AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-12Cloud & AI Related

Safeguard Logs Integrity

Specification

Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data storage, Resource provisioning, Team and expertise

Development

Design, Supply Chain

Evaluation

Validation/Red Teaming

Deployment

AI Services supply chain, Orchestration, AI applications

Delivery

Operations, Maintenance, Continuous monitoring

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Owned by the Cloud Service Provider (CSP)

The Cloud Service Provider (CSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with cloud computing (processing, storage, and networking) technologies in the context of the services or products they develop and offer. The CSP is responsible and accountable for implementing the control within its own infrastructure/environment. The CSP is responsible for enabling the customer and/or upstream partner to implement/configure the control within their risk management approach. The CSP is accountable for ensuring that its providers upstream implement the control related to the service/product developed and offered by the CSP.

Model

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Orchestrated

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[All Actors]
1. Centralize Logging: when possible consolidate logs for better visibility and a reduced threat surface.

2. Leverage Just-In-Time/Temporary access with appropriate approvers for roles with more than read-only access.

3. Implement an approval process for breakglass accounts to reduce the risk of log tampering or loss.

4. Use WORM (Write One Read Many) storage and/or logging solutions to prevent tampering and data loss (e.g., AWS S3 Object Locking, Azure Blob Storage with Immutable Policies).

5. Implement alerting mechanism for access to logs and modification of controls related to logs.

6. Ensure read-only access to logs.

[MP, OSP,  AP]
1. When performing high-risk operation or when utilizing high-risk per permission that could affect log integrity, obtain approval from the AIC [See IAM-11].

Auditing guidelines

1. Verify platform logging services enforce read-only controls at the infrastructure level.

2. Confirm that administrative users cannot disable or modify logging.

3. Ensure detection of log tampering or gaps is in place through automated alerts.

4. Check whether SoD is enforced between platform engineers and logging auditors.

5. Review how log backups and retention policies are governed.

From CCM:
1. Determine if processes, procedures, and technical measures are defined for log management.
2. Determine if processes, procedures, and technical measures for log management include the following two requirements:
   a. the logging infrastructure is read-only for all with write access, including privileged access roles.
   b. the ability to disable and/or modify logs is controlled following separation of duties and established break glass procedures.
3. Evaluate if the processes, procedures, and technical measures for log management are implemented and consistently followed in practice.

Standards mappings

ISO 42001No Gap
42001: A.2.3 - Alignment with other organizational policies
42001: A.2.4 - Review of the AI policy
27001: A.5.1 - Policies for information security
27001 A.8.3 - Information access restriction
27001 A.5.18 - Access rights
27001.A.5.33 - Protection of records
Addendum

N/A

EU AI ActPartial Gap
Article 12 (d)
Article 21 (2)
Article 22 (3c)
Article 59 (1)(h)
Addendum

1. Verify that the AI service provider has established tamper-evident, read-only log storage mechanisms covering AI model operations, data usage, and system events. 2. Check for documented procedures that define how the provider restricts or disables the logging subsystem, including break-glass controls with multi-party authorization. 3. Mandate immutable logging, define write protections, privilege boundaries, or file system security, require evaluation or formal protection of logs from tampering, include "break-glass" or override access procedures.

NIST AI 600-1Full Gap
No Mapping
Addendum

No (explicit/implicit) reference to the requirement of defining, implementing, or evaluating processes, procedures and/or technical measures in the domain of logging infrastructures security and integrity is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 SR-06
C5 OPS-10
C5 OPS-12
Addendum

N/A

AI-CAIQ questions (1)

IAM-12.1

Are processes, procedures, and technical measures defined, implemented, evaluated to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it, is controlled through a procedure that ensures the segregation of duties and break glass procedures?