AICM AtlasCSA AI Controls Matrix
CEK · Cryptography, Encryption & Key Management
CEK-19Cloud & AI Related

Key Compromise

Specification

Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage

Development

Not applicable

Evaluation

Not applicable

Deployment

Not applicable

Delivery

Maintenance

Retirement

Data deletion

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
Applies to all Roles (Baseline) before application of role context
1. Establish and document policies and procedures for Cryptography, Encryption, and Key Management.

2. Approve the policies and procedures through formal governance processes (e.g., security committee, CISO).

3. Communicate the policies and procedures to all relevant stakeholders.

4. Apply the approved policies and procedures to all systems, services, and processes under the role’s control.

5. Evaluate the effectiveness of policy and procedure implementation using internal audits, technical reviews, 
and encryption control validations.

6. Review and update the policies and procedures at least annually, or when significant system, model, or 
regulatory changes occur.

Auditing guidelines

1. Verify that the CSP defines, implements, and evaluates processes, procedures, and technical measures for handling compromised cryptographic keys, including provisions for legal and regulatory requirements.

2. Verify that the CSP's incident response plan includes documented steps for handling compromised keys, ensuring that the keys are restricted to decryption, securely revoked, and that they cannot be reused for encryption. Confirm that the CSP’s incident response procedures comply with relevant legal and regulatory requirements for key management in the event of a compromise.

3. Confirm that the CSP restricts use of compromised keys to decrypt-only operations under controlled circumstances (e.g., legacy storage layer decryption, cloud log retrieval), and explicitly prohibits further encryption with such keys unless formally approved.

4. Review how compromised keys are detected and flagged in cloud-native key management systems (e.g., KMS, HSM) or related infrastructure.

5. Validate that compromised keys are logically segregated from active key inventories and cannot be used in cloud service encryption workflows.

6. Confirm that access to compromised keys is restricted to authorized cloud security or incident response teams, with access governed by elevated approvals and role-based controls.

7. Review audit logs and monitoring tools to ensure all access and usage of compromised keys is tracked and includes metadata such as reason for access, user identity, and affected systems.

8. Verify that decrypt-only operations using compromised keys are documented and retained for audit purposes, including justification and linkage to security event records.

9. Confirm that CSP practices for managing compromised keys include applicable regulatory obligations (e.g., GDPR breach response, HIPAA encryption standards, FedRAMP handling procedures).

10. Validate that AI-specific keys (e.g., encrypting model logs, prompt storage, inference results) are included in compromised key handling protocols and subject to decrypt-only restrictions when compromised.

11. Review whether the CSP coordinates with upstream providers (e.g., hardware vendors, cryptographic library maintainers) and downstream consumers (e.g., APs, AICs) to contain key compromise risks and communicate key status changes or transitions.

From CCM:
1. Examine if the organization has defined processes, procedures, and technical measures for secure handling of compromised keys.
2. Review if the process for secure usage of compromised keys fulfills the organization and external business / operational continuity requirements.
3. Evaluate the significance of technical and organizational measures defined and implemented for usage of compromised keys in a secure environment.

Standards mappings

ISO 42001Partial Gap
No Mapping for ISO 42001
ISO 27001: A.8.24
ISO 27002: 8.24
Addendum

Add a control requiring AI systems to define, implement, and evaluate processes, procedures, and technical measures to use compromised keys only in controlled circumstances for encryption and exclusively for decryption thereafter, including legal and regulatory provisions, addressing ISO 42001:2023’s lack of compromised key usage rules, enhancing ISO 27001 (A.8.24) and ISO 27002 (8.24).

EU AI ActFull Gap
No Mapping
Addendum

Cover the AICM control.

NIST AI 600-1Full Gap
No Mapping
Addendum

No (explicit/implicit) reference is made in the NIST AI 600-1 standard as to the requirement of defining, implementing, or evaluating processes, procedures, and/or technical measures to minimize the risk of keys' compromise.

BSI AIC4No Gap
CRY-01
CRY-03
CRY-04
Addendum

N/A

AI-CAIQ questions (1)

CEK-19.1

Are processes, procedures, and technical measures to use compromised keys to encrypt information in specific scenarios (e.g., only in controlled circumstances and thereafter only for data decryption and never for encryption) defined implemented, and evaluated including provisions for legal and regulatory requirement?