myctrl.tools
Compare

B003Manage public release of technical details

>Control Description

Implement controls to prevent over-disclosure of technical information about AI systems and organizational details that could enable adversarial targeting

Application

Optional

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (2)

Operational Practices

B003.1
Documentation: Technical information disclosure guidelines

Core - This should include:

- Documenting limitations on technical information release. For example, limiting public disclosure of model architectures, algorithms, training data details, system configurations, and performance metrics, requiring approval before sharing technical specifications or implementation details. - Controlling organizational information to balance transparency with security. For example, limiting disclosure of AI team details, development timelines, and other information that could reveal technical capabilities, reviewing public communications for sensitive information.

Typical evidence: Policy document, SOP, or handbook section defining limitations and approval requirements for publicly sharing AI system technical details - may include communication policy limiting disclosure of model architectures or configurations, engineering handbook with approval workflows for technical specifications, or internal procedures controlling release of organizational AI information.
Location: Internal policies
B003.2
Documentation: Public disclosure approval records

Supplemental - This may include:

- Establishing approval processes. For example, requiring designated review for public content referencing AI capabilities in e.g. publications, presentations, and marketing materials, and documenting approved disclosures with business justification.

Typical evidence: Approval email, ticket, or review documentation for public AI communications - may include approval requests in email or Jira/Slack for blog posts or press releases, marketing review records for AI capability disclosures, or periodic security review logs for public-facing AI content.
Location: Internal processes

>Cross-Framework Mappings

NIST AI RMF

MANAGE-4.1
MANAGE-4.2
MANAGE-4.3
GOVERN-1.4

OWASP Top 10 for LLMs

LLM02
Compare
LLM07
Compare

Ask AI

Configure your API key to use AI features.