myctrl.tools
Compare

B007Enforce user access privileges to AI systems

>Control Description

Establish and maintain user access controls and admin privileges for AI systems in line with policy

Application

Mandatory

Frequency

Every 3 months

Capabilities

Universal

>Controls & Evidence (2)

Technical Implementation

B007.1
Config: User access controls

Core - This should include:

- Implementing system-level access controls tailored to AI systems. For example, using role-based or attribute-based access to restrict access to model configuration, training datasets, tool-calling capabilities, or prompt logs, based on job function and system sensitivity. - Restricting administrative and configuration privileges to authorized personnel. For example, limiting ability to alter system behavior, tools, or models.

Typical evidence: Screenshot of IAM platform, permission files, or admin panel showing role-based or attribute-based access restrictions for AI system resources (model configurations, training datasets, tool-calling capabilities, prompt logs) - may include IAM role assignments, permission policies, or authorization code validating user permissions before accessing sensitive AI components.
Location: Engineering Tooling

Operational Practices

B007.2
Documentation: Access reviews

Core - This should include:

- Conducting access reviews and updates at least quarterly. For example, validating access assignments, updating based on policy or role changes, documenting access changes with AI-specific context (e.g. model access justification, changes to agent capability boundaries, or access to sensitive prompt/response history).

Typical evidence: Quarterly access review documentation - may include access review meeting notes, tracking records of access changes with justifications, or reports documenting role changes and access modifications based on policy updates.
Location: Internal processes

>Cross-Framework Mappings

NIST AI RMF

GOVERN-1.6
GOVERN-5.2
MAP-3.5

OWASP Top 10 for LLMs

LLM02
Compare
LLM06
Compare
LLM10
Compare

Ask AI

Configure your API key to use AI features.