TVM-01Cloud & AI Related

Threat and Vulnerability Management Policy and Procedures

Specification

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities and threats, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually or upon significant changes.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Data storage, Resource provisioning

Development

Training

Evaluation

Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Data deletion

Ownership / SSRM

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Model Provider-Orchestrated Service Provider (Shared MP-OSP)

The MP and OSP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Owned by the Application Provider (AP)

The Application Provider (AP) is responsible for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer. The AP is responsible and accountable for the implementation of the control within its own infrastructure/environment. If the control has downstream implications on the users/customers, the AP is responsible for enabling the customer and/or upstream partner in the implementation/configuration of the control within their risk management approach. The AP is accountable for carrying out the due diligence on its upstream providers (e.g MPs, Orchestrated Services) to verify that they implement the control as it relates to the service/product develop and offered by the AP. These providers build and offer end-user applications that leverage generative AI models for specific tasks such as content creation, chatbots, code generation, and enterprise automation. These applications are often delivered as software-as-a-service (SaaS) solutions. These providers focus on user interfaces, application logic, domain-specific functionality, and overall user experience rather than underlying model development. Example: OpenAI (GPTs,Assistants), Zapier, CustomGPT, Microsoft Copilot (integrated into Office products), Jasper (AI-driven content generation), Notion AI (AI-enhanced productivity tools), Adobe Firefly (AI-generated media), and AI-powered customer service solutions like Amazon Rufus, as well as any organization that develops its AI-based application internally.

Implementation guidelines

[All Actors]
1. Establish a unified vulnerability-management framework that covers identification, classification, remediation and reporting.

2. Define clear roles and responsibilities for discovery, assessment, triage and patch deployment.

3. Implement automated scanning tools and complementary manual assessments to continuously monitor source code, container images, model artefacts, APIs, and third-party dependencies for known vulnerabilities (e.g., CVEs) and emerging threats identified via threat-intelligence feeds.

4. Prioritize vulnerabilities using a risk-based approach and define remediation SLAs aligned with business impact and exploitation likelihood.

5. Maintain a centralized tracking system with severity, deadlines, remediation status, and validation results visible to all relevant parties.

6. Review and synchronize the framework and policies at least annually, and following any significant changes, incorporating lessons learned.

7. Collaborate to remediate shared-stack vulnerabilities (e.g., APIs, orchestration, cloud infrastructure) within agreed timelines.

Auditing guidelines

1. Verify that the CSP has established and documented TVM policies and procedures defining scope, objectives, roles, and responsibilities.

2. Inspect whether the policies are compliant with regulatory requirements, industry best practices, and relevant threat scenarios.

3. Verify formal approval of the policies by authorized management.

4. Verify communication of the policies to all relevant stakeholders and their understanding.

5. Confirm that the policies are effectively applied in daily operations.

6. Verify that metrics are established and monitored to evaluate effectiveness and identify areas for improvement.

7. Inspect evidence that the policies are reviewed and updated at least annually or upon significant changes.

8. Verify that the TVM policy explicitly covers all layers of the cloud infrastructure — physical, hypervisor, network, and managed services.

9. Review the CSP’s public‑facing documentation (e.g., cloud security white papers, SOC 2 reports) describing vulnerability scanning, patching, and remediation practices.

10. Confirm that the CSP provides customers with tools, guidance, or best practices to help them manage vulnerabilities in their own cloud environments as part of the shared responsibility model.

11. Verify that policies and procedures include formalized mechanisms and dedicated communication channels for Vulnerability Disclosure activities.

From CCM:
1. Examine policy for adequacy, currency, communication, and effectiveness.
2. Examine policy and procedures for evidence of review at least annually.

Standards mappings

ISO 42001No Gap

A.2.4 Review of AI Policy (42001)
6.1.1 General (42001 - Actions to address risks and opportunities)
6.1.3 AI risk treatment (42001)
7.4 Communication (42001)
7.5 Documented Information (42001)

Addendum

N/A

EU AI ActPartial Gap

Article 15 (4)
Article 15 (5)

Addendum

Contrarily to the AICM control that provides an increased level of technical details, the EU AI Act establishes more general security principles that encompass the aspects tackled in the control.

NIST AI 600-1Partial Gap

MG-2.4-003

Addendum

NIST AI 600-1 should reference review and update of the policies and procedures at least annually.

BSI AIC4No Gap

C4 PC-02
C4 SR-01
C5 OPS-18

Addendum

N/A

AI-CAIQ questions (2)

TVM-01.1

Are policies and procedures that identify, report, and prioritize the remediation of vulnerabilities and threats in order to protect systems against vulnerability exploitation, established, documented, approved, communicated, applied, evaluated, and maintained?

TVM-01.2

Are threats and vulnerabilities policies and procedures reviewed and updated at least annually or upon significant changes?