MDS-13Cloud & AI Related

Secure Model Format

Specification

Adopt secure model formats and processes for AI model serialization where applicable.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Team and expertise

Development

Design, Guardrails

Evaluation

Validation/Red Teaming

Deployment

Orchestration, AI Services supply chain

Delivery

Maintenance

Retirement

Model disposal

Ownership / SSRM

Shared Cloud Service Provider-Model Provider (Shared CSP-MP)

The CSP and MP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Implementation guidelines

[Shared Responsibilities (OSP-AP)]
1. Verify compliance of models with secure formats before loading them into production systems.

2. Apply security controls to models before deployment, ensuring they do not contain malicious code or deserialization vulnerabilities.

Auditing guidelines

1. Verify the CSP's processes ensure that the models' security during transfer, storage, and deployment, for customer's use. 

2. Assess security measures applied to secure formats during deployment and transit from the source of the models. 

3. Examine encryption protocols, access controls, and data integrity checks and if they're adequately secured.

Standards mappings

ISO 42001No Gap

ISO 42001 A.6.1.3 - Processes for responsible AI system design and development
ISO 42001 B.6.1.3 - Processes for responsible design and development of AI systems
ISO 42001 B.6.2.3 - Documentation of AI system design and development

Addendum

N/A

EU AI ActNo Gap

Article 15 (1)
Article 15 (4)
Article 15 (5)

Addendum

N/A

NIST AI 600-1Full Gap

No Mapping

Addendum

NIST AI 600-1 should reference MDS-13 to adopt secure model formats and processes for AI model serialization.

BSI AIC4No Gap

C4 SR-06
C4 SR-07

Addendum

N/A

AI-CAIQ questions (1)

MDS-13.1

Are secure model formats and processes for AI model serialization adopted where applicable?