HITRUST CSF requirement statement [?] (Updated version of 07.10mOWASPOrganizational.3 in v11.4.0, coming in Nov. 2024)
The organization (1) adds adversarial examples to AI training data to make the model
more resilient to attacks.
- Evaluative elements in this requirement statement [?]
-
1. The organization adds adversarial examples to AI training data to make the model more resilient to attacks.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, select a sample of the organizations AI training data to confirm it includes adversarial examples to make the model more resilient to attacks.
- For example, select a sample of the organizations AI training data to confirm it includes adversarial examples to make the model more resilient to attacks.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate if the organizations AI training data includes adversarial examples. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that all AI training data includes adversarial examples to make the model more resilient to attacks.
- For example, measures indicate if the organizations AI training data includes adversarial examples. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that all AI training data includes adversarial examples to make the model more resilient to attacks.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 07 Vulnerability Management
- Control category: 10.0 – Information Systems Acquisition, Development, and Maintenance
- Control reference: 10.m – Control of Technical Vulnerabilities
- Specific to which parts of the overall AI system? [?]
-
AI platform layer
- AI datasets and data pipelines
- AI datasets and data pipelines
- Discussed in which authoritative AI security sources? [?]
-
- OWASP Machine Learning Security Top 10
2023, © The OWASP Foundation- Where: ML01:2023 Input manipulation attack > How to prevent > Bullet #1
- Where: ML01:2023 Input manipulation attack > How to prevent > Bullet #1
- OWASP AI Exchange
2024, © The OWASP Foundation- Where: #TRAINADVERSARIAL
- Where: #TRAINADVERSARIAL
- MITRE ATLAS
2024, © The MITRE Corporation- Where: AML.M0003
- Where: AML.M0003
- NIST AI 100-2 E2023: Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations
Jan. 2024, National Institute of Standards and Technology (NIST)- Where: 2. Predictive AI taxonomy > 2.2. Evasion attacks and mitigations > 2.2.4. Mitigations
- Where: 2. Predictive AI taxonomy > 2.2. Evasion attacks and mitigations > 2.2.4. Mitigations
- Securing Machine Learning Algorithms
2021, © European Union Agency for Cybersecurity (ENISA)- Where: 4.1- Security Controls > Specific ML > Add some adversarial examples to the training dataset
- Where: 4.1- Security Controls > Specific ML > Add some adversarial examples to the training dataset
- OWASP Machine Learning Security Top 10
- Discussed in which commercial AI security sources? [?]
- Databricks AI Security Framework
Sept. 2024, © Databricks- Where: Control DASF 22: Build models with all representative, accurate and relevant data sources
- Where: Control DASF 22: Build models with all representative, accurate and relevant data sources
- Snowflake AI Security Framework
2024, © Snowflake Inc.- Where:
- Lack of explainability / transparency > Mitigations > Adversarial training
- Prompt injection > Mitigations > Adversarial training
- Indirect prompt injection > Mitigations > Bullet 2
- Adversarial samples > Mitigations > Robust model training
- Sponge samples > Mitigations > Adversarial training
- Fuzzing > Mitigations > Adversarial training
- Model poisoning > Mitigations > Bullet 4
- Training data poisoning > Mitigations > Robust model training
- Where:
- Databricks AI Security Framework
- Helps to prevent, detect, and/or correct which AI security threats? [?]
-
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement is included when the assessment’s in-scope AI system(s) leverage non-generative machine learning models.
- The
Cybersecurity for deployed AI systems
regulatory factor must also be present in the assessment.
- Q: When will this requirement included in an assessment? [?]
Post your comment on this topic.