AICM AtlasCSA AI Controls Matrix
MDS · Model Security
MDS-05AI-Specific

Model Documentation Validation

Specification

Define, implement, and evaluate processes, procedures, and technical measures for the validation of the Model documentation aligned with the current model.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data collection, Data curation

Development

Design, Training

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous improvement

Retirement

Not applicable

Ownership / SSRM

PI

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[Shared Responsibilities (Applicable to MP, OSP, AP)]

1. Perform regular Validation including:
          - Automated schema validation
          - Full model behavior validation
          - Comprehensive documentation review

2. Perform Event-Triggered Validation
          - Model updates - consider training data changes
          - API modifications
          - Dependency updates

3. Define thresholds to be used in the validation process, which trigger an alert for investigation

4. Review Procedures and Documentation
    - Compare model card against actual implementation
    - Verify accuracy of all technical specifications
    - Validate example inputs and outputs
    - Review evaluation metrics and results

5. Incident Response
    - Document validation failures
    - Track resolution progress
    - Update relevant stakeholders
    - Maintain audit trail

6. Continuous Improvement Optional
    - Regular review of validation processes
    - Update procedures based on findings
    - Incorporate feedback from stakeholders
    - Maintain validation documentation

Auditing guidelines

1. Assess the CSP's processes for ensuring integrity and validation of the models' documentation. 

2. Examine validation mechanisms in place and whether they align with the security protocols implemented by the organization. 

3. Ensure all documentation is consistently updated to address any data changes.

Standards mappings

ISO 42001Partial Gap
42001: A.6.2.4 - AI System Verification and Validation
42001: A.4.2 - Resource Documentation
42001: A.2.2 - AI Policy and A.6.2.1 - AI System Requirements
Addendum

Add explicit controls on validation of accuracy and alignment, lifecycle traceability, and audit/evaluation requirement on evaluation of documentation practices.

EU AI ActNo Gap
Article 13 (2)
Article 13 (3)
Addendum

N/A

NIST AI 600-1Full Gap
No Mapping
Addendum

No NIST AI 600-1 controls address validating model documentation is aligned with the current model.

BSI AIC4No Gap
C4 PC-02
C5 SP-01
Addendum

N/A

AI-CAIQ questions (1)

MDS-05.1

Are processes, procedures, and technical measures defined, implemented, and evaluated for the validation of the model documentation aligned with the current model?