HITRUST CSF requirement statement [?] (07.10mAISecOrganizational.5)
To prevent against successful denial of AI service attacks and to hinder experimentation for AI attacks, the information system limits / throttles the
(1) total number and
(2) rate
of API calls that a user can make to the AI model in a given time period.- Evaluative elements in this requirement statement [?]
-
1. To prevent against successful denial of AI service attacks and to hinder experimentation for AI attacks, the information system limits / throttles the total number of API calls that a user can make to the AI model in a given time period.2. To prevent against successful denial of AI service attacks and to hinder experimentation for AI attacks, the information system limits / throttles the rate of API calls that a user can make to the AI model in a given time period.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, review the AI model to ensure the system limits or throttles the total number and rate of API calls that a user can make to the AI model within a given time period.
- For example, review the AI model to ensure the system limits or throttles the total number and rate of API calls that a user can make to the AI model within a given time period.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate if the system limits or throttles the total number and rate of API calls that a user can make to the AI model within a given time period.
- For example, measures indicate if the system limits or throttles the total number and rate of API calls that a user can make to the AI model within a given time period.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 07 Vulnerability Management
- Control category: 10.0 – Information Systems Acquisition, Development, and Maintenance
- Control reference: 10.m – Control of Technical Vulnerabilities
- Specific to which parts of the overall AI system? [?]
-
AI application layer:
- Application AI safety and security systems
- Model safety and security systems
- Discussed in which authoritative AI security sources? [?]
-
- OWASP 2023 Top 10 for LLM Applications
Oct. 2023, © The OWASP Foundation- Where:
- LLM04: Model denial of service > Prevention and mitigation strategies > Bullet #3
- LLM08: Excessive agency > Prevention and mitigation strategies > Bullet #9
- LLM10: Model theft > Prevention and mitigation strategies > Bullet #6
- Where:
- OWASP 2025 Top 10 for LLM Applications
2025, © The OWASP Foundation- Where:
- LLM10: Unbounded consumption > Prevention and Mitigation Strategies > Bullet #3
- LLM10: Unbounded consumption > Prevention and Mitigation Strategies > Bullet #5
- Where:
- OWASP AI Exchange
2024, © The OWASP Foundation- Where:
- MITRE ATLAS
2024, © The MITRE Corporation- Where:
- OWASP 2023 Top 10 for LLM Applications
- Discussed in which commercial AI security sources? [?]
-
- Databricks AI Security Framework
Sept. 2024, © Databricks- Where:
- Control DASF 32: Streamline the usage and management of various large language model (LLM) providers
- Control DASF 32: Streamline the usage and management of various large language model (LLM) providers
- Where:
- Snowflake AI Security Framework
2024, © Snowflake Inc.- Where:
- Distributed denial of service on ML model > Mitigations > Rate limiting and prioritization
- Distributed denial of service on ML model > Mitigations > Rate limiting and prioritization
- Where:
- Databricks AI Security Framework
- Control functions against which AI security threats? [?]
-
- Control function: Preventative
- Control function: Resistive
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement will always be added to HITRUST assessments which include the
Security for AI systemsregulatory factor. - No other assessment tailoring factors affect this requirement.
- This requirement will always be added to HITRUST assessments which include the
- Q: When will this requirement included in an assessment? [?]