HITRUST CSF requirement statement [?] (07.10mAISecOrganizational.3)
The
(1) precision, and
(2) specificity
of AI application outputs are reduced to limit an adversary's ability to extract information
from the model and/or optimize potential attacks (e.g., omit or round indication of precision
of confidence in the output so it cannot be used for optimization, limit specificity of
output class ontology).- Evaluative elements in this requirement statement [?]
-
1. The precision of AI system outputs is reduced (e.g., round indication of confidence in the output so it cannot be used for optimization) to limit an adversary's ability to extract information from the model and/or optimize potential attacks.2. The specificity of AI system outputs is reduced (e.g., limit specificity of output class ontology) to limit an adversary's ability to extract information from the model and/or optimize potential attacks.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, review the AI model to ensure the precision and specificity of AI application outputs are reduced to limit an adversary’s ability to extract information from the model and/or optimize potential attacks.
- For example, review the AI model to ensure the precision and specificity of AI application outputs are reduced to limit an adversary’s ability to extract information from the model and/or optimize potential attacks.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate if AI application outputs are reduced to limit an adversary’s ability to extract information from the model and/or optimize potential attacks.
- For example, measures indicate if AI application outputs are reduced to limit an adversary’s ability to extract information from the model and/or optimize potential attacks.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 07 Vulnerability Management
- Control category: 10.0 – Information Systems Acquisition, Development, and Maintenance
- Control reference: 10.m – Control of Technical Vulnerabilities
- Specific to which parts of the overall AI system? [?]
- AI application layer:
- Application AI safety and security systems
- Application AI safety and security systems
- AI application layer:
- Discussed in which authoritative AI security sources? [?]
-
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)- Where:
- Annex A > A.9- Model Robustness
- Annex A > A.9- Model Robustness
- Where:
- OWASP AI Exchange
2024, © The OWASP Foundation- Where:
- MITRE ATLAS
2024, © The MITRE Corporation- Where:
- Guidelines for Secure AI System Development
Nov. 2023, Cybersecurity & Infrastructure Security Agency (CISA)- Where:
- 1. Secure design > Design your system for security as well as functionality and performance
- 1. Secure design > Design your system for security as well as functionality and performance
- Where:
- Securing Machine Learning Algorithms
2021, © European Union Agency for Cybersecurity (ENISA)- Where:
- 4.1- Security Controls > Specific ML > Reduce the information given by the model
- 4.1- Security Controls > Specific ML > Reduce the information given by the model
- Where:
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
- Control functions against which AI security threats? [?]
-
- Control function: Resistive
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement is included when confidential and/or sensitive data was used for model training, model tuning, and/or prompt enhancement via RAG for the assessment’s in-scope AI systems.
- This requirement is also included when the assessment’s in-scope AI system(s) leverage models with technical architectures that are confidential to the organization.
- The
Security for AI systemsregulatory factor must also be present in the assessment.
- Q: When will this requirement included in an assessment? [?]