B008.1
Config: Model access controlsCore - This should include:
- Implementing model access protection. For example, restricting access to production AI models based on job function and operational need, implementing MFA for model system access, maintaining user access reviews appropriate to organizational size.
Typical evidence: Screenshot of IAM configuration, permission settings, or admin panel showing role-based access restrictions for production AI models covering IAM role assignments restricting model access by job function, MFA configuration for model system access, and access review records validating model permissions.
Location: Engineering Code, Internal processes
B008.2
Config: API deployment securityCore - This should include:
- Establishing deployment security controls. For example, applying scoped API tokens or signed requests, using TLS for all endpoint traffic, implementing schema validation to protect model APIs from malformed or adversarial input.
Typical evidence: Screenshot of API security configuration for model endpoints - may include scoped API token implementation, TLS/HTTPS certificate configuration for model API traffic, or schema validation code protecting model APIs from malformed or adversarial input.
Location: Engineering Code
B008.3
Config: Model hosting securitySupplemental - This may include:
- Securing model hosting environments. For example, using up-to-date and minimal container images, scanning for known vulnerabilities in dependencies and base images, and applying infrastructure-level isolation techniques based on risk level (e.g. container namespaces, VM separation, or dedicated GPU access).
Typical evidence: Screenshot of container configuration or infrastructure setup for model hosting - may include Dockerfile with minimal base images and up-to-date dependencies, vulnerability scanning results from Trivy or Snyk for container images, or infrastructure configuration showing isolation techniques (container namespaces, VM separation, network policies, dedicated GPU allocation).
Location: Engineering Code
B008.4
Config: Model integrity verificationSupplemental - This may include:
- Verifying model integrity before and during deployment. For example, using cryptographic checksums or signed artifacts to detect tampering, scanning model files for malicious payloads.
Typical evidence: Screenshot of deployment pipeline or code implementing model integrity checks - may include cryptographic checksum verification, model artifact signature validation, hash comparison before deployment, model scanning configuration detecting malicious payloads (e.g. Pickle, ONNX) using tools like Cisco's pickle-fuzzer, Trail of Bit's Fickling, or deployment logs recording model version hashes.
Location: Engineering Code