HITRUST CSF requirement statement [?] (New in v11.4.0, coming in Nov. 2024)
The organization’s established security incident detection and response processes
address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion)
through
(1) updates to the organization’s security incident plans / playbooks;
(2) consideration of AI-specific threats in security incident tabletop exercises;
(3) recording the specifics of AI-specific security incidents that have occurred;
and incorporating
(4) logs and
(5) alerts
from deployed AI systems into the organization’s monitoring and security
incident detection tools.
- Evaluative elements in this requirement statement [?]
-
1. The organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through updates to the organization’s security incident plans / playbooks.
2. The organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through consideration of AI-specific threats in security incident tabletop exercises.
3. The organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through recording the specifics of AI-specific security incidents that have occurred.
4. The organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through and incorporating logs from deployed AI systems into the organization’s monitoring and security incident detection tools.
5. The organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through and incorporating alerts from deployed AI systems into the organization’s monitoring and security incident detection tools.
- Illustrative procedures for use during assessments [?]
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
- Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample-based test where possible for each evaluative element. Example test(s):
- For example, review the AI system to ensure the organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through updates to the organization’s security incident plans / playbooks; consideration of AI-specific threats in security incident tabletop exercises; recording the specifics of AI-specific security incidents that have occurred. Further, confirm monitoring and security incident detection tools incorporate the logs and alerts from deployed AI systems.
- For example, review the AI system to ensure the organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through updates to the organization’s security incident plans / playbooks; consideration of AI-specific threats in security incident tabletop exercises; recording the specifics of AI-specific security incidents that have occurred. Further, confirm monitoring and security incident detection tools incorporate the logs and alerts from deployed AI systems.
- Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
- For example, measures indicate if the organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through updates to the organization’s security incident plans / playbooks; consideration of AI-specific threats in security incident tabletop exercises; recording the specifics of AI-specific security incidents that have occurred. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that monitoring and security incident detection tools incorporate the logs and alerts from deployed AI systems.
- For example, measures indicate if the organization’s established security incident detection and response processes address the detection of and recovery from AI-specific threats (e.g., poisoning, evasion) through updates to the organization’s security incident plans / playbooks; consideration of AI-specific threats in security incident tabletop exercises; recording the specifics of AI-specific security incidents that have occurred. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that monitoring and security incident detection tools incorporate the logs and alerts from deployed AI systems.
- Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
- Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
- Placement of this requirement in the HITRUST CSF [?]
- Assessment domain: 15 Incident Management
- Control category: 11.0 – Information Security Incident Management
- Control reference: 11.c- Responsibilities and Procedures
- Specific to which parts of the overall AI system? [?]
-
- N/A, not AI component-specific
- Discussed in which authoritative AI security sources? [?]
-
- ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system
2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)- Where: Annex A > A.8. Information for interested parties of AI systems > A.8.4. Communication of incidents
- Where: Annex A > A.8. Information for interested parties of AI systems > A.8.4. Communication of incidents
- OWASP AI Exchange
2024, © The OWASP Foundation- Where: #SECPROGRAM
- Where: #SECPROGRAM
- LLM AI Cybersecurity & Governance Checklist
Feb. 2024, © The OWASP Foundation- Where:
- 3. Checklist > 3.1. Adversarial risk > Bullet #3
- 3. Checklist > 3.9. Using or implementing large language model solutions > Bullet #13
- Where:
- Guidelines for Secure AI System Development
Nov. 2023, Cybersecurity & Infrastructure Security Agency (CISA)- Where: 3. Secure deployment > Develop incident management procedures
- Where: 3. Secure deployment > Develop incident management procedures
- Securing Machine Learning Algorithms
2021, © European Union Agency for Cybersecurity (ENISA)- Where: 4.1- Security Controls > Organizational: Include ML applications into detection and response to security incident processes
- Where: 4.1- Security Controls > Organizational: Include ML applications into detection and response to security incident processes
- ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system
- Discussed in which commercial AI security sources? [?]
-
- Databricks AI Security Framework
Sept. 2024, © Databricks- Where: Control DASF 39: Platform security – Incident response team
- Where: Control DASF 39: Platform security – Incident response team
- Google Secure AI Framework
June 2023, © Google- Where:
- Step 4. Apply the six core elements of the SAIF > Extend detection and response to bring AI into an organization’s threat universe > Prepare to respond to attacks against AI and also to issues raised by AI output
- Step 4. Apply the six core elements of the SAIF > Extend detection and response to bring AI into an organization’s threat universe > Adjust your abuse policy and incident response processes to AI-specific incident types such as malicious content creation or AI privacy violoations
- Where:
- HiddenLayer’s 2024 AI Threat Landscape Report
2024, © HiddenLayer- Where: Part 4: Predictions and recommendations > 6. Continuous monitoring and incident response > Bullet 2
- Where: Part 4: Predictions and recommendations > 6. Continuous monitoring and incident response > Bullet 2
- Snowflake AI Security Framework
2024, © Snowflake Inc.- Where: Backdooring models (insider attacks) > Mitigations > Adversary detection and response
- Where: Backdooring models (insider attacks) > Mitigations > Adversary detection and response
- Databricks AI Security Framework
- Helps to prevent, detect, and/or correct which AI security threats? [?]
-
- Denial of AI service
- Prompt injection
- Evasion
- Model inversion
- Model extraction and theft
- Data poisoning
- Model poisoning
- Compromised 3rd-party training datasets
- Compromised 3rd-party models or code
- Excessive agency
- Sensitive information disclosed in output
- Copyright-infringing output
- Additional information
-
- Q: When will this requirement included in an assessment? [?]
- This requirement will always be added to HITRUST assessments which include the
Cybersecurity for deployed AI systems
regulatory factor. - No other assessment tailoring factors affect this requirement.
- This requirement will always be added to HITRUST assessments which include the
- Q: When will this requirement included in an assessment? [?]
Post your comment on this topic.