AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-08Cloud & AI Related

User Access Review

Specification

Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurated with organizational risk tolerance and at least annually, or upon significant changes.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage, Resource provisioning, Team and expertise, Data curation

Development

Training, Guardrails, Supply Chain

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
1. Conduct periodic reviews (e.g., quarterly) of all user access rights for appropriateness and necessity.

2. Validate least-privilege and segregation-of-duties; document explicit rationale for any persistent or elevated access.

3. Use automated tooling to generate review reports, detect orphan / unused accounts, and route tasks to resource owners for sign-off.

4. Require certification and reconciliation; access that is unapproved, stale or in conflict with role definitions must be revoked or remediated promptly.

5. Track outcomes and evidence of each review cycle, with timestamps and approver IDs, to satisfy audit and compliance needs.

Auditing guidelines

1. Confirm the CSP conducts role-based access reviews for cloud infrastructure components.

2. Check reviews include both manual roles and programmatic access (e.g., service accounts).

3. Ensure mechanisms are in place to detect unused or excessive permissions.

4. Validate the CSP’s audit logs for evidence of review-driven changes.

5. Confirm periodic access reviews are included in SOC 2 or similar compliance audits.

From CCM:
1. Determine if the required frequency for review of accounts is established.
2. Determine if accounts are reviewed for compliance, including the level of access and conflicting access, following the principle of least privilege and consideration of separation of duties.
3. Determine if accounts are reviewed at the organization-defined frequency.

Standards mappings

ISO 42001No Gap
42001 B.3.2 - AI roles and responsibilities
27001 A.5.18 - Access rights
27001 A.5.15 - access control
Addendum

N/A

EU AI ActPartial Gap
Article 8
Article 9
Article 14
Article 15
Addendum

Article 9 can be modified to add the specific entry on a specified/specific time-frame, as per needs of the organization.

NIST AI 600-1Partial Gap
MP-3.4-005
Addendum

No explicit reference to the requirement of periodically reviewing user access permissions in accordance with common security principles (e.g., least privilege, separation of duties) is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 DM-01
C4 DM-02
C5 IDM-05
Addendum

N/A

AI-CAIQ questions (1)

IAM-08.1

Are user access for least privilege and separation of duties reviewed and revalidated with a frequency commensurated with organizational risk tolerance and at least annually or upon significant changes?