TVM-03Cloud & AI Related

Vulnerability Identification

Specification

Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk.

Threat coverage

Model manipulation

Data poisoning

Sensitive data disclosure

Model theft

Model/Service Failure

Insecure supply chain

Insecure apps/plugins

Denial of Service

Loss of governance

Architectural relevance

Physical infrastructure

Network

Compute

Storage

Application

Data

Lifecycle

Preparation

Data storage, Resource provisioning

Development

Training

Evaluation

Evaluation, Validation/Red Teaming, Re-evaluation

Deployment

Orchestration, AI Services supply chain, AI applications

Delivery

Operations, Maintenance, Continuous monitoring, Continuous improvement

Retirement

Data deletion, Model disposal

Ownership / SSRM

Shared across the supply chain

Shared control ownership refers to responsibilities and activities related to LLM security that are distributed across multiple stakeholders within the AI supply chain, including the Cloud Service Provider (CSP), Model Provider (MP), Orchestrated Service Provider (OSP), Application Provider (AP), and Customer (AIC). These controls require coordinated actions, communication, and governance across all involved parties to ensure their effectiveness.

Model

Owned by the Model Provider (MP)

The model provider (MP) designs, develops, and implements the control as part of their services or products to mitigate security, privacy, or compliance risks associated with the Large Language Model (LLM). Model Providers are entities that develop, train, and distribute foundational and fine-tuned AI models for various applications. They create the underlying AI capabilities that other actors build upon. Model Providers are responsible for model architecture, training methodologies, performance characteristics, and documentation of capabilities and limitations. They operate at the foundation layer of the AI stack and may provide direct API access to their models. Examples: OpenAI (GPT, DALL-E, Whisper), Anthropic(Claude), Google(Gemini), Meta(Llama), as well as any customized model.

Orchestrated

Shared Orchestrated Service Provider-Application Provider (Shared OSP-AP)

The OSP and AP are jointly responsible and accountable for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they develop and offer.

Application

Shared Application Provider-AI Customer (Shared AP-AIC)

The AP and AIC both share responsibility and accountability for the design, development, implementation, and enforcement of the control to mitigate security, privacy, or compliance risks associated with Large Language Model (LLM)/GenAI technologies in the context of the services or products they offer and consume.

Implementation guidelines

[All Actors]
1. Develop a patch management process that supports both scheduled windows and emergency releases, prioritising the remediation of vulnerabilities based on their risk and potential business impact.

2. Ensure that patches and updates are deployed promptly to mitigate identified vulnerabilities.

3. Implement testing procedures to validate the effectiveness of patches and ensure they do not introduce new vulnerabilities or performance issues.

4. Track remediation progress, ensuring that critical vulnerabilities are resolved within defined timeframes.

5. Keep auditable records of all patching activities and vulnerability remediation efforts for audit and compliance purposes.

Auditing guidelines

1. Verify that the Cloud Service Provider (CSP) has defined processes, procedures, and technical measures supporting efforts to adopt scheduled and/or emergency responses (based on risk evaluations) to vulnerabilities identified within the security perimeter. Ensure that the policies are documented in detail, covering scope, objectives, roles and responsibilities.

2. Inspect whether the above-mentioned policies, procedures and technical measures are compliant with relevant regulatory requirements and industry best practices.

3. Confirm that the above-mentioned policies, procedures and technical measures are concretely and appropriately applied by involved parties in their day-to-day operations.

4. Inspect whether the above-mentioned policies, procedures and technical measures are monitored against sets of efficacy and efficiency metrics / indicators.

5. Inspect whether the above-mentioned policies, procedures and technical measures are periodically reviewed and updated by responsible parties.

6. Review the CSP’s public documentation on their patching and vulnerability remediation timelines for their infrastructure and services.

7. Confirm the CSP has a well-defined process for emergency security updates across their global infrastructure.

Standards mappings

ISO 42001No Gap

42001: 6.1.2 AI risk assessment
42001: 8.1 Operational planning and control
42001: 9.1 Monitoring
measure.
27001: 8.1 Operational Planning and Control
27001: A.5.26 Response to information security incidents
27001: A.8.8 Management of technical vulnerabilities

Addendum

N/A

EU AI ActPartial Gap

Article 15 (5)

Addendum

Explicit mention of vulnerability response and explicit distinction between remedial actions (e.g., scheduled vs. emergency responses to vulnerabilities).

NIST AI 600-1No Gap

GV-1.3-003
MG-2.3-001
MG-4.2-002

Addendum

N/A

BSI AIC4No Gap

C4 SR-06
C4 RE-05
C5 OPS-18

Addendum

N/A

AI-CAIQ questions (1)

TVM-03.1

Are processes, procedures, and technical measures defined, implemented, and evaluated to enable scheduled and emergency responses to vulnerability identifications based on the identified risk?