AICM AtlasCSA AI Controls Matrix
CEK · Cryptography, Encryption & Key Management
CEK-09Cloud & AI Related

Encryption and Key Management Audit

Specification

Audit encryption and key management systems, policies, and processes with a frequency that is proportional to the risk exposure of the system with audit occurring preferably continuously but at least annually and after any security event(s).

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage

Development

Guardrails

Evaluation

Re-evaluation

Deployment

AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Data deletion

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
Applies to all Roles (Baseline) before application of role context.
1. Establish and document policies and procedures for Cryptography, Encryption, and Key Management.

2. Approve the policies and procedures through formal governance processes (e.g., security committee, CISO).

3. Communicate the policies and procedures to all relevant stakeholders.

4. Apply the approved policies and procedures to all systems, services, and processes under the role’s control.

5. Evaluate the effectiveness of policy and procedure implementation using internal audits, technical reviews, 
and encryption control validations.

6. Review and update the policies and procedures at least annually, or when significant system, model, or 
regulatory changes occur.

Auditing guidelines

1. Verify that the CSP encryption and key management systems, policies, and processes are audited at a frequency that reflects the associated risk exposure preferably continuously but at least annually and after any security event.

2. Confirm that audits are also triggered by material changes to cryptographic infrastructure, key lifecycle operations, cloud service configurations, or security policy updates.

3. Review the scope of CEK audits to ensure coverage of core infrastructure components, including KMS, HSMs, encryption libraries, tenant isolation controls, and any CEK-as-a-service offerings.

4. Validate that audits assess compliance with internal CSP encryption policies and external frameworks (e.g., NIST 800-57, ISO/IEC 27001/27017/27701), including algorithm selection, access control, key handling, and lifecycle enforcement.

5. Verify that CEK audits are conducted independently of operational teams responsible for cryptographic system administration or cloud service delivery.

6. Confirm that audit results are formally documented, reviewed by security and compliance leadership, and followed by corrective actions for any gaps, control failures, or policy deviations.

7. Review whether audit findings and CEK risks are communicated to internal stakeholders, including platform engineering, product security, legal, and customer compliance support teams.

8. Verify that automated monitoring and logging tools (e.g., key usage dashboards, CEK audit agents) are implemented to support continuous or near-real-time audit coverage of CEK-related activities.

9. Confirm that CEK audit procedures cover customer-facing encryption controls, including BYOK/HYOK, tenant key isolation, and compliance with shared responsibility obligations.

10. Validate that CEK audit procedures are reviewed and updated periodically to reflect changes in cryptographic standards, CSP risk posture, emerging threats, and coordination requirements with upstream providers and downstream consumers.

From CCM:

1. Examine the master audit plan to confirm that audits of encryption and key management systems, policy, and processes are included in the plan.
2. Review previously completed audits and confirm that audits of encryption and key management systems, policy, and processes have been completed and that any issues raised have been included in issue logs and tracked appropriately.

Standards mappings

ISO 42001Partial Gap
No Mapping for ISO 42001
ISO 27001: A.8.24
A.12.7.1
Clause 9.2
ISO 27002: 8.24
12.7.1
8.34
Addendum

Add a control mandating the audit of encryption and key management systems, policies, and processes in AI systems, with a frequency proportional to risk exposure, requiring continuous auditing where feasible, a minimum annual audit, and audits following security events, addressing the gap in ISO 42001:2023’s lack of specific cryptographic audit requirements, and enhancing ISO 27001 (A.8.24, A.12.7.1, Clause 9.2) and ISO 27002 (8.24, 12.7.1, 8.34) with AI-specific rigor. ISO 42001 lacks this detailed, cryptography-focused audit requirement tied to risk, timing, and post-event triggers.

EU AI ActPartial Gap
Annex VII 5.3
Addendum

Include: An explicit requirement for auditing cryptographic controls (technical and procedural), A clause for regular (e.g., annual) and event-triggered audit cycles, A risk-based audit frequency model, Inclusion of organizational processes and policies related to encryption and key handling, Reference to or alignment with established international encryption audit standards.

NIST AI 600-1Full Gap
No Mapping
Addendum

No (implicit/explicit) reference to cryptography, encryption, or key management is made in the NIST AI 600-1 standard, let alone to the requirement of periodically auditing systems, policies, and processes in such domain.

BSI AIC4No Gap
CRY-01
CRY-04
OIS-06
OIS-07
Addendum

N/A

AI-CAIQ questions (2)

CEK-09.1

Are encryption and key management systems, policies, and processes audited with a frequency proportional to the system's risk exposure?

CEK-09.2

Are encryption and key management systems, policies, and processes audited preferably continuously but at least annually and after any security event?