ASSURANCE Owner: Red Team / Security Operations / AI Ops / Compliance

AI Assurance Controls

Focus on testing and monitoring AI systems for vulnerabilities, anomalous behavior, and incident readiness.

Framework Mapping

Controls from each source framework that map to this domain.

Framework Mapped Controls
ISO 42001
Cl.9 Performance Evaluation Cl.10 Improvement A.9 Robustness
NIST AI RMF
MS-1 Monitoring MS-3 Incidents MS-4 Metrics AI 600-1 GenAI Profile
OWASP LLM
LLM01 Prompt Injection LLM04 Data & Model Poisoning LLM08 Vector & Embedding Weaknesses
OWASP Agentic
ASI06 Unmonitored Actions ASI08 Compliance & Regulatory

Controls

3 controls across Tier 1 (essential) and Tier 2 (advanced).

Tier 1 ISO A.9 ISO Cl.9 NIST AI-600-1 OWASP LLM01 OWASP ASI05

AI Red Teaming and Adversarial Testing
Tier 1 ISO Cl.9 NIST MS-1 NIST MS-4 OWASP ASI06

Continuous AI Monitoring
Tier 2 ISO Cl.10 NIST MS-3 OWASP LLM01 OWASP LLM04 OWASP ASI08

AI Incident Detection and Response

Audit Checklist

Quick-reference checklist items grouped by control.

  • Red team charter exists and defines scope, frequency, and authorized attack techniques for AI systems
  • At least one adversarial test campaign has been completed within the past 90 days for each production AI system
  • Test findings are classified using a standardized severity taxonomy and tracked to remediation
  • Attack playbooks are updated at least quarterly to reflect emerging threat techniques
  • Regression testing confirms all critical and high findings are resolved before production release
  • Network-level detection rules are active for known AI service endpoints and updated at least monthly
  • Approved AI applications forward telemetry to the centralized SIEM with documented schemas
  • Shadow AI detections are logged and result in documented follow-up actions within defined SLAs
  • Monthly monitoring reports are produced and reviewed by the governance committee
  • Detection rule false positive rates are tracked and maintained below the 10% target
  • AI incident taxonomy exists and is mapped to the organization's severity classification framework
  • Response playbooks cover at least prompt injection, RAG poisoning, and data exfiltration scenarios
  • At least two AI-focused tabletop exercises have been conducted in the past 12 months
  • AI playbooks are integrated into the SOAR platform or incident management system
  • SOC analysts have completed AI-specific incident triage training within the past 12 months