Authorization Mechanisms
Specification
Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized.
Threat coverage
Architectural relevance
Lifecycle
Resource provisioning, Team and expertise
Design, Supply Chain, Training, Guardrails
Validation/Red Teaming, Evaluation
AI Services supply chain, Orchestration, AI applications
Operations, Maintenance
Archiving, Data deletion, Model disposal
Ownership / SSRM
PI
Shared Cloud Service Provider-Model Provider (Shared CSP-MP)
The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.
Model
Owned by the Model Provider (MP)
The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.
Orchestrated
Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)
The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.
Application
Shared Application Provider-AI Customer (Shared AP-AIC)
The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.
Implementation guidelines
Auditing guidelines
1. Verify IAM policies enforce least-privilege access to AI workloads and resources. 2. Confirm that access to sensitive cloud-native AI services is governed by conditional IAM policies. 3. Validate cloud authorization logs capture all access grant and denial events. 4. Ensure regular reviews of authorization rules to prevent privilege creep. 5. Confirm that misconfigured policies are automatically flagged by cloud-native analyzers. From CCM: 1. Determine if processes, procedures, and technical measures, for verification of access authorization to data and system functions, are defined. 2. Determine if processes, procedures, and technical measures, for verification of access authorization to data and system functions, are implemented and consistently followed in practice.
Standards mappings
42001: A.2.3 - Alignment with other organizational policies 42001: A.2.4 - Review of the AI policy 27001: A.5.1 - Policies for information security 27001: A.5.15 - Access control
Addendum
N/A
Article 9 Article 15 Article 16 Article 17 Article 29
Addendum
Include specific access control design, enforcement, monitoring, and audit requirements.
No Mapping
Addendum
No (explicit/implicit) reference to the requirement set by the AICM control is made in the NIST AI 600-1 standard.
C4 DM-02 C4 SR-06 C5 PSS-09
Addendum
N/A
AI-CAIQ questions (1)
Are processes, procedures, and technical measures defined, implemented, and evaluated to verify access to data and system functions are authorized?