AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-06Cloud & AI Related

User Access Provisioning

Specification

Define and implement an identity access provisioning process which authorizes, records, and communicates access changes to data and assets.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage, Resource provisioning, Team and expertise

Development

Training, Guardrails, Supply Chain

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
1. Establish standardized onboarding processes for granting user access based on role, business need, and risk sensitivity.

2. Define clear approval workflows for access requests, involving appropriate stakeholders (e.g., HR, security, team leads).

3. Establish lifecycle-based access management to automatically manage user access at each stage (onboarding, role change, offboarding).

4. Ensure roles and entitlements are clearly defined and mapped for each application before initiating access provisioning.

5. Implement just-in-time (JIT) provisioning for sensitive systems to reduce standing access and potential exposure.

6. Enforce segregation of duties by restricting conflicting roles during provisioning and role assignment.

7. Monitor user access rights regularly to track misuse, detect potential breaches, and support timely access revocation.

8. Maintain detailed logs of all provisioning actions to support auditing, compliance, and forensic investigation.

Auditing guidelines

1. Verify CSP’s IAM systems enforce consistent provisioning across cloud tenants.

2. Assess whether provisioning controls support customer segregation and compliance needs.

3. Check that delegated access granted by CSP adheres to role definitions.

4. Confirm auditability of provisioning actions by CSP support personnel.

From CCM:
1. Examine the policy to determine the least privilege required for each role or user.
2. Evaluate the effectiveness of the implementation and review of policy.

Standards mappings

ISO 42001No Gap
42001: A.2.3 - Alignment with other organizational policies
42001: A.2.4 - Review of the AI policy
27001: A.5.1 - Policies for information security
27001 A.5.18 - Access rights
27001 A.5.15 - Access control
Addendum

N/A

EU AI ActPartial Gap
Article 8
Article 9
Article 10
Article 12
Addendum

In the EU AI Act, the specific word "deprovisioning" is not mentioned explicitly in Article 13.

NIST AI 600-1Partial Gap
MG-2.4-001
Addendum

No explicit reference to the definition and implementation of a user access provisioning process is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 DM-01
C4 DM-02
C4 RE-02
C5 IDM-02
Addendum

N/A

AI-CAIQ questions (1)

IAM-06.1

Is an identity access provisioning process which authorizes, records, and communicates access changes to data and assets, defined and implemented?