This maps AI-specific risks to controls across common frameworks.
| AI Risk | NIST AI RMF | NIST CSF 2.0 | ISO 27001 | CIS Controls |
|---|
| Prompt Injection | MAP 1.5, MEASURE 2.6 | PR.DS, DE.CM | A.8.25, A.8.26 | CIS 16 (App Security) |
| Data Poisoning | MAP 3.4, GOVERN 1.4 | PR.DS, PR.IP | A.5.21, A.8.9 | CIS 2 (Software Assets) |
| Model Extraction | MAP 1.1, MANAGE 2.3 | PR.AC, PR.DS | A.8.11, A.5.33 | CIS 3 (Data Protection) |
| Training Data Leakage | GOVERN 6.1, MAP 5.1 | PR.DS, PR.IP | A.5.34, A.8.11 | CIS 3 (Data Protection) |
| Shadow AI | GOVERN 1.1, GOVERN 6.2 | ID.AM, PR.AC | A.5.9, A.5.10 | CIS 1 (Inventory) |
| Hallucination | MEASURE 2.5, MANAGE 3.1 | DE.CM | A.8.25 | CIS 16 (App Security) |
| Third-Party Model Risk | MAP 3.4, GOVERN 6.1 | ID.SC | A.5.19-A.5.22 | CIS 15 (Service Provider) |
| Bias/Discrimination | MAP 2.3, MEASURE 2.11 | — | — | — |
| Model Drift | MEASURE 1.1, MANAGE 1.3 | DE.CM | A.8.16 | CIS 8 (Audit Log) |
| Category | Controls |
|---|
| Preventive | Input filtering, access control, data validation, supply chain verification |
| Detective | Output monitoring, anomaly detection, drift detection, audit logging |
| Corrective | Model rollback, circuit breakers, human-in-the-loop override, incident response |
| Compensating | Fallback models, disclaimer systems, rate limiting, multi-model consensus |