AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-04Cloud & AI Related

Separation of Duties

Specification

Employ the separation of duties principle when implementing information system access.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Team and expertise, Resource provisioning

Development

Design, Supply Chain, Guardrails

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous improvement, Continuous monitoring

Retirement

Archiving, Data deletion

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Application

Shared Application Provider-AI Customer (Shared AP-AIC)

The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.

Implementation guidelines

[All Actors]
Best practices for implementation of Separation of Duties (SoD) include:
1. SoD Role Management and Access:
i.  A centralized role management system should be implemented to oversee and maintain role permissions
ii. Roles overlapping in responsibilities should be minimized to enhance SoD
iii. Roles should be created with specific permissions for different functions within the AI system, avoiding 
assigning a single identity with excessive privileges that could enable unauthorized actions (e.g., critical functions, such as authorization, approval, and execution, should be separated among different identities)
iv.  Access levels should be segregated to restrict roles and their access to specific portions of the AI system
v. For high-risk or critical activities, such as approving transactions or making modifications to sensitive data, a multi-level approval process should be implemented (i.e., multiple individuals from different roles approve an action) separating approval for role assignment and provisioning, role reviews, role changes monitoring, policy exception management, violations reporting, and SoD controls monitoring.

Auditing guidelines

1. Verify CSP maintains strict SoD across operational, support, and privileged user functions.

2. Assess SoD controls in provisioning platforms, including admin console access restrictions.

3. Check audit trails for SoD enforcement across cloud orchestration activities.

4. Confirm CSP provides documentation and attestation of SoD controls to customers.

From CCM:
1. Determine if divisions of responsibility and separation of duties are defined and documented.
2. Determine if information system access authorizations are established to support separation of duties.

Standards mappings

ISO 42001No Gap
42001 B.3.2 - AI roles and responsibilities
27001 A.5.3 - Segregation of duties
27001 A.5.15 - Access control
27001 A.5.18 - Access rights
Addendum

N/A

EU AI ActPartial Gap
Article 9
Article 10
Article 14
Article 15
Addendum

Specific technical and procedural requirements that define full compliance with the Separation of Duties control.

NIST AI 600-1Full Gap
No Mapping
Addendum

No explicit reference to the employment of the separation of duties principle when implementing information system access is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 DM-01
C4 DM-02
C5 IDM-02
C5 OIS-02
Addendum

N/A

AI-CAIQ questions (1)

IAM-04.1

Are separation of duties principles employed when implementing information system access?