Audit Logs Protection
Specification
Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs.
Threat coverage
Architectural relevance
Lifecycle
Data storage
Training
Evaluation, Validation/Red Teaming, Re-evaluation
Orchestration, AI Services supply chain, AI applications
Operations, Maintenance, Continuous monitoring, Continuous improvement
Archiving, Data deletion, Model disposal
Ownership / SSRM
PI
Shared Cloud Service Provider-Model Provider (Shared CSP-MP)
The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.
Model
Owned by the Model Provider (MP)
The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.
Orchestrated
Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)
The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.
Application
Owned by the Application Provider (AP)
The Application Provider (AP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The AP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the AP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The AP is accountable for carrying out the due diligence on its upstream providers (e.g MPs, Orchestrated Services) to verify that they implement the control as it relates to the service/product develop and offered by the AP. These providers build and offer end-user applications that leverage generative AI models for specific tasks such as content creation, chatbots, code generation, and enterprise automation. These applications are often delivered as software-as-a-service (SaaS) solutions. These providers focus on user interfaces, application logic, domain-specific functionality, and overall user experience rather than underlying model development. Example: OpenAI (GPTs,Assistants), Zapier, CustomGPT, Microsoft Copilot (integrated into Office products), Jasper (AI-driven content generation), Notion AI (AI-enhanced productivity tools), Adobe Firefly (AI-generated media), and AI-powered customer service solutions like Amazon Rufus, as well as any organization that develops its AI-based application internally.
Implementation guidelines
Auditing guidelines
1. Inquiring with Control Owners 1.1 Conduct interviews with personnel responsible for defining, implementing, and evaluating audit log security and retention processes for cloud infrastructure and AI processing services to understand their roles in protecting infrastructure logs and customer compute data. Verify their understanding of technical measures implemented to ensure audit logs from GPU/TPU resources, distributed computing environments, and customer workloads remain secure and are retained according to organizational requirements. 2. Inspecting Records and Documents 2.1 Verify that infrastructure logs, hypervisor logs, and customer compute session logs are stored in write-once or append-only formats where feasible. 2.2 Confirm that logs containing customer workload data, resource utilization metrics, and infrastructure access patterns are protected using encryption at rest and in transit. 2.3 Ensure access to infrastructure logs is restricted to authorized cloud operations personnel only, with RBAC or IAM controls maintaining customer data isolation. 2.4 Validate mechanisms to detect and alert on unauthorized access attempts or changes to logs containing customer infrastructure usage and performance data. 2.5 Check that cloud infrastructure log protection is periodically tested through internal audits, including validation of multi-tenancy security controls. 2.6 Confirm that log retention for cloud services aligns with customer contracts, regulatory requirements, and business policy requirements. 2.7 Verify that controls are in place to prevent unauthorized access to customer compute logs and maintain infrastructure security boundaries. 2.8 Review documented processes and procedures for cloud infrastructure audit log security, including breach notification and regulatory reporting procedures. 2.9 Validate that backup and recovery procedures exist for infrastructure audit logs to ensure operational continuity and customer service availability. 2.10 Confirm that log disposal procedures are secure and documented for infrastructure logs when retention periods expire, including customer data destruction verification. 2.11 Validate that logging services (e.g., CloudTrail, Audit Logs) enforce strict access policies and logging integrity. 2.12 Confirm logs cannot be disabled or modified without elevated administrative approval. 2.13 Ensure that encryption and integrity checks are applied to all logs in transit and at rest. 2.14 Verify segregation of duties to prevent unauthorized access or deletion of customer logs. 2.15 Confirm mechanisms exist to detect tampering or anomalies in the logging pipeline. 2.16 Check that CSP logs are regularly backed up and retained per compliance standards. 2.17 Ensure CSP logs support forensic investigations and comply with third-party audit requirements. 2.18 Validate that security incidents involving logging protection violations are promptly recorded and remediated.
Standards mappings
ISO 42001 A.6.2.8 ISO 27001 A.8.15
Addendum
N/A
Article 12 Article 13 Article 26
Addendum
The EU AI Act merely states that "providers of high-risk AI systems shall keep [...] logs [...] to the extent such logs are under their control," and sets, among others, guidelines for logs' retention. Nevertheless, the European regulation does not delve into the specific requirement of defining, implementing, and evaluating policies and procedures in the domain of logging security and retention.
MP-2.3-003 GV-1.5-003 MP-4.1-005 MG-2.2-007
Addendum
The AICM requirement is specific to audit logs, and the NIST AI 600-1 control is not.
C4 PC-02 C4 CM-02 C5 OPS-12 C5 OPS-13 C5 OPS-14
Addendum
N/A
AI-CAIQ questions (1)
Are processes, procedures, and technical measures defined, implemented, and evaluated to ensure audit log security and retention?