Augment written policies to address AI specificities

HITRUST CSF requirement statement [?] (01.00aAISecOrganizational.1)

As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies—in areas including but not limited to 
(1) security administration, 
(2) data governance, 
(3) software development, 
(4) risk management,
(5) incident management, 
(6) business continuity, and 
(7) disaster recovery
—explicitly includes the organization’s AI systems and their AI specificities.

Evaluative elements in this requirement statement [?]

1. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to security administration to 
explicitly include the organization’s AI systems and their AI specificities.

2. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to data governance to explicitly 
include the organization’s AI systems and their AI specificities.

3. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to software development to 
explicitly include the organization’s AI systems and their AI specificities.

4. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to risk management to explicitly 
include the organization’s AI systems and their AI specificities.

5.As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to incident management to 
explicitly include the organization’s AI systems and their AI specificities.

6. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to business continuity to explicitly 
include the organization’s AI systems and their AI specificities.

7. As appropriate to the organization’s AI deployment context, the stated scope and 
contents of the organization’s written policies related to disaster recovery to explicitly 
include the organization’s AI systems and their AI specificities.

Illustrative procedures for use during assessments [?]

• Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
  
  
• Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
  
  
• Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
  • For example, review the organizations written policies for AI systems to confirm their completeness. Further, confirm that the AI system policies contain security administration, data governance, software development, risk management, incident management, business continuity, and disaster recovery, explicitly to AI systems and their AI specificities.
    
    
• Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
  • For example, measures indicate the completeness of the organization’s AI system documentation. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that requirements for AI system documentation is maintained.
    
    
• Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
  
  

Placement of this requirement in the HITRUST CSF [?]

• Assessment domain: 01 Information Protection Program
• Control category: 00.0 – Information Security Management Program
• Control reference: 00.a – Information Security Management Program
  
  

Specific to which parts of the overall AI system? [?]

• N/A, not AI component-specific
  
  

Discussed in which authoritative AI security sources? [?]

• ISO/IEC 38507:2022- Governance implications of the use of artificial intelligence by organizations
  2022, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • 4. Governance implications of the organizational use of AI > 4.3. Maintaining accountability when introducing AI
    • 5. Overview of AI and AI systems > 5.2. How AI systems differ from other information technologies > 5.2.3. Adaptive systems
    • 6. Policies to address the use of AI > 6.2. Governance oversight of AI
    • 6. Policies to address the use of AI > 6.4. Governance of data use
    • 6. Policies to address the use of AI > 6.7. Risk > 6.7.2. Risk management
      
      
• ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system
  2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • 5. Leadership > 5.2. AI policy
    • Annex A > A.2. Policies related to AI > A.2.2. AI policy
    • Annex A > A.2. Policies related to AI > A.2.3. Alignment with other organizational policies
      
      
• OWASP AI Exchange
  2024, © The OWASP Foundation
  • Where:
    • #AIPROGRAM
    • #SECPROGRAM
    • #SECDEVPROGRAM
      
      

• LLM AI Cybersecurity & Governance Checklist
  Feb. 2024, © The OWASP Foundation
  • Where:
    • 3. Checklist > 3.6. Governance > Bullet #3
    • 3. Checklist > 3.6. Governance > Bullet #4
      
      

• Guidelines for Secure AI System Development
  Nov. 2023, Cybersecurity & Infrastructure Security Agency (CISA)
  • Where:
    • 1. Secure design > Design your system for security as well as functionality and performance
      
      

• Managing Artificial Intelligence-Specific Cybersecurity Risks in the Financial Services Sector
  March 2024, U.S. Department of the Treasury
  • Where:
    • 5. Best practices for managing AI-specific security risks > 5.1. Situating AI risk management within existing enterprise risk management programs
      
      

• Generative AI framework for HM Government
  2023, Central Digital and Data Office, UK Government
  • Where:
    • Using generative AI safely and responsibly > Accountability > Practical recommendations > Bullet 1
    • Using generative AI safely and responsibly > Accountability > Practical recommendations > Bullet 2
    • Building generative AI solutions > Building the solution >Patterns > Practical recommendations > Bullet 2
      
      

• Securing Machine Learning Algorithms
  2021, © European Union Agency for Cybersecurity (ENISA)
  • Where:
    • 4.1- Security Controls > Organizational > Integrate ML specificities to existing security policies
    • 4.1- Security Controls > Organizational > Ensure ML applications comply with security policies
    • 4.1- Security Controls > Organizational > Ensure ML applications comply with protection policies and are integrated to security operations processes
    • 4.1- Security Controls > Organizational > Ensure ML applications comply with identity management, authentication, and access control policies
    • 4.1- Security Controls > Technical > Ensure ML projects follow the global process for integrating security into projects
      
      

Discussed in which commercial AI security sources? [?]

• The anecdotes AI GRC Toolkit
  2024, © Anecdotes A.I Ltd.
  • Where:
    • Control 1.2: Policy Augmentation
    • Control 8.2: Recovery and Continuity
      
      
• Google Secure AI Framework
  June 2023, © Google
  • Where:
    • Step 4. Apply the six core elements of the SAIF > Expand strong security foundations to the AI ecosystem > Review what existing security controls across the security domains apply to AI systems
      
      

Control functions against which AI security threats? [?]

• Control function: Directive
  • Denial of AI service
  • Prompt injection
  • Evasion
  • Model inversion
  • Model extraction and theft
  • Data poisoning
  • Model poisoning
  • Compromised 3rd-party training datasets
  • Compromised 3rd-party models or code
  • Confabulation
  • Excessive agency
  • Sensitive information disclosed in output
  • Harmful code generation
    

Additional information

• Q: When will this requirement included in an assessment? [?]
  • This requirement will always be added to HITRUST assessments which include the
    Security for AI systems regulatory factor.
  • No other assessment tailoring factors affect this requirement.
    
    

• Q: Will this requirement be externally inheritable? [?] [?]
  • No (dual responsibility). The AI application provider and its AI service providers are responsible for independently performing this requirement outside of the AI system’s technology stack.