myctrl.tools
Compare

E015Log model activity

>Control Description

Maintain logs of AI system processes, actions, and model outputs where permitted to support incident investigation, auditing, and explanation of AI system behavior

Application

Mandatory

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (3)

Technical Implementation

E015.1
Config: Logging implementation

Core - This should include:

- Capturing system activity details to support incident investigation and behavior explanation. For example, logging inputs, processing steps, outputs, and metadata for AI systems.

Typical evidence: Screenshot of logging code or configuration showing what system activity is captured - may include code logging inputs and outputs, logging configuration file specifying what to log, or example log entries showing captured information (timestamps, inputs, outputs, user actions).
Location: Logs
E015.2
Config: Log storage

Core - This should include:

- Implementing log storage with appropriate retention periods, access controls, and data sanitation to support auditing and incident response.

Typical evidence: Screenshot of log storage system showing retention policies, access controls and sanitation practices - may include log management platform (Datadog, Splunk, CloudWatch) with retention period settings and PII-masking, access control configuration showing who can view logs, or storage settings with automatic deletion rules.
Location: Logs, Engineering Tooling
E015.3
Config: Log integrity protection

Supplemental - This may include:

- Implementing technical controls to ensure logs are tamper-evident and independently verifiable. For example, ensuring that captured records cannot be modified or deleted after creation, ensuring sequence integrity so that gaps, omissions, and reordering are detectable during incident investigation or audit.

Typical evidence: Screenshot or documentation of log immutability controls - for example, write-once-read-many (WORM) storage configuration, cryptographic hashing of log entries, append-only database settings, or third-party log management platform features.
Location: Logs, Engineering Code

>Cross-Framework Mappings

NIST AI RMF

MAP-2.1
MAP-2.2
MAP-5.1
MAP-5.2

OWASP Top 10 for LLMs

LLM10
Compare

Ask AI

Configure your API key to use AI features.