{ "catalog": { "uuid": "c62a8bf7-a106-510e-b331-50ea27880f74", "metadata": { "title": "MERIDIAN AI Security Framework", "published": "2026-06-11T12:49:25.147194+00:00", "last-modified": "2026-06-11T12:49:25.147194+00:00", "version": "1.0.0", "oscal-version": "1.2.1", "remarks": "MERIDIAN is an AI security control catalog crosswalked to Google SAIF, MITRE ATLAS, NIST AI RMF, OWASP Top 10 for LLM Applications (2025), CSA AICM, the SANS AI Security Maturity Model, ISO/IEC 42001, and NIST SP 800-53 Rev 5. Crosswalks appear as `crosswalk` props in the https://meridian.htora.dev/ns/oscal namespace; assessor evidence appears as assessment-objective parts. Control IDs are frozen as of v0.3. Licensed under Creative Commons Attribution 4.0 (CC BY 4.0). Copyright 2026 Habib Tora.", "links": [ { "href": "https://creativecommons.org/licenses/by/4.0/", "rel": "license" } ] }, "groups": [ { "id": "gv", "class": "function", "title": "Govern", "parts": [ { "id": "gv_overview", "name": "overview", "prose": "Establish accountability, policy, and risk ownership for AI systems." } ], "groups": [ { "id": "gv-1", "class": "family", "title": "Accountability & Policy", "parts": [ { "id": "gv-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "gv-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI use occurs without policy; decisions are individual judgment calls." }, { "id": "gv-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "An approved AI security policy and a named accountable risk owner exist." }, { "id": "gv-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Policy is enforced through review gates, and exceptions are tracked to closure." }, { "id": "gv-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Policy effectiveness is measured through exception and violation metrics reviewed on cadence." }, { "id": "gv-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Policy adapts ahead of need, updated from incident, threat, and regulatory foresight." } ] } ], "controls": [ { "id": "gv-01", "class": "MERIDIAN", "title": "AI Security Policy", "props": [ { "name": "label", "value": "GV-01" }, { "name": "sort-id", "value": "gv-01" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "5.2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "PM-1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "GOVERN 1.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-01_smt", "name": "statement", "prose": "The organization maintains an approved AI security policy covering development, acquisition, and use of AI systems." }, { "id": "gv-01_obj", "name": "assessment-objective", "prose": "An approved, dated AI security policy exists, covers build, acquire, and use scope, and shows review within the last 12 months." } ] }, { "id": "gv-02", "class": "MERIDIAN", "title": "Named AI Risk Ownership", "props": [ { "name": "label", "value": "GV-02" }, { "name": "sort-id", "value": "gv-02" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "5.3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "PM-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "GOVERN 2.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-02_smt", "name": "statement", "prose": "A named senior role is accountable for AI security risk, with documented decision authority." }, { "id": "gv-02_obj", "name": "assessment-objective", "prose": "An org chart or charter names the accountable AI risk role, and meeting minutes or risk decisions demonstrate that authority being exercised." } ] }, { "id": "gv-03", "class": "MERIDIAN", "title": "AI Acceptable Use Policy", "props": [ { "name": "label", "value": "GV-03" }, { "name": "sort-id", "value": "gv-03" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "GRC", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "PL-4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "GOVERN 4.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-03_smt", "name": "statement", "prose": "An AUP defines permitted and prohibited AI uses, including data that may not be submitted to AI systems." }, { "id": "gv-03_obj", "name": "assessment-objective", "prose": "A published AUP enumerates permitted and prohibited AI uses and prohibited data classes, with distribution or attestation records for the workforce." } ] } ] }, { "id": "gv-2", "class": "family", "title": "Risk Management", "parts": [ { "id": "gv-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "gv-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI risks are considered informally, if at all." }, { "id": "gv-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "A documented AI risk assessment process and impact tiers exist." }, { "id": "gv-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Every AI system carries a current assessment and a tier that drives control depth." }, { "id": "gv-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Risk decisions are quantified and tracked against tolerance with trend metrics." }, { "id": "gv-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Risk models are continuously recalibrated from incidents, evals, and threat intelligence." } ] } ], "controls": [ { "id": "gv-04", "class": "MERIDIAN", "title": "AI Risk Assessment Process", "props": [ { "name": "label", "value": "GV-04" }, { "name": "sort-id", "value": "gv-04" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "6.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "RA-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "MAP / MEASURE", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf", "remarks": "process-level mapping" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-04_smt", "name": "statement", "prose": "AI systems undergo documented security risk assessment before deployment and on material change." }, { "id": "gv-04_obj", "name": "assessment-objective", "prose": "Completed risk assessment artifacts exist for sampled AI systems, dated before deployment and re-run after material changes." } ] }, { "id": "gv-05", "class": "MERIDIAN", "title": "Impact Thresholds & Risk Tolerance", "props": [ { "name": "label", "value": "GV-05" }, { "name": "sort-id", "value": "gv-05" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "RA-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "GOVERN 1.3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "M-24-10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "omb", "remarks": "rights/safety-impacting AI definitions" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#63941e4c-0da6-5507-b5d0-6bb175332025", "rel": "reference" } ], "parts": [ { "id": "gv-05_smt", "name": "statement", "prose": "Defined impact tiers (e.g., rights-impacting, safety-impacting) determine required control depth per system." }, { "id": "gv-05_obj", "name": "assessment-objective", "prose": "Documented impact-tier criteria exist, and sampled systems carry assigned tiers with control depth matching their tier." } ] }, { "id": "gv-06", "class": "MERIDIAN", "title": "Regulatory & Obligation Mapping", "props": [ { "name": "label", "value": "GV-06" }, { "name": "sort-id", "value": "gv-06" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "4.2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "GOVERN 1.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-06_smt", "name": "statement", "prose": "Applicable AI legal and regulatory obligations are identified and mapped to controls." }, { "id": "gv-06_obj", "name": "assessment-objective", "prose": "A maintained obligations register maps applicable AI laws and regulations to MERIDIAN controls, with review dates current." } ] } ] }, { "id": "gv-3", "class": "family", "title": "Third-Party & Supply Chain Governance", "parts": [ { "id": "gv-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "gv-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI vendors are procured without security review." }, { "id": "gv-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Vendor AI assessments and contractual security clauses are defined and required." }, { "id": "gv-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "All AI procurements pass assessment, and embedded-AI disclosure is enforced." }, { "id": "gv-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Vendor AI risk is re-evaluated on model-change notifications against measured SLAs." }, { "id": "gv-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Continuous vendor monitoring feeds procurement and exit decisions automatically." } ] } ], "controls": [ { "id": "gv-07", "class": "MERIDIAN", "title": "Vendor AI Risk Assessment", "props": [ { "name": "label", "value": "GV-07" }, { "name": "sort-id", "value": "gv-07" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "STA", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "SR-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "GOVERN 6.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "gv-07_smt", "name": "statement", "prose": "Third-party AI services and embedded-AI products are risk-assessed before procurement." }, { "id": "gv-07_obj", "name": "assessment-objective", "prose": "Vendor AI risk assessments exist for sampled procurements and are dated before contract signature." } ] }, { "id": "gv-08", "class": "MERIDIAN", "title": "Contractual AI Security Requirements", "props": [ { "name": "label", "value": "GV-08" }, { "name": "sort-id", "value": "gv-08" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "SA-4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "SR-5", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "gv-08_smt", "name": "statement", "prose": "Contracts with AI vendors include security, data handling, incident notification, and model-change clauses." }, { "id": "gv-08_obj", "name": "assessment-objective", "prose": "Sampled AI vendor contracts contain security, data handling, incident notification, and model-change notification clauses." } ] }, { "id": "gv-09", "class": "MERIDIAN", "title": "Embedded-AI Disclosure", "props": [ { "name": "label", "value": "GV-09" }, { "name": "sort-id", "value": "gv-09" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "GOVERN 6.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "Supply chain", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "gv-09_smt", "name": "statement", "prose": "Vendors must disclose AI/ML components embedded in delivered products and services." }, { "id": "gv-09_obj", "name": "assessment-objective", "prose": "Procurement records include vendor disclosure statements identifying embedded AI/ML components for sampled products." } ] } ] }, { "id": "gv-4", "class": "family", "title": "Workforce & Culture", "parts": [ { "id": "gv-4_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "gv-4_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI security knowledge is individual and uneven." }, { "id": "gv-4_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Role-based AI security training and a secure development standard exist." }, { "id": "gv-4_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Training completion is enforced and the standard is applied in every project." }, { "id": "gv-4_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Workforce capability is measured through assessments and exercise performance, with gaps closed." }, { "id": "gv-4_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "The culture is self-correcting: practitioners surface AI risks before controls require it." } ] } ], "controls": [ { "id": "gv-10", "class": "MERIDIAN", "title": "AI Security Awareness & Training", "props": [ { "name": "label", "value": "GV-10" }, { "name": "sort-id", "value": "gv-10" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "7.3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "AT-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "AT-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L1-L2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "gv-10_smt", "name": "statement", "prose": "Role-based training covers AI threats (prompt injection, data leakage, shadow AI) for builders, defenders, and users." }, { "id": "gv-10_obj", "name": "assessment-objective", "prose": "Training records show role-based AI security training completion for builders, defenders, and users within the defined cycle." } ] }, { "id": "gv-11", "class": "MERIDIAN", "title": "Secure AI Development Standard", "props": [ { "name": "label", "value": "GV-11" }, { "name": "sort-id", "value": "gv-11" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AIS", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "SA-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "SA-8", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Secure development", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "gv-11_smt", "name": "statement", "prose": "Engineering teams follow a documented secure AI/ML development standard." }, { "id": "gv-11_obj", "name": "assessment-objective", "prose": "A published secure AI development standard exists, and sampled projects show conformance artifacts such as design reviews or checklists." } ] } ] } ] }, { "id": "ds", "class": "function", "title": "Discover", "parts": [ { "id": "ds_overview", "name": "overview", "prose": "Know what AI you have, what data feeds it, and where it is exposed." } ], "groups": [ { "id": "ds-1", "class": "family", "title": "AI Asset Inventory", "parts": [ { "id": "ds-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "ds-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "No reliable record of AI systems in use exists." }, { "id": "ds-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "An AI inventory exists with owners and impact tiers." }, { "id": "ds-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "The inventory is complete and current, validated by discovery spot checks." }, { "id": "ds-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Shadow AI detection runs continuously and reconciles to inventory with coverage metrics." }, { "id": "ds-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "The inventory is self-maintaining through automated discovery and registration." } ] } ], "controls": [ { "id": "ds-01", "class": "MERIDIAN", "title": "AI System Inventory", "props": [ { "name": "label", "value": "DS-01" }, { "name": "sort-id", "value": "ds-01" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "CM-8", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "MAP 1.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "M-24-10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "omb", "remarks": "federal AI use-case inventory" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#63941e4c-0da6-5507-b5d0-6bb175332025", "rel": "reference" } ], "parts": [ { "id": "ds-01_smt", "name": "statement", "prose": "All AI systems (built, acquired, embedded, SaaS) are inventoried with owner, purpose, and impact tier." }, { "id": "ds-01_obj", "name": "assessment-objective", "prose": "The AI inventory lists sampled known systems with owner, purpose, and impact tier, and spot checks find no unlisted production AI." } ] }, { "id": "ds-02", "class": "MERIDIAN", "title": "Model Registry & Model Cards", "props": [ { "name": "label", "value": "DS-02" }, { "name": "sort-id", "value": "ds-02" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "MAP 2.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "Model documentation", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "ds-02_smt", "name": "statement", "prose": "Deployed models are registered with versioned model cards documenting intended use, data, and limitations." }, { "id": "ds-02_obj", "name": "assessment-objective", "prose": "Registry entries with versioned model cards exist for sampled deployed models, documenting intended use, data, and limitations." } ] }, { "id": "ds-03", "class": "MERIDIAN", "title": "Shadow AI Detection", "props": [ { "name": "label", "value": "DS-03" }, { "name": "sort-id", "value": "ds-03" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "GRC", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "CM-8(3)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "ds-03_smt", "name": "statement", "prose": "Unsanctioned AI use (browser tools, plugins, embedded features) is detected via network, SaaS, and endpoint telemetry." }, { "id": "ds-03_obj", "name": "assessment-objective", "prose": "Network, SaaS, or endpoint telemetry demonstrably flags unsanctioned AI use, and sampled alerts show triage and disposition." } ] } ] }, { "id": "ds-2", "class": "family", "title": "Data Provenance & Classification", "parts": [ { "id": "ds-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "ds-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Data enters AI systems without classification or lineage." }, { "id": "ds-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI-eligibility classification rules and a dataset inventory exist." }, { "id": "ds-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "All training and retrieval data carries classification and lineage before ingestion." }, { "id": "ds-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Provenance attestation is required and verified for third-party data, with metrics." }, { "id": "ds-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Lineage is captured automatically end to end and is provably complete." } ] } ], "controls": [ { "id": "ds-04", "class": "MERIDIAN", "title": "Training Data Inventory & Lineage", "props": [ { "name": "label", "value": "DS-04" }, { "name": "sort-id", "value": "ds-04" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "MAP 2.2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "LLM04", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "data & model poisoning" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "ds-04_smt", "name": "statement", "prose": "Datasets used for training, fine-tuning, and RAG are inventoried with source, lineage, and transformation history." }, { "id": "ds-04_obj", "name": "assessment-objective", "prose": "The dataset inventory records source, lineage, and transformation history for sampled training, fine-tuning, and RAG corpora." } ] }, { "id": "ds-05", "class": "MERIDIAN", "title": "Data Classification for AI Use", "props": [ { "name": "label", "value": "DS-05" }, { "name": "sort-id", "value": "ds-05" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "DSP", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "RA-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM02", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "sensitive information disclosure" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "ds-05_smt", "name": "statement", "prose": "Data is classified for AI eligibility (trainable, retrievable, prohibited) before ingestion." }, { "id": "ds-05_obj", "name": "assessment-objective", "prose": "Classification labels (trainable, retrievable, prohibited) exist on sampled datasets with dates preceding their ingestion records." } ] }, { "id": "ds-06", "class": "MERIDIAN", "title": "Dataset Provenance Attestation", "props": [ { "name": "label", "value": "DS-06" }, { "name": "sort-id", "value": "ds-06" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0010", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Supply Chain Compromise" }, { "name": "crosswalk", "value": "SR-4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Supply chain", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "ds-06_smt", "name": "statement", "prose": "Third-party datasets and pretrained corpora carry license and provenance attestation." }, { "id": "ds-06_obj", "name": "assessment-objective", "prose": "License and provenance attestations are on file for sampled third-party datasets and pretrained corpora." } ] } ] }, { "id": "ds-3", "class": "family", "title": "Exposure Mapping", "parts": [ { "id": "ds-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "ds-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "The AI attack surface is unknown." }, { "id": "ds-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI interfaces and dependencies are documented per system." }, { "id": "ds-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Attack-surface and AI-BOM maps are current and threat-modeled against ATLAS." }, { "id": "ds-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Exposure changes trigger re-modeling, and coverage drift is measured." }, { "id": "ds-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Exposure mapping is continuous and feeds detection and red-team scoping automatically." } ] } ], "controls": [ { "id": "ds-07", "class": "MERIDIAN", "title": "AI Attack Surface Mapping", "props": [ { "name": "label", "value": "DS-07" }, { "name": "sort-id", "value": "ds-07" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "Reconnaissance / Initial Access", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "tactic-level mapping" }, { "name": "crosswalk", "value": "RA-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "ds-07_smt", "name": "statement", "prose": "Externally and internally reachable AI interfaces (chat, API, agent, plugin) are enumerated and threat-modeled against ATLAS." }, { "id": "ds-07_obj", "name": "assessment-objective", "prose": "A current attack-surface register enumerates AI interfaces, with threat model artifacts referencing ATLAS techniques." } ] }, { "id": "ds-08", "class": "MERIDIAN", "title": "AI Dependency Mapping (AI-BOM)", "props": [ { "name": "label", "value": "DS-08" }, { "name": "sort-id", "value": "ds-08" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "SR-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM03", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "supply chain" }, { "name": "crosswalk", "value": "Supply chain", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "ds-08_smt", "name": "statement", "prose": "Models, embeddings, vector stores, packages, and upstream APIs per system are mapped as a dependency graph." }, { "id": "ds-08_obj", "name": "assessment-objective", "prose": "AI-BOM or dependency graphs exist for sampled systems covering models, embeddings, vector stores, packages, and upstream APIs." } ] } ] } ] }, { "id": "sc", "class": "function", "title": "Secure", "parts": [ { "id": "sc_overview", "name": "overview", "prose": "Protect data, models, pipelines, and interactions from compromise." } ], "groups": [ { "id": "sc-1", "class": "family", "title": "Data Security", "parts": [ { "id": "sc-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Training and retrieval data has no protection beyond general IT controls." }, { "id": "sc-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Data minimization and integrity requirements are documented." }, { "id": "sc-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Poisoning screens, minimization, and RAG ACL enforcement operate on all corpora." }, { "id": "sc-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Data controls are tested adversarially and their effectiveness is measured." }, { "id": "sc-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Data defenses adapt automatically to new poisoning and leakage techniques." } ] } ], "controls": [ { "id": "sc-01", "class": "MERIDIAN", "title": "Training Data Integrity", "props": [ { "name": "label", "value": "SC-01" }, { "name": "sort-id", "value": "sc-01" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0020", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "poison training data" }, { "name": "crosswalk", "value": "SI-7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM04", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-01_smt", "name": "statement", "prose": "Training and fine-tuning data is integrity-protected and screened for poisoning before use." }, { "id": "sc-01_obj", "name": "assessment-objective", "prose": "Integrity verification records (hashes or signatures) and poisoning-screen results exist for sampled training datasets prior to use." } ] }, { "id": "sc-02", "class": "MERIDIAN", "title": "Sensitive Data Minimization", "props": [ { "name": "label", "value": "SC-02" }, { "name": "sort-id", "value": "sc-02" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "SI-12", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM02", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-02_smt", "name": "statement", "prose": "PII and regulated data is minimized, masked, or excluded from training and retrieval corpora." }, { "id": "sc-02_obj", "name": "assessment-objective", "prose": "Sampled corpora show masking or exclusion of regulated data, and scan or DLP reports confirm minimization." } ] }, { "id": "sc-03", "class": "MERIDIAN", "title": "RAG & Knowledge-Base Access Control", "props": [ { "name": "label", "value": "SC-03" }, { "name": "sort-id", "value": "sc-03" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IAM", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "AC-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM08", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "vector & embedding weaknesses" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-03_smt", "name": "statement", "prose": "Retrieval sources enforce document-level authorization so model responses respect source ACLs." }, { "id": "sc-03_obj", "name": "assessment-objective", "prose": "Access tests with differently privileged users confirm retrieval results respect source document ACLs." } ] } ] }, { "id": "sc-2", "class": "family", "title": "Model Protection", "parts": [ { "id": "sc-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Models are stored and served without dedicated protection." }, { "id": "sc-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Weight protection and endpoint access-control requirements are defined." }, { "id": "sc-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Encryption, least-privilege access, and audit logging cover all models." }, { "id": "sc-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Extraction resistance is tested and access anomalies are measured." }, { "id": "sc-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Model protection is continuously validated and tuned against live attack telemetry." } ] } ], "controls": [ { "id": "sc-04", "class": "MERIDIAN", "title": "Model Weight Protection", "props": [ { "name": "label", "value": "SC-04" }, { "name": "sort-id", "value": "sc-04" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0025", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Exfiltration via Cyber Means \u2014 weight/checkpoint theft (corrected from AML.T0048 External Harms)" }, { "name": "crosswalk", "value": "AML.T0044", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Full AI Model Access" }, { "name": "crosswalk", "value": "SC-28", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Model protection", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-04_smt", "name": "statement", "prose": "Model weights and checkpoints are encrypted, access-controlled, and stored in hardened locations." }, { "id": "sc-04_obj", "name": "assessment-objective", "prose": "Weight stores show encryption at rest, restrictive ACLs, and access logging for sampled models and checkpoints." } ] }, { "id": "sc-05", "class": "MERIDIAN", "title": "Model Access Control", "props": [ { "name": "label", "value": "SC-05" }, { "name": "sort-id", "value": "sc-05" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IAM", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "AC-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "IA-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "sc-05_smt", "name": "statement", "prose": "Model endpoints require authenticated, least-privilege, auditable access." }, { "id": "sc-05_obj", "name": "assessment-objective", "prose": "Endpoint configurations require authentication, and access reviews plus audit logs exist for sampled model endpoints." } ] }, { "id": "sc-06", "class": "MERIDIAN", "title": "Extraction & Theft Resistance", "props": [ { "name": "label", "value": "SC-06" }, { "name": "sort-id", "value": "sc-06" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0024", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Exfiltration via AI Inference API" }, { "name": "crosswalk", "value": "SC-5", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "Unbounded Consumption (2025); absorbs 2023 LLM10 Model Theft" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-06_smt", "name": "statement", "prose": "Rate limiting, query monitoring, and output controls resist model extraction and inversion." }, { "id": "sc-06_obj", "name": "assessment-objective", "prose": "Rate limits and query monitoring are configured, and simulated extraction traffic triggers the controls in test records." } ] } ] }, { "id": "sc-3", "class": "family", "title": "Supply Chain Security", "parts": [ { "id": "sc-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Models and packages are pulled from public sources unchecked." }, { "id": "sc-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Provenance verification and scanning requirements are defined." }, { "id": "sc-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "All acquired models are verified, scanned, and loaded via safe formats." }, { "id": "sc-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Supply chain controls are tested with seeded malicious artifacts and measured." }, { "id": "sc-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Supply chain trust is cryptographically attested end to end." } ] } ], "controls": [ { "id": "sc-07", "class": "MERIDIAN", "title": "Model Provenance Verification", "props": [ { "name": "label", "value": "SC-07" }, { "name": "sort-id", "value": "sc-07" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "SR-4(4)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM03", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" }, { "name": "crosswalk", "value": "Supply chain", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-07_smt", "name": "statement", "prose": "Acquired models and weights are verified via signing, hashes, or attestation before use." }, { "id": "sc-07_obj", "name": "assessment-objective", "prose": "Signature, hash, or attestation verification records predate first use for sampled acquired models." } ] }, { "id": "sc-08", "class": "MERIDIAN", "title": "Third-Party Model Scanning", "props": [ { "name": "label", "value": "SC-08" }, { "name": "sort-id", "value": "sc-08" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0010.003", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Supply Chain Compromise: Model" }, { "name": "crosswalk", "value": "LLM03", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-08_smt", "name": "statement", "prose": "Downloaded models are scanned for embedded malicious payloads before loading." }, { "id": "sc-08_obj", "name": "assessment-objective", "prose": "Malware and payload scan results exist for sampled downloaded models, with documented allow or block outcomes." } ] }, { "id": "sc-09", "class": "MERIDIAN", "title": "ML Package & Dependency Security", "props": [ { "name": "label", "value": "SC-09" }, { "name": "sort-id", "value": "sc-09" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "SI-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "SR-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM03", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-09_smt", "name": "statement", "prose": "ML frameworks and packages are vulnerability-managed and sourced from controlled registries." }, { "id": "sc-09_obj", "name": "assessment-objective", "prose": "ML dependencies resolve from controlled registries, and vulnerability scan plus remediation records meet defined SLAs." } ] }, { "id": "sc-10", "class": "MERIDIAN", "title": "Safe Model Serialization", "props": [ { "name": "label", "value": "SC-10" }, { "name": "sort-id", "value": "sc-10" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0010", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Supply Chain Compromise" }, { "name": "crosswalk", "value": "Supply chain", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-10_smt", "name": "statement", "prose": "Unsafe serialization formats (e.g., pickle) are prohibited or sandbox-loaded; safetensors preferred." }, { "id": "sc-10_obj", "name": "assessment-objective", "prose": "Policy prohibits unsafe serialization formats, and repository or CI checks reject pickle artifacts or enforce sandbox loading in sampled pipelines." } ] } ] }, { "id": "sc-4", "class": "family", "title": "Input & Interaction Hardening", "parts": [ { "id": "sc-4_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-4_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Prompts reach models without validation." }, { "id": "sc-4_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Injection defenses and input validation are documented and partially deployed." }, { "id": "sc-4_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Layered injection defenses cover all interfaces, including indirect paths." }, { "id": "sc-4_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Defense effectiveness is measured against an adversarial test corpus on cadence." }, { "id": "sc-4_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Defenses retune automatically from observed attack patterns." } ] } ], "controls": [ { "id": "sc-11", "class": "MERIDIAN", "title": "Prompt Injection Defense", "props": [ { "name": "label", "value": "SC-11" }, { "name": "sort-id", "value": "sc-11" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0051", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "LLM prompt injection" }, { "name": "crosswalk", "value": "LLM01", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "prompt injection" }, { "name": "crosswalk", "value": "Input validation", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-11_smt", "name": "statement", "prose": "Layered defenses (input filtering, instruction hierarchy, context isolation) mitigate direct and indirect prompt injection." }, { "id": "sc-11_obj", "name": "assessment-objective", "prose": "Layered injection defenses are documented, and adversarial test results demonstrate mitigation of direct and indirect injection for sampled systems." } ] }, { "id": "sc-12", "class": "MERIDIAN", "title": "Input Validation & Filtering", "props": [ { "name": "label", "value": "SC-12" }, { "name": "sort-id", "value": "sc-12" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0099", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Data Poisoning \u2014 malicious content staged for tool retrieval" }, { "name": "crosswalk", "value": "SI-10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM01", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-12_smt", "name": "statement", "prose": "Untrusted inputs (user, retrieved, inter-agent) are validated and sanitized before reaching the model." }, { "id": "sc-12_obj", "name": "assessment-objective", "prose": "Input validation rules exist in code or configuration, and test cases show sanitization across user, retrieved, and inter-agent input paths." } ] }, { "id": "sc-13", "class": "MERIDIAN", "title": "System Prompt Protection", "props": [ { "name": "label", "value": "SC-13" }, { "name": "sort-id", "value": "sc-13" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0051.000", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Direct Prompt Injection \u2014 system prompt extraction vector" }, { "name": "crosswalk", "value": "AML.T0084", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Discover AI Agent Configuration \u2014 embedded knowledge, tool definitions, call chains" }, { "name": "crosswalk", "value": "LLM07", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "system prompt leakage" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-13_smt", "name": "statement", "prose": "System prompts contain no secrets and are protected against disclosure; disclosure is treated as expected, not catastrophic." }, { "id": "sc-13_obj", "name": "assessment-objective", "prose": "System prompts pass secret scans, and disclosure test results show no privilege or data-access change from prompt exposure." } ] } ] }, { "id": "sc-5", "class": "family", "title": "Output & Action Safety", "parts": [ { "id": "sc-5_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-5_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Model output is trusted and rendered or acted on directly." }, { "id": "sc-5_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Output handling and guardrail requirements are defined." }, { "id": "sc-5_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Encoding, validation, and guardrails are enforced on every output path." }, { "id": "sc-5_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Guardrail bypass rates are measured through scheduled adversarial testing." }, { "id": "sc-5_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Output safety adapts in-line to novel bypass patterns with measured drift." } ] } ], "controls": [ { "id": "sc-14", "class": "MERIDIAN", "title": "Output Handling & Encoding", "props": [ { "name": "label", "value": "SC-14" }, { "name": "sort-id", "value": "sc-14" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "SI-10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "SI-15", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM05", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "improper output handling" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-14_smt", "name": "statement", "prose": "Model outputs are treated as untrusted: encoded, validated, and never executed or rendered directly." }, { "id": "sc-14_obj", "name": "assessment-objective", "prose": "Code review or configuration shows output encoding and validation, and no sampled flow executes or renders model output directly." } ] }, { "id": "sc-15", "class": "MERIDIAN", "title": "Guardrails & Content Controls", "props": [ { "name": "label", "value": "SC-15" }, { "name": "sort-id", "value": "sc-15" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "MDL", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "LLM02", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" }, { "name": "crosswalk", "value": "LLM09", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "misinformation" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-15_smt", "name": "statement", "prose": "Policy-enforcing guardrails filter harmful, off-policy, or data-leaking outputs." }, { "id": "sc-15_obj", "name": "assessment-objective", "prose": "Guardrail policies are configured, and blocked-output logs plus bypass test results demonstrate operation." } ] } ] }, { "id": "sc-6", "class": "family", "title": "Infrastructure & Pipeline", "parts": [ { "id": "sc-6_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-6_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI runs on general-purpose infrastructure with no specific hardening." }, { "id": "sc-6_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Hardening baselines, secrets rules, and decommissioning procedures exist." }, { "id": "sc-6_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Baselines, vaulted secrets, and decommissioning are enforced across environments." }, { "id": "sc-6_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Configuration drift and secrets exposure are continuously measured and remediated." }, { "id": "sc-6_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Infrastructure is immutable or self-healing with provable configuration state." } ] } ], "controls": [ { "id": "sc-16", "class": "MERIDIAN", "title": "AI Infrastructure Hardening", "props": [ { "name": "label", "value": "SC-16" }, { "name": "sort-id", "value": "sc-16" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IVS", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "CM-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "SC-7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "sc-16_smt", "name": "statement", "prose": "Training and inference infrastructure (GPU clusters, notebooks, MLOps platforms) is hardened and segmented." }, { "id": "sc-16_obj", "name": "assessment-objective", "prose": "Hardening baselines and segmentation evidence (configurations, scan results) exist for training and inference infrastructure." } ] }, { "id": "sc-17", "class": "MERIDIAN", "title": "Secrets Hygiene in AI Pipelines", "props": [ { "name": "label", "value": "SC-17" }, { "name": "sort-id", "value": "sc-17" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0082", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "RAG Credential Harvesting \u2014 secrets must not be retrievable from corpora" }, { "name": "crosswalk", "value": "IA-5", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM02", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" }, { "name": "crosswalk", "value": "LLM07", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-17_smt", "name": "statement", "prose": "Credentials are never embedded in prompts, training data, or model artifacts; pipeline secrets are vaulted." }, { "id": "sc-17_obj", "name": "assessment-objective", "prose": "Secret scans of prompts, datasets, and model artifacts return clean, and pipeline secrets resolve from a vault in sampled configurations." } ] }, { "id": "sc-24", "class": "MERIDIAN", "title": "Secure AI Decommissioning", "props": [ { "name": "label", "value": "SC-24" }, { "name": "sort-id", "value": "sc-24" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "retire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001", "remarks": "AI system lifecycle \u2014 domain-level mapping" }, { "name": "crosswalk", "value": "MP-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53", "remarks": "media sanitization \u2014 weights, datasets, embeddings" }, { "name": "crosswalk", "value": "SR-12", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53", "remarks": "component disposal" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "sc-24_smt", "name": "statement", "prose": "Retired AI systems follow a documented decommissioning procedure covering model weight destruction or archival, training and retrieval data disposition, credential revocation, and inventory closure." }, { "id": "sc-24_obj", "name": "assessment-objective", "prose": "Decommissioning records for sampled retired systems show weight disposition, data disposal or archival per retention policy, credential revocation, and inventory status closure." } ] } ] }, { "id": "sc-7", "class": "family", "title": "Agentic AI Security", "parts": [ { "id": "sc-7_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "sc-7_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Agents run with inherited human credentials and unrestricted tools." }, { "id": "sc-7_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Agent permission, identity, and sandbox requirements are defined." }, { "id": "sc-7_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Least-privilege manifests, non-human identities, and sandboxing are enforced for all agents." }, { "id": "sc-7_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Agent containment is tested adversarially and blast radius is quantified." }, { "id": "sc-7_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Agent authority adjusts dynamically from measured behavior and risk." } ] } ], "controls": [ { "id": "sc-18", "class": "MERIDIAN", "title": "Agency Limitation", "props": [ { "name": "label", "value": "SC-18" }, { "name": "sort-id", "value": "sc-18" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0086", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Exfiltration via AI Agent Tool Invocation \u2014 countered by least privilege and approval gates" }, { "name": "crosswalk", "value": "AML.T0101", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Data Destruction via AI Agent Tool Invocation \u2014 countered by mutative-action approval gates" }, { "name": "crosswalk", "value": "AC-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM06", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "excessive agency" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-18_smt", "name": "statement", "prose": "Agent and tool permissions follow least privilege with human approval gates for high-impact actions." }, { "id": "sc-18_obj", "name": "assessment-objective", "prose": "Agent permission manifests show least privilege, and high-impact actions show human approval records." } ] }, { "id": "sc-19", "class": "MERIDIAN", "title": "Plugin, Tool & MCP Server Security", "props": [ { "name": "label", "value": "SC-19" }, { "name": "sort-id", "value": "sc-19" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0010.005", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Supply Chain Compromise: AI Agent Tool" }, { "name": "crosswalk", "value": "AML.T0053", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Invocation (renamed from LLM Plugin Compromise) \u2014 agency limits constrain abusive invocation" }, { "name": "crosswalk", "value": "AML.T0104", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Publish Poisoned AI Agent Tool \u2014 countered by review before agent access" }, { "name": "crosswalk", "value": "AML.T0109", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Supply Chain Rug Pull \u2014 countered by re-review on tool updates" }, { "name": "crosswalk", "value": "AML.T0110", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Poisoning \u2014 persistence via poisoned built-in or MCP tools" }, { "name": "crosswalk", "value": "SA-9", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM03", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm", "remarks": "Supply Chain (2025); supersedes 2023 LLM07 Insecure Plugin Design" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-19_smt", "name": "statement", "prose": "Third-party plugins, tools, and MCP servers are reviewed, permission-scoped, and inventoried before agent access." }, { "id": "sc-19_obj", "name": "assessment-objective", "prose": "A plugin, tool, and MCP server inventory exists with review records and permission scopes dated before agent access." } ] }, { "id": "sc-20", "class": "MERIDIAN", "title": "Agent Execution Sandboxing", "props": [ { "name": "label", "value": "SC-20" }, { "name": "sort-id", "value": "sc-20" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0053", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Invocation \u2014 contained by execution sandboxing" }, { "name": "crosswalk", "value": "AML.T0105", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Escape to Host \u2014 sandbox escape from agent execution environment" }, { "name": "crosswalk", "value": "AML.T0112.000", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Machine Compromise: Local AI Agent" }, { "name": "crosswalk", "value": "SC-39", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-20_smt", "name": "statement", "prose": "Agent code execution and tool calls run in isolated, resource-limited sandboxes." }, { "id": "sc-20_obj", "name": "assessment-objective", "prose": "Sandbox configurations show isolation and resource limits, with escape-test results or platform attestations on file." } ] }, { "id": "sc-21", "class": "MERIDIAN", "title": "Agent Identity & Credentialing", "props": [ { "name": "label", "value": "SC-21" }, { "name": "sort-id", "value": "sc-21" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IAM", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "AML.T0083", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Credentials from AI Agent Configuration \u2014 countered by vaulted, scoped, short-lived credentials" }, { "name": "crosswalk", "value": "AML.T0098", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Credential Harvesting" }, { "name": "crosswalk", "value": "AC-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "IA-9", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-21_smt", "name": "statement", "prose": "Agents operate under distinct non-human identities with scoped, short-lived credentials, never shared human accounts." }, { "id": "sc-21_obj", "name": "assessment-objective", "prose": "Sampled agents authenticate with unique non-human identities, and credential lifetimes and scopes meet policy." } ] }, { "id": "sc-22", "class": "MERIDIAN", "title": "Inter-Agent Communication Security", "props": [ { "name": "label", "value": "SC-22" }, { "name": "sort-id", "value": "sc-22" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0051.001", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Indirect Prompt Injection via inter-agent messages" }, { "name": "crosswalk", "value": "AML.T0051.002", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Triggered Prompt Injection \u2014 event-conditioned activation in agent workflows" }, { "name": "crosswalk", "value": "AML.T0094", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Delay Execution of LLM Instructions \u2014 deferred instructions across turns and agents" }, { "name": "crosswalk", "value": "SC-8", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "sc-22_smt", "name": "statement", "prose": "Agent-to-agent and agent-to-orchestrator messages are authenticated, integrity-protected, and treated as untrusted input." }, { "id": "sc-22_obj", "name": "assessment-objective", "prose": "Inter-agent channels show authentication and integrity protection, and received messages route through untrusted-input handling." } ] }, { "id": "sc-23", "class": "MERIDIAN", "title": "Agent Memory & State Protection", "props": [ { "name": "label", "value": "SC-23" }, { "name": "sort-id", "value": "sc-23" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0080", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Context Poisoning (Memory .000 / Thread .001) \u2014 supersedes the AML.T0020 analog mapping" }, { "name": "crosswalk", "value": "AML.T0081", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Modify AI Agent Configuration \u2014 persistence via agent config tamper" }, { "name": "crosswalk", "value": "SC-28", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "LLM08", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "sc-23_smt", "name": "statement", "prose": "Persistent agent memory and state are access-controlled, validated on write, and purgeable to counter memory poisoning." }, { "id": "sc-23_obj", "name": "assessment-objective", "prose": "Agent memory stores show ACLs and write validation, and a purge procedure exists with test evidence." } ] } ] } ] }, { "id": "dt", "class": "function", "title": "Detect", "parts": [ { "id": "dt_overview", "name": "overview", "prose": "See attacks against and through AI systems in time to act." } ], "groups": [ { "id": "dt-1", "class": "family", "title": "Telemetry & Logging", "parts": [ { "id": "dt-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "dt-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI interactions are not logged." }, { "id": "dt-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "A logging standard defines required AI telemetry." }, { "id": "dt-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "All AI systems emit standard telemetry to the SIEM with protected storage." }, { "id": "dt-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Telemetry coverage and completeness are measured, and gaps alert." }, { "id": "dt-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Telemetry adapts automatically to new AI components and attack surfaces." } ] } ], "controls": [ { "id": "dt-01", "class": "MERIDIAN", "title": "AI Interaction Logging Standard", "props": [ { "name": "label", "value": "DT-01" }, { "name": "sort-id", "value": "dt-01" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "LOG", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "AU-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "AU-3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "dt-01_smt", "name": "statement", "prose": "Prompts, outputs, tool calls, retrievals, and model versions are logged to the SIEM per a defined standard." }, { "id": "dt-01_obj", "name": "assessment-objective", "prose": "The SIEM contains prompts, outputs, tool calls, retrievals, and model versions for sampled AI systems, conforming to the logging standard." } ] }, { "id": "dt-02", "class": "MERIDIAN", "title": "AI Log Protection & Privacy", "props": [ { "name": "label", "value": "DT-02" }, { "name": "sort-id", "value": "dt-02" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "AU-9", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "dt-02_smt", "name": "statement", "prose": "AI logs are integrity-protected, access-controlled, and retention-managed given their sensitive content." }, { "id": "dt-02_obj", "name": "assessment-objective", "prose": "AI log stores show integrity protection, restricted access, and retention configuration matching policy." } ] } ] }, { "id": "dt-2", "class": "family", "title": "Threat Detection", "parts": [ { "id": "dt-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "dt-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI attacks would be invisible." }, { "id": "dt-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Detection requirements for injection, abuse, and agent anomalies are defined." }, { "id": "dt-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Detections operate across interaction telemetry with a triage workflow." }, { "id": "dt-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Detection efficacy is measured by purple-team detonation and tuned." }, { "id": "dt-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Detections are generated and tuned continuously from emerging TTPs." } ] } ], "controls": [ { "id": "dt-03", "class": "MERIDIAN", "title": "Injection & Jailbreak Detection", "props": [ { "name": "label", "value": "DT-03" }, { "name": "sort-id", "value": "dt-03" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0051", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas" }, { "name": "crosswalk", "value": "AML.T0054", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "LLM Jailbreak" }, { "name": "crosswalk", "value": "LLM01", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" }, { "name": "crosswalk", "value": "L3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "dt-03_smt", "name": "statement", "prose": "Detections identify prompt injection, jailbreak attempts, and adversarial inputs in interaction telemetry." }, { "id": "dt-03_obj", "name": "assessment-objective", "prose": "Deployed detections for injection and jailbreak exist, and sampled alerts or test detonations show fires with triage records." } ] }, { "id": "dt-04", "class": "MERIDIAN", "title": "Abuse & Extraction Detection", "props": [ { "name": "label", "value": "DT-04" }, { "name": "sort-id", "value": "dt-04" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0024", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Exfiltration via AI Inference API" }, { "name": "crosswalk", "value": "SI-4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "dt-04_smt", "name": "statement", "prose": "Anomalous query patterns indicating extraction, inversion, or systematic abuse are detected and rate-responded." }, { "id": "dt-04_obj", "name": "assessment-objective", "prose": "Extraction and abuse detections exist, and simulated anomalous query patterns trigger alerts and rate response in test records." } ] }, { "id": "dt-05", "class": "MERIDIAN", "title": "Anomalous Agent Behavior Detection", "props": [ { "name": "label", "value": "DT-05" }, { "name": "sort-id", "value": "dt-05" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "tag", "value": "agentic", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0034.002", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Agentic Resource Consumption \u2014 coerced expensive tool-call patterns" }, { "name": "crosswalk", "value": "AML.T0053", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "AI Agent Tool Invocation \u2014 detected via agent behavior baseline" }, { "name": "crosswalk", "value": "AML.T0086", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "Exfiltration via AI Agent Tool Invocation \u2014 anomalous write-tool usage" }, { "name": "crosswalk", "value": "SI-4(13)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Agents", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "dt-05_smt", "name": "statement", "prose": "Agent actions are baselined; deviations (unexpected tools, scope, volume) generate alerts." }, { "id": "dt-05_obj", "name": "assessment-objective", "prose": "Agent behavior baselines exist, and deviation test cases (unexpected tools, scope, volume) generate alerts in sampled systems." } ] } ] }, { "id": "dt-3", "class": "family", "title": "Model & Pipeline Monitoring", "parts": [ { "id": "dt-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "dt-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Model behavior changes go unnoticed." }, { "id": "dt-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Drift and pipeline integrity monitoring requirements are defined." }, { "id": "dt-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Drift thresholds and pipeline change detection run on all production systems." }, { "id": "dt-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Monitoring sensitivity is tuned against measured baselines and incident history." }, { "id": "dt-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Monitoring predicts degradation and compromise before impact." } ] } ], "controls": [ { "id": "dt-06", "class": "MERIDIAN", "title": "Model Drift & Behavior Monitoring", "props": [ { "name": "label", "value": "DT-06" }, { "name": "sort-id", "value": "dt-06" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.6.2.6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "MEASURE 2.4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "dt-06_smt", "name": "statement", "prose": "Production model behavior is monitored for drift and degradation that may indicate compromise or decay." }, { "id": "dt-06_obj", "name": "assessment-objective", "prose": "Drift metrics and thresholds are monitored, with alert history or dashboards present for sampled production models." } ] }, { "id": "dt-07", "class": "MERIDIAN", "title": "Pipeline Integrity Monitoring", "props": [ { "name": "label", "value": "DT-07" }, { "name": "sort-id", "value": "dt-07" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0020", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas" }, { "name": "crosswalk", "value": "SI-7(7)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "dt-07_smt", "name": "statement", "prose": "Training and data pipelines are monitored for unauthorized modification to data, code, or configuration." }, { "id": "dt-07_obj", "name": "assessment-objective", "prose": "Pipeline integrity monitoring covers data, code, and configuration changes, with alert evidence for unauthorized modification tests." } ] } ] } ] }, { "id": "rs", "class": "function", "title": "Respond", "parts": [ { "id": "rs_overview", "name": "overview", "prose": "Contain, recover, and learn when AI systems are attacked or misbehave." } ], "groups": [ { "id": "rs-1", "class": "family", "title": "AI Incident Response", "parts": [ { "id": "rs-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "rs-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI incidents are handled by improvisation." }, { "id": "rs-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "AI-specific playbooks and severity criteria exist." }, { "id": "rs-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Playbooks are exercised and integrated with enterprise incident response." }, { "id": "rs-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Response performance is measured, including detection and recovery times for AI scenarios." }, { "id": "rs-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Response improves continuously from exercised and real incidents." } ] } ], "controls": [ { "id": "rs-01", "class": "MERIDIAN", "title": "AI Incident Response Playbooks", "props": [ { "name": "label", "value": "RS-01" }, { "name": "sort-id", "value": "rs-01" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IR-8", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "MANAGE 4.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "L2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "rs-01_smt", "name": "statement", "prose": "IR playbooks cover AI-specific scenarios: injection compromise, poisoning, model theft, harmful-output events." }, { "id": "rs-01_obj", "name": "assessment-objective", "prose": "AI-specific playbooks exist for injection compromise, poisoning, model theft, and harmful-output scenarios, with exercise records within 12 months." } ] }, { "id": "rs-02", "class": "MERIDIAN", "title": "AI Incident Classification", "props": [ { "name": "label", "value": "RS-02" }, { "name": "sort-id", "value": "rs-02" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "IR-4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "MANAGE 4.1", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" } ], "parts": [ { "id": "rs-02_smt", "name": "statement", "prose": "AI incidents have defined severity criteria, including rights and safety impact, integrated into existing IR taxonomy." }, { "id": "rs-02_obj", "name": "assessment-objective", "prose": "The IR taxonomy includes AI severity criteria covering rights and safety impact, and sampled incidents show classification applied." } ] } ] }, { "id": "rs-2", "class": "family", "title": "Containment & Recovery", "parts": [ { "id": "rs-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "rs-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "There is no way to quickly stop or roll back a misbehaving model." }, { "id": "rs-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Kill-switch, rollback, and remediation procedures are documented." }, { "id": "rs-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Containment and recovery are tested within defined objectives." }, { "id": "rs-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Recovery objectives are measured under realistic exercise conditions." }, { "id": "rs-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Containment is automated with graduated, reversible degradation modes." } ] } ], "controls": [ { "id": "rs-03", "class": "MERIDIAN", "title": "Model Kill Switch & Isolation", "props": [ { "name": "label", "value": "RS-03" }, { "name": "sort-id", "value": "rs-03" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.6.2.5", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "IR-4(2)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Operations", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "rs-03_smt", "name": "statement", "prose": "High-impact AI systems can be rapidly disabled, isolated, or degraded to safe mode." }, { "id": "rs-03_obj", "name": "assessment-objective", "prose": "Kill-switch and isolation procedures exist, with a test or actual activation record within the defined cycle." } ] }, { "id": "rs-04", "class": "MERIDIAN", "title": "Model Rollback & Version Recovery", "props": [ { "name": "label", "value": "RS-04" }, { "name": "sort-id", "value": "rs-04" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "BCR", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "CP-10", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "rs-04_smt", "name": "statement", "prose": "Prior known-good model versions can be restored within defined recovery objectives." }, { "id": "rs-04_obj", "name": "assessment-objective", "prose": "Recovery tests demonstrate restoration of a known-good model version within defined recovery objectives." } ] }, { "id": "rs-05", "class": "MERIDIAN", "title": "Poisoning Remediation", "props": [ { "name": "label", "value": "RS-05" }, { "name": "sort-id", "value": "rs-05" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "data", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "model", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AML.T0020", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas" }, { "name": "crosswalk", "value": "LLM04", "ns": "https://meridian.htora.dev/ns/oscal", "class": "owasp_llm" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#ce54f9a9-4c6b-5807-801f-9080d1f562fe", "rel": "reference" } ], "parts": [ { "id": "rs-05_smt", "name": "statement", "prose": "Procedures exist to identify, remove, and retrain away poisoned data influence." }, { "id": "rs-05_obj", "name": "assessment-objective", "prose": "A documented poisoning remediation procedure exists, with tabletop or actual execution evidence on file." } ] } ] }, { "id": "rs-3", "class": "family", "title": "Disclosure & Learning", "parts": [ { "id": "rs-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "rs-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Incidents end without reporting or learning." }, { "id": "rs-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Reporting obligations and feedback procedures are documented." }, { "id": "rs-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Disclosures meet obligations, and findings feed evals and detections." }, { "id": "rs-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Feedback-loop SLAs are measured and closure is verified." }, { "id": "rs-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Lessons propagate automatically into controls, evals, and training." } ] } ], "controls": [ { "id": "rs-06", "class": "MERIDIAN", "title": "AI Incident Reporting & Disclosure", "props": [ { "name": "label", "value": "RS-06" }, { "name": "sort-id", "value": "rs-06" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.8.4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "IR-6", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "rs-06_smt", "name": "statement", "prose": "AI incidents are reported per regulatory, contractual, and federal obligations." }, { "id": "rs-06_obj", "name": "assessment-objective", "prose": "Reporting obligations are documented with destinations and timelines, and sampled incidents show on-time reports." } ] }, { "id": "rs-07", "class": "MERIDIAN", "title": "Post-Incident Eval Feedback", "props": [ { "name": "label", "value": "RS-07" }, { "name": "sort-id", "value": "rs-07" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "MANAGE 4.3", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "L4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "rs-07_smt", "name": "statement", "prose": "Incident findings feed red-team scenarios, detections, and eval suites within a defined SLA." }, { "id": "rs-07_obj", "name": "assessment-objective", "prose": "Post-incident findings trace to corresponding red-team scenarios, detections, or eval additions within the defined SLA." } ] } ] } ] }, { "id": "as", "class": "function", "title": "Assure", "parts": [ { "id": "as_overview", "name": "overview", "prose": "Prove security continuously through testing, evaluation, and audit." } ], "groups": [ { "id": "as-1", "class": "family", "title": "Pre-Deployment Assurance", "parts": [ { "id": "as-1_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "as-1_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Models ship without security evaluation." }, { "id": "as-1_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Evaluation requirements and red-team triggers are defined." }, { "id": "as-1_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Evals and gates block all releases below threshold, and high-impact systems are red-teamed." }, { "id": "as-1_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Gate efficacy and eval coverage are measured against ATLAS techniques." }, { "id": "as-1_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Assurance depth scales automatically with measured system risk." } ] } ], "controls": [ { "id": "as-01", "class": "MERIDIAN", "title": "Pre-Deployment Security Evaluation", "props": [ { "name": "label", "value": "AS-01" }, { "name": "sort-id", "value": "as-01" }, { "name": "implementation-tier", "value": "M-1", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "A.6.2.4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "MEASURE 2.x", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf", "remarks": "eval subcategories" }, { "name": "crosswalk", "value": "Detection & validation", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "as-01_smt", "name": "statement", "prose": "Models pass defined security evals (injection resistance, leakage, harmful output) before production." }, { "id": "as-01_obj", "name": "assessment-objective", "prose": "Evaluation reports covering injection resistance, leakage, and harmful output, with pass thresholds, predate production release for sampled models." } ] }, { "id": "as-02", "class": "MERIDIAN", "title": "AI Red Teaming", "props": [ { "name": "label", "value": "AS-02" }, { "name": "sort-id", "value": "as-02" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "Full matrix", "ns": "https://meridian.htora.dev/ns/oscal", "class": "atlas", "remarks": "red team scenario source" }, { "name": "crosswalk", "value": "CA-8", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L3-L4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#96bdc28b-a483-59ab-b82c-51e9f5b99de4", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "as-02_smt", "name": "statement", "prose": "Adversarial testing against ATLAS-mapped TTPs is performed before release of high-impact systems and periodically thereafter." }, { "id": "as-02_obj", "name": "assessment-objective", "prose": "Red-team reports referencing ATLAS techniques exist for high-impact systems before release and on the defined cadence." } ] }, { "id": "as-03", "class": "MERIDIAN", "title": "Security Gates in AI CI/CD", "props": [ { "name": "label", "value": "AS-03" }, { "name": "sort-id", "value": "as-03" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "deploy", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "AIS", "ns": "https://meridian.htora.dev/ns/oscal", "class": "aicm", "remarks": "domain-level mapping (AICM builds on CCM v4 domains)" }, { "name": "crosswalk", "value": "SA-11", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Secure development", "ns": "https://meridian.htora.dev/ns/oscal", "class": "saif" } ], "links": [ { "href": "#451a2db1-2a2e-5a25-a938-ea406070f00f", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "rel": "reference" } ], "parts": [ { "id": "as-03_smt", "name": "statement", "prose": "Pipeline gates block promotion of models failing security thresholds (scans, evals, provenance checks)." }, { "id": "as-03_obj", "name": "assessment-objective", "prose": "CI/CD configurations show blocking gates, and pipeline history shows promotions blocked on threshold failures." } ] } ] }, { "id": "as-2", "class": "family", "title": "Continuous Validation", "parts": [ { "id": "as-2_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "as-2_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Security posture is assumed static after launch." }, { "id": "as-2_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Recurring evaluation and re-test cadences are defined." }, { "id": "as-2_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Production evals and periodic red-teaming run on schedule." }, { "id": "as-2_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Regression detection is measured and drives release decisions." }, { "id": "as-2_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Validation is continuous, autonomous, and anticipates model change." } ] } ], "controls": [ { "id": "as-04", "class": "MERIDIAN", "title": "Eval Regression in Production", "props": [ { "name": "label", "value": "AS-04" }, { "name": "sort-id", "value": "as-04" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "MEASURE 2.7", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_ai_rmf" }, { "name": "crosswalk", "value": "L4-L5", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#10131052-5643-5746-be52-246d03483ec4", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "as-04_smt", "name": "statement", "prose": "Security evals run continuously or regularly against production systems; regressions trigger response." }, { "id": "as-04_obj", "name": "assessment-objective", "prose": "Scheduled production eval runs exist, with regression alerts and corresponding response records." } ] }, { "id": "as-05", "class": "MERIDIAN", "title": "Periodic Adversarial Re-Testing", "props": [ { "name": "label", "value": "AS-05" }, { "name": "sort-id", "value": "as-05" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "CA-8(2)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "L4", "ns": "https://meridian.htora.dev/ns/oscal", "class": "sans_aismm", "remarks": "maturity-level calibration" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "rel": "reference" } ], "parts": [ { "id": "as-05_smt", "name": "statement", "prose": "Red-team exercises recur on a defined cadence and after material model or guardrail changes." }, { "id": "as-05_obj", "name": "assessment-objective", "prose": "The red-team schedule and reports show cadence adherence and re-tests after material model or guardrail changes." } ] } ] }, { "id": "as-3", "class": "family", "title": "Audit & Conformance", "parts": [ { "id": "as-3_maturity", "name": "maturity", "title": "Maturity rubric (L1-L5)", "parts": [ { "id": "as-3_l1", "name": "maturity-level", "props": [ { "name": "level", "value": "1", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "No evidence trail supports AI control claims." }, { "id": "as-3_l2", "name": "maturity-level", "props": [ { "name": "level", "value": "2", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Evidence requirements per control are defined." }, { "id": "as-3_l3", "name": "maturity-level", "props": [ { "name": "level", "value": "3", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Evidence is collected per system, mapped to MERIDIAN IDs, and retrievable." }, { "id": "as-3_l4", "name": "maturity-level", "props": [ { "name": "level", "value": "4", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Conformance is independently assessed and OSCAL artifacts validate against NIST schemas." }, { "id": "as-3_l5", "name": "maturity-level", "props": [ { "name": "level", "value": "5", "ns": "https://meridian.htora.dev/ns/oscal" } ], "prose": "Attestation is machine-generated and continuously current." } ] } ], "controls": [ { "id": "as-06", "class": "MERIDIAN", "title": "AI Control Audit Trail", "props": [ { "name": "label", "value": "AS-06" }, { "name": "sort-id", "value": "as-06" }, { "name": "implementation-tier", "value": "M-2", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "9.2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "CA-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "as-06_smt", "name": "statement", "prose": "Control implementation evidence is collected and auditable per system, mapped to MERIDIAN IDs." }, { "id": "as-06_obj", "name": "assessment-objective", "prose": "An evidence repository maps artifacts to MERIDIAN control IDs per system, and sampled items are retrievable on request." } ] }, { "id": "as-07", "class": "MERIDIAN", "title": "Machine-Readable Attestation (OSCAL)", "props": [ { "name": "label", "value": "AS-07" }, { "name": "sort-id", "value": "as-07" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "use", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "CA-2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "PM-31", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" }, { "name": "crosswalk", "value": "Catalog / Profile / SAR", "ns": "https://meridian.htora.dev/ns/oscal", "class": "oscal" } ], "links": [ { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" }, { "href": "#851bdc13-42f8-52e8-aa78-01e921699526", "rel": "reference" } ], "parts": [ { "id": "as-07_smt", "name": "statement", "prose": "Control catalog, profiles, and system assessments are maintained in OSCAL for federal interoperability." }, { "id": "as-07_obj", "name": "assessment-objective", "prose": "Current OSCAL catalog, profile, and assessment artifacts exist and validate against published NIST OSCAL schemas." } ] }, { "id": "as-08", "class": "MERIDIAN", "title": "Independent Assessment", "props": [ { "name": "label", "value": "AS-08" }, { "name": "sort-id", "value": "as-08" }, { "name": "implementation-tier", "value": "M-3", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "build", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "applicability", "value": "acquire", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "lifecycle-stage", "value": "operate", "ns": "https://meridian.htora.dev/ns/oscal" }, { "name": "crosswalk", "value": "9.2", "ns": "https://meridian.htora.dev/ns/oscal", "class": "iso_42001" }, { "name": "crosswalk", "value": "CA-2(1)", "ns": "https://meridian.htora.dev/ns/oscal", "class": "nist_800_53" } ], "links": [ { "href": "#e0b8d9b9-7e6a-545c-a541-7afa1474549c", "rel": "reference" }, { "href": "#e286a7b6-4fe7-5bec-bb80-b074af6819ae", "rel": "reference" } ], "parts": [ { "id": "as-08_smt", "name": "statement", "prose": "High-impact AI systems undergo independent (internal audit or third-party) security assessment." }, { "id": "as-08_obj", "name": "assessment-objective", "prose": "Independent assessment reports exist for high-impact systems, with findings tracked to closure." } ] } ] } ] } ], "back-matter": { "resources": [ { "uuid": "451a2db1-2a2e-5a25-a938-ea406070f00f", "title": "CSA AI Controls Matrix (AICM)", "citation": { "text": "CSA AI Controls Matrix (AICM)" }, "rlinks": [ { "href": "https://cloudsecurityalliance.org" } ] }, { "uuid": "96bdc28b-a483-59ab-b82c-51e9f5b99de4", "title": "MITRE ATLAS", "citation": { "text": "MITRE ATLAS (5.6.0)" }, "rlinks": [ { "href": "https://atlas.mitre.org" } ] }, { "uuid": "e0b8d9b9-7e6a-545c-a541-7afa1474549c", "title": "ISO/IEC 42001", "citation": { "text": "ISO/IEC 42001 (2023)" }, "rlinks": [ { "href": "https://www.iso.org/standard/42001" } ] }, { "uuid": "e286a7b6-4fe7-5bec-bb80-b074af6819ae", "title": "NIST SP 800-53", "citation": { "text": "NIST SP 800-53 (Rev 5)" }, "rlinks": [ { "href": "https://csrc.nist.gov/pubs/sp/800/53/r5/final" } ] }, { "uuid": "10131052-5643-5746-be52-246d03483ec4", "title": "NIST AI Risk Management Framework", "citation": { "text": "NIST AI Risk Management Framework (1.0)" }, "rlinks": [ { "href": "https://www.nist.gov/itl/ai-risk-management-framework" } ] }, { "uuid": "63941e4c-0da6-5507-b5d0-6bb175332025", "title": "OMB Memoranda (Federal AI)", "citation": { "text": "OMB Memoranda (Federal AI) (M-24-10)" } }, { "uuid": "851bdc13-42f8-52e8-aa78-01e921699526", "title": "NIST OSCAL", "citation": { "text": "NIST OSCAL" }, "rlinks": [ { "href": "https://pages.nist.gov/OSCAL" } ] }, { "uuid": "ce54f9a9-4c6b-5807-801f-9080d1f562fe", "title": "OWASP Top 10 for LLM Applications", "citation": { "text": "OWASP Top 10 for LLM Applications (2025)" }, "rlinks": [ { "href": "https://genai.owasp.org" } ] }, { "uuid": "dedf3fbd-8c87-50bb-a39b-ed7b1dea4ee7", "title": "Google Secure AI Framework (SAIF)", "citation": { "text": "Google Secure AI Framework (SAIF)" }, "rlinks": [ { "href": "https://saif.google" } ] }, { "uuid": "ac0ae00f-39c6-5713-80a4-a8e9daf14d2c", "title": "SANS AI Security Maturity Model", "citation": { "text": "SANS AI Security Maturity Model" }, "rlinks": [ { "href": "https://www.sans.org" } ] } ] } } }