AIS-12Cloud & AI Related

Source Code Managemement

Specification

Implement source code management practices, such as version control, code review & static code analysis, aligning with the SDLC process.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Team and expertise

Development

Design, Supply Chain, Guardrails

Evaluation

Validation/Red Teaming, Re-evaluation

Deployment

Not applicable

Delivery

Maintenance

Retirement

Not applicable

Ownership / SSRM

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Owned by the Orchestrated Service Provider (OSP)

The Orchestrated Service Provider (OSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The OSP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the OSP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The OSP is accountable for ensuring that its providers upstream (e.g MPs) implement the control as it relates to the service/product the develop and offered by the OSP. This refers to entities that create the technical building blocks and management tools that enable AI implementation. This can include platforms, frameworks, and tools that facilitate the integration, deployment, and management of AI models within enterprise workflows. These providers focus on model orchestration and offer services like API access, automated scaling, prompt management, workflow automation, monitoring, and governance rather than end-user functionality or raw infrastructure. They help businesses implement AI in a structured and efficient manner. Examples: AWS, Azure, GCP, OpenAI, Anthropic, LangChain (for AI workflow orchestration), Anyscale (Ray for distributed AI workloads), Databricks (MLflow), IBM Watson Orchestrate, and developer platforms like Google AI Studio.

Application

Owned by the Application Provider (AP)

The Application Provider (AP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The AP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the AP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The AP is accountable for carrying out the due diligence on its upstream providers (e.g MPs, Orchestrated Services) to verify that they implement the control as it relates to the service/product develop and offered by the AP. These providers build and offer end-user applications that leverage generative AI models for specific tasks such as content creation, chatbots, code generation, and enterprise automation. These applications are often delivered as software-as-a-service (SaaS) solutions. These providers focus on user interfaces, application logic, domain-specific functionality, and overall user experience rather than underlying model development. Example: OpenAI (GPTs,Assistants), Zapier, CustomGPT, Microsoft Copilot (integrated into Office products), Jasper (AI-driven content generation), Notion AI (AI-enhanced productivity tools), Adobe Firefly (AI-generated media), and AI-powered customer service solutions like Amazon Rufus, as well as any organization that develops its AI-based application internally.

Implementation guidelines

[Applicable to all providers (CSP, MP, OSP, AP) excluding AIC unless otherwise specified]
1. Establish provider-specific policy scopes for implementing model development practices within the SDLC. Ensure policies address version control, code review, static code analysis, dynamic analysis, and other secure development practices across all SDLC phases (planning, design, development, testing, deployment, maintenance).

2. Define roles for overseeing model development practices, involving cross-functional teams (e.g., AI engineers, security, DevOps). Set approval workflows with senior management and technical leads to ensure alignment with organizational SDLC standards and security objectives.

3. Create structured documentation standards for model development policies, including procedures for version control, code review processes, and static code analysis requirements. Use templates to document workflows, tool usage (e.g., Git, Snyk), and compliance with SDLC stages.

4. Implement a review process for model development policies. Conduct reviews at least annually or after significant changes (e.g., new tools, updated SDLC processes, emerging vulnerabilities). Align with standards like OWASP Secure Coding Practices, NIST SSDF, and AI-specific frameworks like NIST AI RMF, where applicable.

5. Define requirements for communicating model development policies: distribute formal documentation, mandate training for AI developers and engineers on SDLC practices, and run awareness campaigns on secure coding. Ensure accessibility through internal portals and comprehension across teams.

6. Set policies for quality assurance in model development, including requirements for automated version control (e.g., Git commits, branching), mandatory peer code reviews, and static code analysis (e.g., SonarQube, Checkmarx) before deployment. Require audit trails for development changes and compliance with SDLC checkpoints.

Auditing guidelines

1. Policy Examination: Verify that the CSP has established and documented source code management policies and procedures covering version control, code review, and static code analysis as integral parts of the SDLC. Confirm that the documentation explicitly incorporates secure coding practices and specifies integration with CI/CD pipelines (e.g., automated static and dynamic analysis, secure configuration validation), as applicable.

2. Policy Assessment: Assess whether the policies clearly define secure code management requirements, including secure authentication for repository access, change management protocols, and technical controls to protect code integrity. Verify that the policies describe how the CSP identifies, manages, and mitigates risks in code (including vulnerabilities detected during automated CI/CD pipeline execution), and assign clear responsibilities for reviews and remediation actions.

3. Program Evaluation: Evaluate how the CSP’s source code management practices are embedded in the SDLC, particularly through automated CI/CD pipelines that include security testing tools (e.g., static and dynamic analysis). Confirm that version control and code review tools are properly configured to enforce documented controls and that automated mechanisms effectively support vulnerability detection and secure code reviews.

4. Implementation Validation: Examine logs, reports, and audit trails from version control systems and CI/CD pipelines to verify that code reviews and static code analysis are regularly performed and that identified security issues are tracked and remediated in a timely manner. Verify that documented reviews and updates to source code management practices occur following significant changes to the system or its development environment.

Standards mappings

ISO 42001Partial Gap

42001: A.4.4 - Tooling resources
42001: A 6.2.3 - AI system design
42001: A 6.2.4 - AI system verification and validation
27001: A.5.18 - Access rights
27001: A.8.4 - Access to source code
27001: A.8.25 - Secure development life cycle
27001: A.8.28 - Secure coding

Addendum

If not relying on ISO/IEC 27001, add specific software development and code security controls to fully satisfy AIS‑12.

EU AI ActPartial Gap

Article 17 (1) (c)
Article 17 (1) (d)
Annex IV 1 (a)
Annex IV 1 (c)

Addendum

EU AI Act does not speak to "version control, code review, and static code analysis."

NIST AI 600-1Full Gap

No Mapping

Addendum

NIST AI 600-1 is missing a specific requirement for version control, code review, and static code analysis.

BSI AIC4No Gap

C4 DM-01
SR-01
C5 DEV-01
DEV-03

Addendum

N/A

AI-CAIQ questions (1)

AIS-12.1

Are source code management practices, such as version control, code review and static code analysis, implemented and aligning with the SDLC process?