AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-09Cloud & AI Related

Segregation of Privileged Access Roles

Specification

Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data curation, Data storage, Resource provisioning, Team and expertise

Development

Training, Guardrails, Supply Chain

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
1. Define clear boundaries between roles such as administrator, developer, auditor, and operator.

2. Restrict conflicting or high-risk role combinations (e.g., developer and production admin) to enforce separation of duties.

3. Segregate duties in provisioning workflows so no single person requests, approves and applies the same privilege.

4. Monitor privilege escalation paths and restrict temporary elevation through strong justification and approval.

5. Regularly assess segregation policies for effectiveness and alignment with risk management frameworks.

6. Enforce role rules through RBAC or ABAC in every system; apply the same constraints to API keys and service accounts.

7. Run periodic certification / reconciliation campaigns to verify that current entitlements match approved role definitions; remediate exceptions.

Auditing guidelines

1. Confirm role segregation exists between CSP engineers, support staff, and customers.

2. Validate that root-level access is strictly limited and logged.

3. Check for separation between infrastructure provisioning and billing operations.

4. Review CSP’s IAM policies for conflict-of-interest prevention.

5. Confirm use of break-glass procedures for emergency access with auditing.

From CCM:
1. Determine if processes, procedures, and technical measures for the separation of privileged access are defined and include requirements for separation of administrative access to data, encryption, key management and logging capabilities.
2. Evaluate if established processes, procedures, and technical measures for the separation of privileged access are implemented and followed in practice.

Standards mappings

ISO 42001No Gap
42001: A.2.3 - Alignment with other organizational policies
42001: A.2.4 - Review of the AI policy
27001: A.5.1 - Policies for information security
27001: A.5.18 - Access rights
27001:A.8.2 - Privileged access rights
27001:A.8.3 - Information access restriction
27001:A.8.4 - Access to source code
27001.A.8.18 - Use of privileged utility programs
Addendum

N/A

EU AI ActPartial Gap
Article 11
Article 13
Article 14
Addendum

The EU AI Act doesn't fully cover the AICM control.

NIST AI 600-1Full Gap
No Mapping
Addendum

No reference to the requirement of defining, implementing, or evaluating processes, procedures and/or technical measures for the segregation of privileged access roles is made in the NIST AI 600-1 standard.

BSI AIC4Partial Gap
C4 DM-01
C4 DM-02
C4 RE-02
C5 IDM-06
C5 OPS-10
C5 OPS-12
C5 CRY-04
Addendum

No C4 control speaks to IAM-09 topic of key management.

AI-CAIQ questions (1)

IAM-09.1

Are processes, procedures, and technical measures for the segregation of privileged access roles, defined, implemented, and evaluated?