AICM AtlasCSA AI Controls Matrix
IAM · Identity & Access Management
IAM-13Cloud & AI Related

Uniquely Identifiable Users

Specification

Define, implement and evaluate processes, procedures and technical measures, that ensure identities’ activities are identifiable through uniquely associated IDs.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data collection, Resource provisioning

Development

Design, Supply Chain

Evaluation

Validation/Red Teaming

Deployment

AI Services supply chain

Delivery

Operations, Maintenance

Retirement

Archiving, Data deletion, Model disposal

Ownership / SSRM

PI

Owned by the Cloud Service Provider (CSP)

The Cloud Service Provider (CSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with cloud computing (processing, storage, and networking) technologies in the context of the services or products they develop and offer. The CSP is responsible and accountable for implementing the control within its own infrastructure/environment. The CSP is responsible for enabling the customer and/or upstream partner to implement/configure the control within their risk management approach. The CSP is accountable for ensuring that its providers upstream implement the control related to the service/product developed and offered by the CSP.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Application Provider-AI Customer (Shared AP-AIC)

The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.

Implementation guidelines

[All Actors]
1. Integrate organization idPs with platforms and applications to streamline unique user ids management.

2. Integrate procedures for generating unique identifiers for users and accounts into provisioning processes (e.g. Onboarding new hires, access requests to new systems).

3. When unique identifiers can not be utilized, employ a "checkout" mechanism via technology or administrative controls in which an account is assigned to a user for a time period.

4. Implement access control measures to ensure user IDs are authenticated and authorized when accessing information.

[OSP/AP/AIC]
1. Ensure Agent-Based systems are uniquely identified to ensure actions can be attributed to the correct components (e.g service accounts for agents are unique for the tools and model versions [A2A Datacards]).

2. Implement access control with Agent-based systems utilizing there unique IDs for authorization to resources.

3. Regularly Audit user accounts and their usage to ensure all actors are uniquely identified (check for indication of shared account usage).

[OSP/AP]
1. Ensure that secrets and key for programmatic access are assigned and associated with a unique Actor ID (user or agent based system).

2. Ensure provided platform supports unique ID for AICs users.

3. Ensure provided platform provides access control mechanisms supporting unique IDs for AICs users.

Auditing guidelines

1. Confirm cloud tenants and users are assigned unique identifiers across all services.

2. Ensure traceability from IAM policies to cloud resource actions.

3. Check for mechanisms that detect shared credentials or account reuse.

4. Validate logging systems associate user IDs with resource operations.

5. Confirm periodic reviews of identity lifecycle management for cloud accounts.

From CCM:
1. Determine if processes, procedures, and technical measures are defined and require that users are identifiable through unique IDs or by association of individuals to the usage of user IDs.
2. Determine if the established processes, procedures, and technical measures are implemented and consistently followed in practice.

Standards mappings

ISO 42001No Gap
42001: A.2.3 - Alignment with other organizational policies
42001: A.2.4 - Review of the AI policy
27001: A.5.1 - Policies for information security
27001:A.5.16 - Identity management
Addendum

N/A

EU AI ActPartial Gap
Article 9
Article 14
Article 15
Article 17
Annex IV
Addendum

Add a requirement for: unique user IDs, restrictions on shared accounts, identity traceability in audit logs, or identity lifecycle governance.

NIST AI 600-1Full Gap
No Mapping
Addendum

No (explicit/implicit) reference to the requirement set by the AICM control is made in the NIST AI 600-1 standard.

BSI AIC4No Gap
C4 DM-02
C5 IDM-01
C5 ISM-02
Addendum

N/A

AI-CAIQ questions (1)

IAM-13.1

Are processes, procedures, and technical measures, that ensure identities’ activities are identifiable through uniquely associated IDs, defined, implemented, and evaluated?