HITRUST CSF requirement statement [?] (17.03bAISecOrganizational.5)
The organization performs threat modeling for the AI system to
(1) evaluate its exposure to identified AI security threats,
(2) identify countermeasures currently in place to mitigate those threats, and
(3) identify any additional countermeasures deemed necessary considering the
organization’s overall risk tolerance and the risk categorization of the AI system.
This activity is performed
(4) upon identification of new AI security threats,
(5) prior to deployment of new models,
(6) regularly (at least semiannually) thereafter, and
(7) when security incidents related to the AI system occur.- Evaluative elements in this requirement statement [?]
-
1. The organization performs threat modeling for the AI system to evaluate its exposure to identified AI security threats.2. The organization performs threat modeling for the AI system to identify countermeasures currently in place to mitigate AI security threats.3. The organization performs threat modeling for the AI system to identify any additional countermeasures deemed necessary considering the organization’s overall risk tolerance and the risk categorization of the AI system.4. Threat modeling for the AI system is performed upon identification of new AI security threats.5. Threat modeling for the AI system is performed prior to deployment of new models.6. Threat modeling for the AI system is performed regularly (at least semiannually).7. Threat modeling for the AI system is performed when security incidents related to the AI system occur.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
- For example, select a sample of newly identified AI security threats and security incidents related to the AI system and examine evidence to confirm threat modeling was performed for the AI system. Additionally, examine evidence to confirm threat modeling was performed for the AI system prior to deployment of new models and at least at the frequency mandated in the requirement statement. Further, confirm that the modeling evaluated the exposure to identified AI security threats, identified countermeasures currently in place to mitigate those threats, and identified any additional countermeasures deemed necessary considering the organization’s overall risk tolerance and the risk categorization of the AI system.
- For example, select a sample of the documented AI system threat modeling to confirm AI security threats are identified. Further, confirm that the modeling evaluates the exposure to identified AI security threats, identifies countermeasures currently in place to mitigate those threats, and identifies any additional countermeasures deemed necessary considering the organization’s overall risk tolerance and the risk categorization of the AI system.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate the percentage of threats and security incidents for which threat modeling was not performed. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and confirm the organization performs threat modeling for the AI system.
- For example, measures indicate the percentage of threats and security incidents for which threat modeling was not performed. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and confirm the organization performs threat modeling for the AI system.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 17 Risk Management
- Control category: 03.0 – Risk Management
- Control reference: 03.b – Performing Risk Assessments
- Specific to which parts of the overall AI system? [?]
-
- N/A, not AI component-specific
- N/A, not AI component-specific
- Discussed in which authoritative AI security sources? [?]
-
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)- Where:
- Part 6. Risk management process > 6.4 Risk assessment > 6.4.2 Risk identification > 6.4.2.5 Identification of controls
- Part 6. Risk management process > 6.4 Risk assessment > 6.4.2 Risk identification > 6.5.2 Selection of risk treatment options
- Where:
- ISO/IEC 38507:2022- Governance implications of the use of artificial intelligence by organizations
2022, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)- Where:
- 4. Governance implications of the organizational use of AI > 4.2. Maintaining governance when introducing AI
- 5. Overview of AI and AI systems > 5.1. General
- Where:
- OWASP AI Exchange
2024, © The OWASP Foundation
- Guidelines for Secure AI System Development
Nov. 2023, Cybersecurity & Infrastructure Security Agency (CISA)- Where:
- 1. Secure design > Model the threats to your system
- 2. Secure development > Identify, track, and protect your assets
- Where:
- Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems
Apr 2024, National Security Agency (NSA)- Where:
- Secure the deployment environment > Manage deployment environment governance > Bullet 1, sub-bullet 1
- Secure the deployment environment > Manage deployment environment governance > Bullet 2
- Where:
- Generative AI framework for HM Government
2023, Central Digital and Data Office, UK Government- Where:
- Using generative AI safely and responsibly > Security > Security Risks > Practical Security Recommendations > Bullet 2
- Using generative AI safely and responsibly > Security > Security Risks > Practical Security Recommendations > Bullet 2
- Where:
- Securing Machine Learning Algorithms
2021, © European Union Agency for Cybersecurity (ENISA)- Where:
- 4.1- Security Controls > Technical > Ensure ML projects follow the global process for integrating security into projects
- 4.1- Security Controls > Technical > Conduct a risk analysis of the ML application
- Where:
- ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
- Discussed in which commercial AI security sources? [?]
-
- The anecdotes AI GRC Toolkit
2024, © Anecdotes A.I Ltd.- Where: Control 6.2: Threat Modeling
- Where: Control 6.2: Threat Modeling
- Google Secure AI Framework
June 2023, © Google- Where:
- Step 4. Apply the six core elements of the SAIF > Expand strong security foundations to the AI ecosystem > Perform an analysis to determine what security controls needed to be added due to specific threats, regulations, etc.
- Step 4. Apply the six core elements of the SAIF > Automate defenses to keep pace with existing and new threats > Identify the list of AI security capabilities focused on securing AI systems, training data pipelines, etc.
- Step 4. Apply the six core elements of the SAIF > Adapt controls to adjust mitigations and create faster feedback loops for AI deployment > Create a feedback loop
- Where:
- HiddenLayer’s 2024 AI Threat Landscape Report
2024, © HiddenLayer- Where:
- Part 4: Predictions and recommendations > 2. Risk assessment and threat modeling
- Part 4: Predictions and recommendations > 2. Risk assessment and threat modeling
- Where:
- The anecdotes AI GRC Toolkit
- Control functions against which AI security threats? [?]
-
- Control function: Decision support
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement will always be added to HITRUST assessments which include the
Security for AI systemsregulatory factor. - No other assessment tailoring factors affect this requirement.
- This requirement will always be added to HITRUST assessments which include the
- Q: When will this requirement included in an assessment? [?]