AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-10Cloud & AI Related

Management of Privileged Access Roles

Specification

Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the accumulation of segregated privileged access.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage, Resource provisioning

Development

Design, Supply Chain

Evaluation

Validation/Red Teaming

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Application Provider-AI Customer (Shared AP-AIC)

The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.

Implementation guidelines

[All Actors]
1. Implement a "Just-In-Time" access provisioning tool to allow for temporary and timebound access provisioning. This can be achieved by temporary provisioning of permissions to the user, temporary assignment of user to a group with the required permissions or temporary 
impersonation of an account with the required permissions.

2. Implement an approval process for provisioning sensitive privileges.
 
3. Create an auditing procedure to review activation and activity of privileged roles on a regular basis.

4. Regularly review and certify individuals with the ability to provision privileged credentials.

[AP, AIC]
1. Document agent-based access to Privileged Roles in a similar manner to users.

2. Perform audits and access certification on AI systems with access to privileged roles and permissions.

Auditing guidelines

1. Confirm privileged roles (e.g., cloud admins, network architects) require multi-step approval.

2. Review credential management for privileged identities.

3. Check for controls that prevent role escalation without visibility.

4. Validate periodic audits of privilege usage and associated actions.

5. Ensure evidence exists of privilege role reviews post-incident.

From CCM:
1. Determine if an access process, that includes requirements for limiting the time period of privileged access roles and rights, is defined.
2. Determine if procedures address the prevention of culmination of segregated privileged access.
3. Evaluate if an access process, that includes requirements for limiting the time period of privileged access roles and rights, is implemented and consistently followed in practice.
4. Evaluate if procedures that address the prevention of culmination of segregated privileged access is implemented and consistently followed in practice.

Standards mappings

ISO 42001No Gap
42001: A.2.3 - Alignment with other organizational policies
42001: A.2.4 - Review of the AI policy
27001: A.5.1 - Policies for information security
27001: A.8.2 - Privileged access rights
27001.A.8.18 - Use of privileged utility programs
Addendum

N/A

EU AI ActPartial Gap
Article 9
Article 10
Article 14 (1)
Article 14 (4)
Article 15
Article 26 (2)
Annex IV
Addendum

Add concrete technical and procedural controls to fully meet the privileged access management control. This includes: defining and limiting privileges, enforcing time-based access, preventing role overlap, and auditing privileged activity.

NIST AI 600-1Full Gap
No Mapping
Addendum

No (explicit/implicit) reference to the requirement of defining and implementing processes and procedures aimed at managing privileged access roles according to security best practices is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 DM-01
C4 DM-02
C5 IMD-06
Addendum

N/A

AI-CAIQ questions (2)

IAM-10.1

Is an access process defined and implemented to ensure privileged access roles and rights are granted for a time-limited period?

IAM-10.2

Are procedures implemented to prevent the accumulation of segregated privileged access?