HITRUST CSF requirement statement [?] (19.13jAISecOrganizational.1)
The organization reviews the data used to
(1) train AI models,
(2) fine-tune AI models, and
(3) enhance AI prompts via RAG
to identify any data fields or records that can be omitted or anonymized (to prevent them
from potentially leaking) and takes action on findings.- Evaluative elements in this requirement statement [?]
-
1. The organization reviews the data used to train AI models to identify any data fields or records that can be removed or anonymized (to prevent them from potentially leaking) and takes action on findings.2. The organization reviews the data used to fine-tune AI models to identify any data fields or records that can be removed or anonymized (to prevent them from potentially leaking) and takes action on findings.3. The organization reviews the data used to enhance AI prompts via RAG to identify any data fields or records that can be removed or anonymized (to prevent them from potentially leaking) and takes action on findings.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, evaluate the AI model to ensure the organization reviews the data used to train AI models, fine-tune AI models, and enhance AI prompts via RAG to identify any data fields or records that can be omitted or anonymized (to prevent them from potentially leaking) and takes action on findings.
- For example, evaluate the AI model to ensure the organization reviews the data used to train AI models, fine-tune AI models, and enhance AI prompts via RAG to identify any data fields or records that can be omitted or anonymized (to prevent them from potentially leaking) and takes action on findings.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate the percentage of the organization’s AI datasets which have undergone this review.
- For example, measures indicate the percentage of the organization’s AI datasets which have undergone this review.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 19 Data Protection & Privacy
- Control category: 13.0 – Privacy Practices
- Control reference: 13.j – Data Minimization
- Specific to which parts of the overall AI system? [?]
-
AI application layer:
- Prompt enhancement via RAG, and associated RAG data sources
- Model tuning and associated datasets
- AI datasets and data pipelines
- Discussed in which authoritative AI security sources? [?]
-
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)- Where:
- Annex A > A.9- Model Robustness
- Annex A > A.9- Model Robustness
- Where:
- OWASP 2023 Top 10 for LLM Applications
Oct. 2023, © The OWASP Foundation- Where:
- LLM06: Sensitive information disclosure > Prevention and mitigation strategies > Bullet #1
- LLM06: Sensitive information disclosure > Prevention and mitigation strategies > Bullet #1
- Where:
- OWASP 2025 Top 10 for LLM Applications
2025, © The OWASP Foundation- Where:
- LLM02: Sensitive Information Disclosure > Prevention and Mitigation Strategies > Sanitization > Bullet #1
- LLM02: Sensitive Information Disclosure > Prevention and Mitigation Strategies > Sanitization > Bullet #1
- Where:
- OWASP Machine Learning Security Top 10
2023, © The OWASP Foundation- Where:
- ML04:2023 Membership inference attack > How to prevent > Bullet #4
- ML04:2023 Membership inference attack > How to prevent > Bullet #4
- Where:
- OWASP AI Exchange
2024, © The OWASP Foundation
- Generative AI framework for HM Government
2023, Central Digital and Data Office, UK Government- Where: Using generative AI safely and responsibly > Data protection and privacy > Data minimization > Bullet 1
- Where: Using generative AI safely and responsibly > Data protection and privacy > Data minimization > Bullet 1
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
- Discussed in which commercial AI security sources? [?]
-
- The anecdotes AI GRC Toolkit
2024, © Anecdotes A.I Ltd.- Where:
- Control 4.1: Data sanitization
- Control 4.1: Data sanitization
- Where:
- Databricks AI Security Framework
Sept. 2024, © Databricks- Where:
- Control DASF 58: Protect data with filters and masking
- Control DASF 58: Protect data with filters and masking
- Where:
- Snowflake AI Security Framework
2024, © Snowflake Inc.- Where:
- Training data leakage > Mitigations > Data anonymization
- Privacy > Mitigations > Data minimization
- Where:
- The anecdotes AI GRC Toolkit
- Control functions against which AI security threats? [?]
-
- Control function: Preventative
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement is included when confidential and/or sensitive data was used for model training, model tuning, and/or prompt enhancement via RAG for the assessment’s in-scope AI system.
- However, this is requirement is not included when the in-scope AI system leverages a rule-based AI model only.
- The
Security for AI systemsregulatory factor must also be present in the assessment.
- Q: Will this requirement be externally inheritable? [?] [?]
- Yes, fully. This requirement may be the sole responsibility of the AI platform provider and/or model creator. Or, depending on the AI system’s architecture, only evaluative elements that are the sole responsibility of the AI platform provider and/or model creator apply.
- Yes, fully. This requirement may be the sole responsibility of the AI platform provider and/or model creator. Or, depending on the AI system’s architecture, only evaluative elements that are the sole responsibility of the AI platform provider and/or model creator apply.
- Q: When will this requirement included in an assessment? [?]