HITRUST CSF requirement statement [?] (19.09zAISecOrganizational.1)
The organization limits the release of technical AI project details, including specific information on the
(1) technical architecture of the overall AI system;
(2) datasets used for training, testing, validating, and tuning of confidential and/or closed-source AI models;
(3) datasets used for prompt augmentation via RAG (if performed);
(4) algorithm(s) used to create confidential and/or closed-source AI models;
(5) architecture of confidential and/or closed-source AI models;
(6) language model tools used such as agents and plugins (if used);
(7) safety and security checkpoints built into the AI system; and
(8) information on teams developing and supporting the AI system.- Evaluative elements in this requirement statement [?]
-
1. The organization limits the release of specific information on the technical architecture of the overall AI system.2. The organization limits the release of specific information on the datasets used for training, testing, validating, and tuning of confidential and/or closed-source AI models.3. The organization limits the release of specific information on the datasets used for prompt augmentation via RAG (if performed).4. The organization limits the release of specific information on the algorithm(s) used to create confidential and/or closed-source AI models.5. The organization limits the release of specific information on the architecture of confidential and/or closed-source AI models.6. The organization limits the release of specific information on the language model tools used such as agents and plugins (if used).7. The organization limits the release of specific information on the safety and security checkpoints built into the AI system.8. The organization limits the release of specific information on the information on teams developing and supporting the AI system.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, examine released documentation on the AI system to ensure the organization restricts the release of the technical AI project details outlined in the requirement statement.
- For example, examine released documentation on the AI system to ensure the organization restricts the release of the technical AI project details outlined in the requirement statement.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures could indicate the amount of AI systems deployed by the company, of total, for which technical AI details have or have not been released in accordance with this requirement statement.
- For example, measures could indicate the amount of AI systems deployed by the company, of total, for which technical AI details have or have not been released in accordance with this requirement statement.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 19 Data Protection & Privacy
- Control category: 09.0 – Communications and Operations Management
- Control reference: 09.z – Publicly Available Information
- Specific to which parts of the overall AI system? [?]
-
- AI application layer:
- AI plugins and agents
- Application AI safety and security systems
- AI platform layer:
- Model tuning and associated datasets
- The deployed AI model
- Model engineering environment and model pipeline
- AI datasets and data pipelines
- AI application layer:
- Discussed in which authoritative AI security sources? [?]
-
- OWASP AI Exchange
2024, © The OWASP Foundation- Where:
- MITRE ATLAS
2024, © The MITRE Corporation
- Securing Machine Learning Algorithms
2021, © European Union Agency for Cybersecurity (ENISA)- Where:
- 4.1- Security Controls > Specific ML > Reduce the available information about the model
- 4.1- Security Controls > Specific ML > Reduce the available information about the model
- Where:
- OWASP AI Exchange
- Control functions against which AI security threats? [?]
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement is only included when the assessment’s in-scope AI system(s) leverage models with technical architectures that are confidential to the organization.
- The
Security for AI systemsregulatory factor must also be present in the assessment.
- Q: When will this requirement included in an assessment? [?]