All 20 Controls

Browse every control across all six lifecycle domains, with audit checklists and framework mappings.

By Domain

DATA (3) MODEL (5) APPLICATION (4) ASSURANCE (3) GOVERNANCE (3) INFRASTRUCTURE (2)

DATA AI Data Controls

3 controls — Address the unique risks of data input, retention, and generation in AI systems, which often differ from standard data protection needs.

Tier 1 ISO A.8 NIST GV-1 OWASP LLM06

AI Data Input Governance
Tier 1 ISO A.8 ISO Clause 7 NIST MP-4 OWASP LLM06 OWASP ASI08

AI Interaction Data Privacy and Retention
Tier 2 ISO A.8 NIST MS-2 OWASP LLM02 OWASP LLM06

PII Minimization in AI Outputs

MODEL AI Model Controls

5 controls — Focus on securing the AI models themselves against adversarial attacks and ensuring output quality.

Tier 1 ISO A.9 NIST AI 600-1 OWASP LLM01 OWASP ASI05

Adversarial Input Defense
Tier 1 ISO A.9 NIST MS-2 OWASP LLM02 OWASP ASI06

Model Output Sanitization
Tier 1 ISO Clause 8 NIST MG-3 OWASP LLM10 OWASP ASI01

Adversarial Query Restriction and Cost Governance
Tier 2 ISO A.9 NIST AI 600-1 OWASP LLM07 OWASP ASI07

System Prompt Protection
Tier 2 ISO A.6 NIST MS-2 OWASP LLM09 OWASP ASI09

AI Output Reliability and Hallucination Mitigation

APPLICATION AI Application Controls

4 controls — Govern the behavior of AI agents, user interfaces, and integrations.

Tier 1 ISO A.7 NIST GV-2 OWASP LLM09 OWASP ASI08

AI Transparency and User Disclosure
Tier 1 ISO A.5 NIST MG-1 OWASP LLM06 OWASP ASI01 OWASP ASI10

Agent and Plugin Permission Governance
Tier 1 ISO Clause 9 NIST MS-1 OWASP ASI06

Agent Observability and Auditability
Tier 2 ISO A.10 NIST GV-6 OWASP LLM05 OWASP ASI04

AI Supply Chain and Third-Party Component Security

ASSURANCE AI Assurance Controls

3 controls — Focus on testing and monitoring AI systems for vulnerabilities, anomalous behavior, and incident readiness.

Tier 1 ISO A.9 ISO Cl.9 NIST AI-600-1 OWASP LLM01 OWASP ASI05

AI Red Teaming and Adversarial Testing
Tier 1 ISO Cl.9 NIST MS-1 NIST MS-4 OWASP ASI06

Continuous AI Monitoring
Tier 2 ISO Cl.10 NIST MS-3 OWASP LLM01 OWASP LLM04 OWASP ASI08

AI Incident Detection and Response

GOVERNANCE AI Governance Controls

3 controls — Establish the policies and human oversight required for safe AI adoption across the organization.

Tier 1 ISO A.2 ISO Cl.5 NIST GV-1 OWASP ASI08

AI Acceptable Use Policy
Tier 1 ISO A.5 ISO Cl.8 NIST MG-1 NIST GV-2

AI Deployment Validation and Approval
Tier 2 ISO Cl.6 ISO Cl.9 NIST GV-4 NIST MG-3 OWASP ASI08

AI Risk Self-Assessment

INFRASTRUCTURE AI Infrastructure Controls

2 controls — Ensure the underlying AI assets and vendors are inventoried and managed securely.

Tier 1 ISO A.4 NIST GV-6 NIST MP-4 OWASP LLM05 OWASP ASI04

AI Asset Inventory
Tier 2 ISO A.10 NIST GV-6 NIST MG-4 OWASP LLM05 OWASP ASI04 OWASP ASI10

AI Vendor Security Evaluation