B006—Prevent unauthorized AI agent actions
>Control Description
Implement safeguards to limit AI agent system access based on context and declared objectives
Application
Mandatory
Frequency
Every 12 monthsCapabilities
Automation
>Controls & Evidence (2)
Technical Implementation
B006.1
Config: Agent service access restrictionsCore - This should include:
- Implementing technical restrictions that limit agent capabilities to authorized scope. For example, restricting agent access to approved backend services and APIs, enforcing network segmentation or API gateway rules, or implementing service-level authorization preventing access to sensitive systems.
Typical evidence: Screenshot of configuration showing technical limitations on agent backend access - may include API gateway rules restricting accessible services, network policies defining allowed endpoints, service-level authorization configuration, or architecture diagram showing agent isolation boundaries.
Location: Engineering Code
B006.2
Config: Agent security monitoring and alertingCore - This should include:
- Deploying monitoring and alerting for agent actions that exceed security boundaries. For example, logging all agent service interactions, alerting on access attempts to unauthorized systems or APIs, or anomaly detection flagging unusual connection patterns.
Typical evidence: Screenshot of monitoring configuration tracking agent security-relevant actions - may include logging setup capturing agent service calls and authentication attempts, alert rules for unauthorized system access, security monitoring dashboard showing agent infrastructure interactions, or example logs demonstrating boundary violations are detected.
Location: Engineering Code, Logs
>Cross-Framework Mappings
NIST AI RMF
Ask AI
Configure your API key to use AI features.