APPLICATION
Owner: Engineering Lead / Product Security / DevSecOps
AI Application Controls
Govern the behavior of AI agents, user interfaces, and integrations.
Framework Mapping
Controls from each source framework that map to this domain.
| Framework | Mapped Controls |
|---|---|
| ISO 42001 |
A.5 AI Dev & Ops
A.7 Transparency
A.4 Resources for AI Systems
|
| NIST AI RMF |
GV-2 Accountability
GV-6 Supply Chain
MG-1 Risk Management
MG-2 Transparency
|
| OWASP LLM |
LLM05 Supply Chain Vulns
LLM08 Vector & Embedding Weaknesses
LLM09 Misinformation
|
| OWASP Agentic |
ASI01 Excessive Permissions
ASI02 Misaligned Objectives
ASI04 Supply Chain
ASI06 Unmonitored Actions
ASI10 Misplaced Trust
|
Controls
4 controls across Tier 1 (essential) and Tier 2 (advanced).
Tier 1
ISO A.7
NIST GV-2
OWASP LLM09
OWASP ASI08
AI Transparency and User Disclosure
Tier 1
ISO A.5
NIST MG-1
OWASP LLM06
OWASP ASI01
OWASP ASI10
Agent and Plugin Permission Governance
Tier 1
ISO Clause 9
NIST MS-1
OWASP ASI06
Agent Observability and Auditability
Tier 2
ISO A.10
NIST GV-6
OWASP LLM05
OWASP ASI04
AI Supply Chain and Third-Party Component Security
Audit Checklist
Quick-reference checklist items grouped by control.
- ☐ All AI-powered interfaces display a persistent visual indicator that the user is interacting with AI
- ☐ Capability and limitation disclosures are accessible within one click from the AI interaction surface
- ☐ Regulatory compliance matrix exists mapping disclosure requirements to applicable laws and jurisdictions
- ☐ User comprehension testing is conducted at least quarterly with documented findings
- ☐ High-risk domain outputs include inline warnings about the need for professional verification
- ☐ A formal permission inventory exists for all AI agents and plugins with documented minimum-necessary justifications
- ☐ Permissions are enforced at the infrastructure level (IAM roles, API scopes) not solely through prompt instructions
- ☐ New agent permissions require documented security review and tiered approval
- ☐ Quarterly access reviews are conducted with recertification or revocation decisions documented
- ☐ Destructive or financial agent actions require executive-level approval and are logged individually
- ☐ All agent tool invocations are logged with parameters, responses, timestamps, and session context
- ☐ Logs are stored in tamper-evident or immutable storage with a minimum 12-month retention period
- ☐ Reasoning chains are captured and linked to corresponding action logs for full session reconstruction
- ☐ Real-time observability dashboard is deployed with alerts for anomalous agent behavior patterns
- ☐ Quarterly log completeness audits confirm no gaps in agent action capture
- ☐ AI Bill of Materials exists and is current, covering all third-party models, plugins, and AI libraries
- ☐ Vendor due diligence assessments are completed before onboarding and reassessed annually
- ☐ Vulnerability monitoring is active for all inventoried AI components with defined patching SLAs
- ☐ Third-party AI components are deployed in sandboxed environments with network segmentation
- ☐ Pre-deployment security testing is conducted on all new third-party AI components before production use