Compliance Checklist

AI Security Checklist

Track your compliance with AI security frameworks

Overall Progress

0/13

Critical

0/21

High

0/3

Medium

0/0

Low

Completion Progress0/37

Show completed

Establish AI governance policyCriticalL1

Document organizational policies for AI development and use

NIST AI RMF Govern 1.1ISO 42001

Governance

Define AI risk toleranceHighL1

Establish acceptable risk levels for AI systems

NIST AI RMF Govern 1.2

Governance

Assign AI security ownershipCriticalL1

Designate responsible parties for AI security

NIST AI RMF Govern 2.1ISO 42001

Governance

Establish AI ethics review boardMediumL2

Create oversight body for AI ethical concerns

NIST AI RMF Govern 4.1

Governance

Maintain training data inventoryCriticalL1

Document all data sources used for AI training

AISVS C1.1.1EU AI Act Art. 10

Data Security

Implement data quality controlsHighL1

Validate training data for quality and bias

AISVS C1.1.2NIST AI RMF Map 1.1

Data Security

Encrypt data at rest and in transitCriticalL1

Apply encryption to all sensitive training data

AISVS C1.2.2NIST 800-53 SC-28

Data Security

Implement data access controlsHighL1

Restrict access to training data based on role

AISVS C5.1.1NIST 800-53 AC-3

Data Security

Conduct data privacy assessmentHighL1

Evaluate PII exposure in training data

AISVS C11.1.1GDPR Art. 35

Data Security

Implement input length limitsHighL1

Restrict maximum input size for AI systems

AISVS C2.1.1

Input Security

Sanitize user inputsCriticalL1

Filter and sanitize all inputs before processing

AISVS C2.1.2

Input Security

Implement prompt injection detectionCriticalL1

Detect and block prompt injection attempts

AISVS C2.2.1ATLAS AML.T0051

Input Security

Use delimiter tokensHighL2

Separate system and user content with clear boundaries

AISVS C2.2.2

Input Security

Implement output content filteringCriticalL1

Filter harmful or inappropriate content from outputs

AISVS C7.1.1

Output Security

Add output format validationHighL1

Validate AI outputs match expected schema

AISVS C7.1.2

Output Security

Implement PII detection in outputsHighL1

Detect and redact PII from AI responses

AISVS C7.2.1AISVS C11.2.1

Output Security

Add source attributionMediumL2

Include sources for AI-generated claims

AISVS C7.3.1

Output Security

Implement strong authenticationCriticalL1

Require authentication for AI system access

AISVS C5.1.1NIST 800-53 IA-2

Access Control

Implement role-based access controlCriticalL1

Restrict AI capabilities based on user role

AISVS C5.1.2NIST 800-53 AC-2

Access Control

Apply least privilege principleHighL1

Grant minimum permissions required

AISVS C5.2.1NIST 800-53 AC-6

Access Control

Implement API rate limitingHighL1

Prevent abuse through request rate limits

AISVS C5.3.1

Access Control

Implement model versioningHighL1

Track all model versions with metadata

AISVS C3.1.1

Model Security

Sign model artifactsHighL2

Cryptographically sign model files

AISVS C3.2.1

Model Security

Conduct adversarial testingHighL2

Test models against adversarial attacks

AISVS C10.1.1ATLAS

Model Security

Perform security scanningHighL1

Scan models for vulnerabilities

AISVS C3.3.1

Model Security

Define tool permissionsCriticalL1

Specify allowed tools for each agent

AISVS C9.1.1

Agent Security

Implement human-in-the-loopCriticalL1

Require approval for sensitive actions

AISVS C9.2.1EU AI Act Art. 14

Agent Security

Sandbox agent executionHighL1

Isolate agent tool execution environments

AISVS C9.3.1

Agent Security

Implement kill switchCriticalL1

Enable immediate agent termination capability

AISVS C9.4.1

Agent Security

Enable comprehensive loggingCriticalL1

Log all AI system interactions and decisions

AISVS C13.1.1NIST 800-53 AU-2

Monitoring

Implement audit trailsHighL1

Maintain tamper-proof audit logs

AISVS C13.1.2EU AI Act Art. 12

Monitoring

Configure security alertsHighL1

Set up alerts for anomalous AI behavior

AISVS C13.2.1NIST 800-53 SI-4

Monitoring

Develop AI incident playbooksHighL2

Create response procedures for AI incidents

NIST 800-53 IR-4NIST AI RMF Manage

Monitoring

Assess third-party AI providersHighL1

Evaluate security of AI service providers

AISVS C8.1.1NIST 800-53 SR-1

Supply Chain

Review model provenanceHighL1

Verify origin of third-party models

AISVS C8.2.1

Supply Chain

Scan ML dependenciesHighL1

Check for vulnerabilities in ML libraries

AISVS C8.3.1

Supply Chain

Maintain AI SBOMMediumL2

Document software bill of materials for AI

AISVS C8.3.2

Supply Chain