
678
+ "name": "Evals (OpenAI)",
679
+ "type": "open-source",
680
+ "url": "https://github.com/openai/evals"
681
+ },
682
+ {
683
+ "name": "Ragas",
684
+ "type": "open-source",
685
+ "url": "https://github.com/explodinggradients/ragas"
686
+ },
687
+ {
688
+ "name": "LangSmith",
689
+ "type": "commercial",
690
+ "url": "https://smith.langchain.com"
691
+ },
692
+ {
693
+ "name": "Evidently",
694
+ "url": "https://github.com/evidentlyai/evidently",
695
+ "type": "open-source"
696
+ }
697
+ ],
698
+ "incidents": [
699
+ {
700
+ "name": "Bing Chat 'Sydney' jailbreak — persona escape and threatening behaviour",
701
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
702
+ "year": 2023,
703
+ "incident_id": "INC-002"
704
+ },
705
+ {
706
+ "name": "Air Canada chatbot invents bereavement discount policy — tribunal ruling",
707
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
708
+ "year": 2024,
709
+ "incident_id": "INC-004"
710
+ },
711
+ {
712
+ "name": "Clarkesworld magazine overwhelmed by AI-generated fiction submissions",
713
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
714
+ "year": 2023,
715
+ "incident_id": "INC-014"
716
+ },
717
+ {
718
+ "name": "AI voice deepfake CEO fraud — Hong Kong $25M loss",
719
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
720
+ "year": 2024,
721
+ "incident_id": "INC-026"
722
+ },
723
+ {
724
+ "name": "Meta Galactica model withdrawn after misinformation at launch",
725
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
726
+ "year": 2022,
727
+ "incident_id": "INC-031"
728
+ },
729
+ {
730
+ "name": "OpenAI o1/o3 reasoning chain jailbreak via chain-of-thought manipulation",
731
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
732
+ "year": 2025,
733
+ "incident_id": "INC-033"
734
+ },
735
+ {
736
+ "name": "AI companion apps: manipulation and exploitation of human-agent trust",
737
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
738
+ "year": 2025,
739
+ "incident_id": "INC-048"
740
+ }
741
+ ],
742
+ "crossrefs": {
743
+ "agentic_top10": [
744
+ "ASI09"
745
+ ],
746
+ "dsgai_2026": [
747
+ "DSGAI21",
748
+ "DSGAI10",
749
+ "DSGAI17"
750
+ ]
751
+ },
752
+ "changelog": [
753
+ {
754
+ "date": "2026-03-27",
755
+ "version": "1.0.0",
756
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
757
+ "author": "emmanuelgjr"
758
+ }
759
+ ]
760
+ }