AICM AtlasCSA AI Controls Matrix
STA · Supply Chain Management, Transparency, and Accountability
STA-04Cloud & AI Related

SSRM Guidance

Specification

Provide SSRM Guidance to the Customer detailing information about the SSRM applicability throughout the supply chain.

Threat coverage

Model manipulation
Data poisoning
Sensitive data disclosure
Model theft
Model/Service Failure
Insecure supply chain
Insecure apps/plugins
Denial of Service
Loss of governance

Architectural relevance

Physical infrastructure
Network
Compute
Storage
Application
Data

Lifecycle

Preparation

Data collection, Data curation, Data storage

Development

Guardrails, Supply Chain

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

AI Services supply chain, AI applications, Orchestration

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Data deletion, Model disposal, Archiving

Ownership / SSRM

PI

Owned by the Cloud Service Provider (CSP)

The Cloud Service Provider (CSP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with cloud computing (processing, storage, and networking) technologies in the context of the services or products they develop and offer. The CSP is responsible and accountable for implementing the control within its own infrastructure/environment. The CSP is responsible for enabling the customer and/or upstream partner to implement/configure the control within their risk management approach. The CSP is accountable for ensuring that its providers upstream implement the control related to the service/product developed and offered by the CSP.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Owned by the Application Provider (AP)

The Application Provider (AP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The AP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the AP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The AP is accountable for carrying out the due diligence on its upstream providers (e.g MPs, Orchestrated Services) to verify that they implement the control as it relates to the service/product develop and offered by the AP. These providers build and offer end-user applications that leverage generative AI models for specific tasks such as content creation, chatbots, code generation, and enterprise automation. These applications are often delivered as software-as-a-service (SaaS) solutions. These providers focus on user interfaces, application logic, domain-specific functionality, and overall user experience rather than underlying model development. Example: OpenAI (GPTs,Assistants), Zapier, CustomGPT, Microsoft Copilot (integrated into Office products), Jasper (AI-driven content generation), Notion AI (AI-enhanced productivity tools), Adobe Firefly (AI-generated media), and AI-powered customer service solutions like Amazon Rufus, as well as any organization that develops its AI-based application internally.

Implementation guidelines

[All Actors]
1. Develop comprehensive SSRM guidance documents that explain how the SSRM framework applies to your products/services and your position in the supply chain.

2. Clearly communicate your SSRM responsibilities to customers, detailing what security controls you implement and what remains the customer's responsibility.

3. Provide transparency into your supply chain by documenting how SSRM requirements flow down to your own suppliers and partners.

4. Make SSRM guidance easily accessible to customers through portals, documentation repositories, or dedicated communication channels.

5. Ensure guidance is updated regularly to reflect changes in your services, supply chain, or regulatory requirements.

Auditing guidelines

1. Confirm the cloud service provider (CSP) publishes clear and accessible SSRM guidance for customers, outlining shared responsibilities across infrastructure, platform services, and integrated AI workloads.

2. Review the CSP’s public documentation, trust center, or support resources for detailed descriptions of customer responsibilities such as configuring identity and access management (IAM), securing data at rest and in transit, managing virtual networks, and monitoring cloud resource usage.

3. Evaluate whether the SSRM guidance covers critical infrastructure-layer risks, including but not limited to: data residency and encryption; availability zones and failover strategies; tenant isolation and shared resource segmentation; logging, telemetry, and customer monitoring interfaces. Confirm that these responsibilities are clearly delineated between CSP and AIC in documentation and contractual materials.

From CCM:
1. Examine the policy for assessing, demarcating, and documenting the interfaces at the edges of the organization’s responsibility.
2. Determine if the delineation has been done, and is current.
3. Examine the process for communicating the security responsibility boundaries to third-parties.

Standards mappings

ISO 42001No Gap
42001: A.2.3 Alignment with other organizational policies
42001: A.10.2 Allocating Responsibilities
27001: 7.4 Communication
27001: 9.1 General - Internal Audit
27001: A.5.20 Addressing information security within supplier agreements
27001: A.5.21 Managing information security in the information and communication technology (ICT) supply chain
27001: A.5.23 Information security for use of cloud services
27002: 5.20 (a-z) Addressing information security within supplier agreements
27002: 5.21 (a-m) Managing information security in the information and communication technology (ICT) supply chain
27002: 5.23 (d) Information security for use of cloud services
Addendum

N/A

EU AI ActPartial Gap
Article 13(1)
Article 13 (2)
Article 13 (3)
Article 25 (4)
Addendum

Formal guidance to customers about SSRM applicability across the supply chain.

NIST AI 600-1Partial Gap
GV-6.1-002
Addendum

The NIST AI 600-1 control GV-6.1-002 doesn't mention the shared responsibility throughout the entire supply chain, not just to collaborate to manage GAI risks.

BSI AIC4No Gap
C4 PC-02
C5 PSS-01
Addendum

N/A

AI-CAIQ questions (1)

STA-04.1

Are customers provided with SSRM guidance detailing its applicability throughout the supply chain?