myctrl.tools
Compare

C008Monitor AI risk categories

>Control Description

Implement monitoring of AI systems across risk categories

Application

Optional

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (3)

Technical Implementation

C008.1
Logs: AI risk monitoring

Core - This should include:

- Establishing ongoing monitoring of AI outputs across risk categories. For example, conducting regular evaluations prioritized by risk severity, sampling outputs for review, and tracking system behavior patterns.

Typical evidence: Screenshot of monitoring dashboard, logging system, or evaluation reports showing ongoing AI output tracking - may include output sampling logs with review results, behavior trace logs showing system patterns, prompt-response logging configuration, evaluation schedules prioritized by risk severity, or monitoring metrics dashboard tracking trends over time.
Location: Engineering Tooling
C008.2
Documentation: Monitoring findings

Supplemental - This may include:

- Maintaining documentation. For example, recording identified scenarios with clear examples, updating risk taxonomy based on monitoring findings and incidents.

Typical evidence: Document or change log showing identified risk scenarios with examples - may include incident reports triggering taxonomy changes, risk scenario database with concrete examples, or version history of risk taxonomy showing updates with rationale linked to monitoring findings.
Location: Engineering Practice
C008.4
Config: Security tooling

Supplemental - This may include:

- Integrating AI output monitoring with existing security tools. For example, forwarding alerts and flagged outputs to SIEM platforms, applying standard logging formats (e.g. JSON, syslog) to support automated threat detection workflows.

Typical evidence: Screenshot of SIEM integration, log forwarding configuration, or security tool settings showing AI monitoring data flowing into existing security infrastructure - may include Splunk/Datadog/Elastic forwarding rules for AI alerts, JSON/syslog format configuration for AI logs, or SIEM dashboard showing AI-related events alongside other security telemetry.
Location: Engineering Tooling

>Cross-Framework Mappings

NIST AI RMF

MEASURE-2.7
MEASURE-2.9
MANAGE-2.2

Ask AI

Configure your API key to use AI features.