← Frameworks / CSA AICM v1 / Coverage Analysis

CSA AI Controls Matrix v1.0.3 — SP 800-53 Coverage

How well do NIST SP 800-53 Rev 5 controls address each CSA AICM v1 requirement? This analysis maps from framework clauses back to SP 800-53, with expert coverage weightings and gap identification.

Clauses: 243
Avg Coverage: 74.4%
Publisher: Cloud Security Alliance (CSA)
Coverage Distribution
Full (85-100%): 37 Substantial (65-84%): 161 Partial (40-64%): 43 Weak (1-39%): 2
CSA AICM v1 → SP 800-53 SP 800-53 → CSA AICM v1 Coverage Analysis

Clause-by-Clause Analysis

Sorted by clause
A&A-01 Audit and Assurance Policy and Procedures
CA-01 CA-02 AU-01
85%

Rationale

CA-01 establishes assessment policy and procedures; CA-02 defines control assessments; AU-01 covers audit and accountability policy. Together these address the policy and procedural foundations for audit and assurance.

Gaps

AICM requires AI-specific audit policies covering model governance, algorithmic accountability, and AI system lifecycle audit trails that NIST does not explicitly address.

Mapped Controls

CA-01 CA-02 AU-01
A&A-02 Independent Assessments
CA-02 CA-07 CA-08
85%

Rationale

CA-02 requires independent assessments of security controls; CA-07 provides continuous monitoring; CA-08 covers penetration testing.

Gaps

AICM emphasizes independent assessment of AI systems including model validation, bias auditing, and algorithmic impact assessments not covered by NIST.

Mapped Controls

CA-02 CA-07 CA-08
A&A-03 Risk Based Planning Assessment
CA-02 RA-03 RA-07
80%

Rationale

RA-03 covers risk assessment; CA-02 addresses control assessment planning; RA-07 covers risk response.

Gaps

AICM requires risk-based assessment planning that accounts for AI-specific risks (model drift, adversarial attacks, training data bias) beyond traditional IT risk.

Mapped Controls

CA-02 RA-03 RA-07
A&A-04 Requirements Compliance
CA-02 CA-05 CA-09
75%

Rationale

CA-02 assesses control compliance; CA-05 produces plans of action and milestones; CA-09 covers internal system connections.

Gaps

AICM focuses on demonstrating compliance with AI-specific regulations (EU AI Act, NIST AI RMF) and cloud-specific evidence requirements.

Mapped Controls

CA-02 CA-05 CA-09
A&A-05 Audit Management Process
CA-02 CA-05 AU-06
78%

Rationale

CA-02 manages security assessments; CA-05 tracks remediation via POA&M; AU-06 covers audit review, analysis, and reporting.

Gaps

AICM requires structured audit management including AI model audit trails, training data provenance audits, and algorithmic decision logging.

Mapped Controls

CA-02 CA-05 AU-06
A&A-06 Remediation
CA-05 CA-02 RA-07
80%

Rationale

CA-05 establishes remediation plans (POA&M); CA-02 provides assessment framework; RA-07 addresses risk response.

Gaps

AICM specifies AI-specific remediation including model retraining schedules, bias correction plans, and AI incident response procedures.

Mapped Controls

CA-05 CA-02 RA-07
AIS-01 Application and Interface Security Policy and Procedures
SA-01 SA-08 SI-01
80%

Rationale

SA-01 establishes system acquisition policy; SA-08 covers security engineering principles; SI-01 provides system and information integrity policy.

Gaps

AICM extends to AI application security policies including ML pipeline security, model serving infrastructure, and AI API protection requirements.

Mapped Controls

SA-01 SA-08 SI-01
AIS-02 Application Security Baseline Requirements
SA-08 SA-11 SA-15
78%

Rationale

SA-08 defines security engineering principles; SA-11 covers developer testing and evaluation; SA-15 addresses development process and standards.

Gaps

AICM baseline requirements extend to AI-specific secure development practices including adversarial robustness, model integrity verification, and ML framework security.

Mapped Controls

SA-08 SA-11 SA-15
AIS-03 Application Security Metrics
CA-07 PM-06 SA-11
75%

Rationale

CA-07 provides continuous monitoring; PM-06 covers security metrics; SA-11 addresses developer security testing.

Gaps

AICM requires AI-specific application security metrics including model performance degradation monitoring, drift detection, and adversarial input detection.

Mapped Controls

CA-07 PM-06 SA-11
AIS-04 Secure Application Development Lifecycle
SA-03 SA-08 SA-11 SA-15
80%

Rationale

SA-03 covers system development lifecycle; SA-08 addresses security engineering; SA-11 covers developer testing; SA-15 covers development standards.

Gaps

AICM extends SDLC to MLOps lifecycle including model training, validation, deployment, and monitoring phases with AI-specific security gates.

Mapped Controls

SA-03 SA-08 SA-11 SA-15
AIS-05 Application Security Testing
CA-08 RA-05 SA-11
78%

Rationale

CA-08 covers penetration testing; RA-05 addresses vulnerability scanning; SA-11 covers developer security testing.

Gaps

AICM requires AI-specific security testing including adversarial robustness testing, model extraction attacks, and training data poisoning assessments.

Mapped Controls

CA-08 RA-05 SA-11
AIS-06 Secure Application Deployment
CM-02 CM-03 SA-03
75%

Rationale

CM-02 provides baseline configurations; CM-03 covers configuration change control; SA-03 addresses system development lifecycle.

Gaps

AICM addresses automated secure deployment pipelines for ML models including model versioning, rollback capabilities, and deployment validation.

Mapped Controls

CM-02 CM-03 SA-03
AIS-07 Application Vulnerability Remediation
RA-05 SA-11
72%

Rationale

RA-05 covers vulnerability monitoring and scanning; SA-11 addresses developer security testing and evaluation.

Gaps

AICM requires AI-specific vulnerability assessment including model vulnerability scanning, dependency analysis for ML frameworks, and AI supply chain security.

Mapped Controls

RA-05 SA-11
AIS-08 Input Validation
SA-08 SC-07 AC-04
65%

Rationale

SA-08 covers security engineering principles; SC-07 provides boundary protection; AC-04 addresses information flow enforcement for API security.

Gaps

AICM AIS-08 specifically addresses AI API security including model inference endpoint protection, rate limiting for AI services, and input validation for model queries. NIST lacks AI API-specific controls.

Mapped Controls

SA-08 SC-07 AC-04
AIS-09 Output Validation
SA-11 SI-07 CM-03
60%

Rationale

SA-11 covers developer testing; SI-07 addresses software integrity; CM-03 covers change control. These partially address AI model integrity.

Gaps

AICM requires AI model integrity verification including cryptographic model signing, tamper detection for model weights, and inference integrity validation.

Mapped Controls

SA-11 SI-07 CM-03
AIS-10 API Security
SA-08 SA-11 RA-05
55%

Rationale

SA-08/SA-11 cover security engineering and testing; RA-05 covers vulnerability scanning. These provide a general framework but lack AI specificity.

Gaps

AICM addresses adversarial robustness requirements including adversarial input detection, model hardening against evasion attacks, and robustness testing methodologies.

Mapped Controls

SA-08 SA-11 RA-05
AIS-11 Agents Security Boundaries
SA-03 SA-15 CM-03
60%

Rationale

SA-03 covers development lifecycle; SA-15 addresses development standards; CM-03 covers change control for ML pipeline security.

Gaps

AICM requires ML pipeline security controls including secure training infrastructure, feature store protection, and automated ML security gates.

Mapped Controls

SA-03 SA-15 CM-03
AIS-12 Source Code Managemement
SI-04 CA-07 AU-06
55%

Rationale

SI-04 covers information system monitoring; CA-07 provides continuous monitoring; AU-06 covers audit review and analysis.

Gaps

AICM addresses AI-specific runtime monitoring including model behavior anomaly detection, inference drift monitoring, and automated model rollback triggers.

Mapped Controls

SI-04 CA-07 AU-06
AIS-13 AI Sandboxing
SA-11 CA-08 SI-07
58%

Rationale

SA-11 covers developer testing; CA-08 addresses penetration testing; SI-07 covers software integrity verification.

Gaps

AICM requires AI red teaming including adversarial ML attacks, prompt injection testing, model extraction attempts, and AI-specific threat simulation.

Mapped Controls

SA-11 CA-08 SI-07
AIS-14 AI Cache Protection
SA-08 SC-13 SI-07
55%

Rationale

SA-08 covers security engineering; SC-13 addresses cryptographic protection; SI-07 covers software integrity.

Gaps

AICM addresses model provenance and supply chain security including model origin verification, training data lineage, and third-party model validation.

Mapped Controls

SA-08 SC-13 SI-07
AIS-15 Prompt Differentation
SA-03 SA-08 SA-11
52%

Rationale

SA-03/SA-08/SA-11 provide general software security lifecycle controls applicable to AI development.

Gaps

AICM requires responsible AI development practices including fairness testing, explainability requirements, and human oversight integration. NIST 800-53 does not address responsible AI.

Mapped Controls

SA-03 SA-08 SA-11
BCR-01 Business Continuity Management Policy and Procedures
CP-01 CP-02
82%

Rationale

CP-01 establishes contingency planning policy; CP-02 defines contingency plans.

Gaps

AICM extends BCR to AI system resilience including model failover, graceful degradation of AI services, and fallback to non-AI decision paths.

Mapped Controls

CP-01 CP-02
BCR-02 Risk Assessment and Impact Analysis
CP-02 RA-03 RA-09
78%

Rationale

CP-02 covers contingency planning; RA-03 addresses risk assessment; RA-09 covers criticality analysis.

Gaps

AICM requires AI-specific business impact analysis including model dependency mapping and AI service criticality assessment.

Mapped Controls

CP-02 RA-03 RA-09
BCR-03 Business Continuity Strategy
CP-02 CP-07 CP-08
80%

Rationale

CP-02/CP-07/CP-08 address contingency planning, alternate processing sites, and telecommunications services.

Gaps

AICM extends to AI-specific redundancy including model replication, distributed inference capabilities, and training infrastructure resilience.

Mapped Controls

CP-02 CP-07 CP-08
BCR-04 Business Continuity Planning
CP-02 CP-03 CP-04
82%

Rationale

CP-02 covers contingency planning; CP-03/CP-04 address testing and training for continuity.

Gaps

AICM requires AI system continuity testing including model failover validation and AI service degradation drills.

Mapped Controls

CP-02 CP-03 CP-04
BCR-05 Documentation
PL-02 PL-07 CP-02
75%

Rationale

PL-02 covers security concept of operations; PL-07 covers security concept consistency; CP-02 addresses contingency planning.

Gaps

AICM documentation requirements extend to AI model documentation, training data documentation, and AI system architecture records.

Mapped Controls

PL-02 PL-07 CP-02
BCR-06 Business Continuity Exercises
CP-03 CP-04
85%

Rationale

CP-03 covers contingency plan testing; CP-04 addresses training for contingency roles.

Gaps

AICM testing extends to AI-specific scenarios including model corruption recovery and training data restoration.

Mapped Controls

CP-03 CP-04
BCR-07 Communication
CP-02 CP-08 IR-06
78%

Rationale

CP-02/CP-08 address contingency and telecommunications; IR-06 covers incident reporting.

Gaps

AICM addresses AI-specific communication plans during outages including model performance degradation notifications.

Mapped Controls

CP-02 CP-08 IR-06
BCR-08 Backup
CP-06 CP-09
85%

Rationale

CP-06 covers alternate storage sites; CP-09 addresses information system backup.

Gaps

AICM extends backup to AI artifacts including model checkpoints, training data snapshots, and feature store backups.

Mapped Controls

CP-06 CP-09
BCR-09 Disaster Response Plan
CP-02 CP-10 IR-01
80%

Rationale

CP-02 addresses contingency planning; CP-10 covers system recovery; IR-01 establishes incident response policy.

Gaps

AICM requires AI-specific recovery including model restoration, training pipeline recovery, and AI service reconstitution procedures.

Mapped Controls

CP-02 CP-10 IR-01
BCR-10 Response Plan Exercise
CP-04 IR-03
78%

Rationale

CP-04 covers contingency training; IR-03 addresses incident response testing.

Gaps

AICM requires impact analysis specific to AI system failures including cascading model dependency impacts.

Mapped Controls

CP-04 IR-03
BCR-11 Equipment Redundancy
CP-07 CP-08 PE-11
82%

Rationale

CP-07/CP-08 cover alternate processing and telecommunications; PE-11 addresses emergency power.

Gaps

AICM extends to AI infrastructure resilience including GPU cluster failover and distributed training resilience.

Mapped Controls

CP-07 CP-08 PE-11
CCC-01 Change Management Policy and Procedures
CM-01 CM-03 CM-09
82%

Rationale

CM-01 establishes configuration management policy; CM-03 covers change control; CM-09 addresses configuration management plans.

Gaps

AICM extends to AI model versioning, ML experiment tracking, and model configuration management.

Mapped Controls

CM-01 CM-03 CM-09
CCC-02 Quality Testing
CM-03 CM-04 SA-11
80%

Rationale

CM-03 covers change control; CM-04 addresses impact analysis; SA-11 covers developer testing.

Gaps

AICM requires AI-specific change impact analysis including model performance regression testing and bias impact assessment.

Mapped Controls

CM-03 CM-04 SA-11
CCC-03 Change Management Technology
CM-03 CM-05 CM-09
82%

Rationale

CM-03 covers change control processes; CM-05 addresses access restrictions; CM-09 covers configuration plans.

Gaps

AICM extends change control to AI model deployment pipelines and training data change management.

Mapped Controls

CM-03 CM-05 CM-09
CCC-04 Change Authorization
CM-05 SI-07
80%

Rationale

CM-05 restricts changes to configuration items; SI-07 provides software and information integrity verification.

Gaps

AICM requires model integrity verification during deployment and runtime integrity monitoring.

Mapped Controls

CM-05 SI-07
CCC-05 Change Agreements
SA-04 CM-03
75%

Rationale

SA-04 covers acquisition processes; CM-03 addresses change control.

Gaps

AICM addresses change control for third-party AI models and pre-trained model integration.

Mapped Controls

SA-04 CM-03
CCC-06 Change Management Baseline
CM-02 CM-06
80%

Rationale

CM-02 establishes baseline configurations; CM-06 covers configuration settings enforcement.

Gaps

AICM extends to AI infrastructure baseline configurations including GPU cluster settings and model serving configurations.

Mapped Controls

CM-02 CM-06
CCC-07 Detection of Baseline Deviation
CM-02 CM-03 SI-07
78%

Rationale

CM-02/CM-03 cover baselines and change control; SI-07 provides integrity verification.

Gaps

AICM requires detection of unauthorized changes to AI models, training data, and inference pipelines.

Mapped Controls

CM-02 CM-03 SI-07
CCC-08 Exception Management
CA-05 PM-09 PL-02
75%

Rationale

CA-05 tracks remediation via POA&M; PM-09 covers risk management strategy; PL-02 covers security concept of operations.

Gaps

AICM technology risk management extends to AI technology risk including model risk, data risk, and algorithmic risk.

Mapped Controls

CA-05 PM-09 PL-02
CCC-09 Change Restoration
CP-09 CP-10 CM-03
80%

Rationale

CP-09 covers backup; CP-10 addresses recovery; CM-03 covers change control for rollback procedures.

Gaps

AICM requires AI-specific rollback including model version rollback, training data rollback, and feature store restoration.

Mapped Controls

CP-09 CP-10 CM-03
CEK-01 Encryption and Key Management Policy and Procedures
SC-01 SC-12 SC-13
85%

Rationale

SC-01 establishes system and communications protection policy; SC-12 covers key establishment; SC-13 addresses cryptographic protection.

Gaps

AICM extends to encryption for AI training data, model weights, and inference data in transit/at rest.

Mapped Controls

SC-01 SC-12 SC-13
CEK-02 CEK Roles and Responsibilities
PS-01 PL-02 SC-12
78%

Rationale

PS-01 covers personnel security policy; PL-02 covers security concepts; SC-12 addresses key management roles.

Gaps

AICM specifies key management roles for AI systems including model encryption key custodians.

Mapped Controls

PS-01 PL-02 SC-12
CEK-03 Data Encryption
SC-08 SC-13 SC-28
88%

Rationale

SC-08 covers transmission confidentiality; SC-13 addresses cryptographic protection; SC-28 covers protection at rest.

Gaps

AICM extends data encryption to AI-specific data including training datasets, model parameters, and inference results.

Mapped Controls

SC-08 SC-13 SC-28
CEK-04 Encryption Algorithm
SC-13
85%

Rationale

SC-13 directly addresses the use of approved cryptographic algorithms and mechanisms.

Gaps

AICM may require emerging cryptographic standards for AI-specific use cases like homomorphic encryption for privacy-preserving ML.

Mapped Controls

SC-13
CEK-05 Encryption Change Management
CM-03 SC-13
80%

Rationale

CM-03 covers change control; SC-13 addresses cryptographic mechanisms. Together they support encryption change management.

Gaps

AICM addresses cryptographic agility for AI systems including post-quantum readiness for model protection.

Mapped Controls

CM-03 SC-13
CEK-06 Encryption Change Cost Benefit Analysis
RA-03 SC-13
78%

Rationale

RA-03 covers risk assessment; SC-13 addresses cryptographic protection. Together they support risk-based encryption.

Gaps

AICM requires risk assessment of cryptographic approaches for AI data including training data sensitivity classification.

Mapped Controls

RA-03 SC-13
CEK-07 Encryption Risk Management
RA-03 RA-07 SC-13
78%

Rationale

RA-03/RA-07 cover risk assessment and response; SC-13 addresses cryptography.

Gaps

AICM extends to AI-specific risk assessment of cryptographic controls for model and data protection.

Mapped Controls

RA-03 RA-07 SC-13
CEK-08 Customer Key Management Capability
SC-12
85%

Rationale

SC-12 directly addresses cryptographic key establishment and management.

Gaps

AICM extends key management to AI-specific scenarios including federated learning key distribution.

Mapped Controls

SC-12
CEK-09 Encryption and Key Management Audit
AU-02 CA-02 SC-12
80%

Rationale

AU-02 covers audit events; CA-02 addresses assessments; SC-12 covers key management.

Gaps

AICM requires monitoring and auditing of cryptographic operations in AI pipelines.

Mapped Controls

AU-02 CA-02 SC-12
CEK-10 Key Generation
SC-12 SC-13
85%

Rationale

SC-12/SC-13 comprehensively cover key management and cryptographic protection.

Gaps

AICM specifies key generation requirements for AI-specific encryption including hardware security module integration.

Mapped Controls

SC-12 SC-13
CEK-11 Key Purpose
SC-12
85%

Rationale

SC-12 addresses key establishment and management including key distribution.

Gaps

AICM extends to secure key distribution for distributed AI systems and federated learning.

Mapped Controls

SC-12
CEK-12 Key Rotation
SC-12
82%

Rationale

SC-12 addresses key management including key access and authorization.

Gaps

AICM extends key access controls to AI pipeline components and model serving infrastructure.

Mapped Controls

SC-12
CEK-13 Key Revocation
SC-12 SC-17
85%

Rationale

SC-12 covers key management; SC-17 addresses public key infrastructure certificates.

Gaps

AICM extends certificate management to AI service endpoints and model signing certificates.

Mapped Controls

SC-12 SC-17
CEK-14 Key Destruction
MP-06 SC-12
82%

Rationale

MP-06 covers media sanitization; SC-12 addresses key management including destruction.

Gaps

AICM extends key destruction to AI-specific contexts including model decommissioning and training data deletion keys.

Mapped Controls

MP-06 SC-12
CEK-15 Key Activation
SC-12
82%

Rationale

SC-12 comprehensively covers key lifecycle management including activation and suspension.

Gaps

AICM extends key activation/deactivation to AI model lifecycle events.

Mapped Controls

SC-12
CEK-16 Key Suspension
SC-12
82%

Rationale

SC-12 covers key management including key recovery mechanisms.

Gaps

AICM extends key recovery to AI-specific disaster recovery scenarios.

Mapped Controls

SC-12
CEK-17 Key Deactivation
SC-12
80%

Rationale

SC-12 covers key management including key escrow where applicable.

Gaps

AICM addresses AI-specific key escrow requirements for regulated AI systems.

Mapped Controls

SC-12
CEK-18 Key Archival
CP-09 SC-12
82%

Rationale

CP-09 covers backup; SC-12 addresses key management including key archiving.

Gaps

AICM extends key archiving to long-term AI model preservation and reproducibility requirements.

Mapped Controls

CP-09 SC-12
CEK-19 Key Compromise
IR-01 IR-06 SC-12
80%

Rationale

IR-01/IR-06 cover incident response; SC-12 addresses key management during security incidents.

Gaps

AICM addresses key compromise response in AI contexts including model re-encryption procedures.

Mapped Controls

IR-01 IR-06 SC-12
CEK-20 Key Recovery
CP-09 SC-12
82%

Rationale

CP-09 covers backup; SC-12 addresses key management including key backup procedures.

Gaps

AICM extends key backup to AI-specific infrastructure including training cluster key management.

Mapped Controls

CP-09 SC-12
CEK-21 Key Inventory Management
CM-08 SC-12
80%

Rationale

CM-08 covers information system component inventory; SC-12 addresses key management inventory.

Gaps

AICM requires comprehensive key inventory for AI systems including model encryption keys and data protection keys.

Mapped Controls

CM-08 SC-12
DCS-01 Off-Site Equipment Disposal Policy and Procedures
MP-06 PE-01
85%

Rationale

MP-06 covers media sanitization; PE-01 addresses physical access authorizations.

Gaps

AICM extends to security of AI-specific hardware including GPU clusters and specialized AI accelerators.

Mapped Controls

MP-06 PE-01
DCS-02 Off-Site Transfer Authorization Policy and Procedures
MP-05 PE-01 PE-16
82%

Rationale

MP-05 covers media transport; PE-01/PE-16 address physical access and delivery/removal.

Gaps

AICM addresses secure handling of AI hardware and specialized computing equipment.

Mapped Controls

MP-05 PE-01 PE-16
DCS-03 Secure Area Policy and Procedures
PE-01 PE-02 PE-03
88%

Rationale

PE-01/PE-02/PE-03 comprehensively cover physical access authorization, enforcement, and monitoring.

Gaps

AICM extends physical access controls to AI training facilities and GPU datacenters.

Mapped Controls

PE-01 PE-02 PE-03
DCS-04 Secure Media Transportation Policy and Procedures
MP-01 MP-05
82%

Rationale

MP-01 establishes media protection policy; MP-05 covers media transport.

Gaps

AICM addresses handling of AI-specific media including training data storage and model weight archives.

Mapped Controls

MP-01 MP-05
DCS-05 Assets Classification
CM-08 MP-04 RA-02
80%

Rationale

CM-08 covers asset inventory; MP-04 addresses media storage; RA-02 covers security categorization.

Gaps

AICM extends asset classification to AI-specific assets including training data, models, and inference endpoints.

Mapped Controls

CM-08 MP-04 RA-02
DCS-06 Assets Cataloguing and Tracking
CM-08 PE-05
78%

Rationale

CM-08 covers component inventory; PE-05 addresses physical access monitoring.

Gaps

AICM extends asset management to AI infrastructure lifecycle including GPU deprecation and AI hardware refresh.

Mapped Controls

CM-08 PE-05
DCS-07 Controlled Physical Access Points
PE-03 PE-06
85%

Rationale

PE-03 covers physical access monitoring; PE-06 addresses visitor management.

Gaps

AICM extends visitor controls to sensitive AI facilities.

Mapped Controls

PE-03 PE-06
DCS-08 Equipment Identification
CM-08 IA-03
78%

Rationale

CM-08 covers component inventory; IA-03 addresses device identification and authentication.

Gaps

AICM extends device management to AI training nodes and inference hardware.

Mapped Controls

CM-08 IA-03
DCS-09 Secure Area Authorization
PE-02 PE-03
85%

Rationale

PE-02/PE-03 cover physical access control and monitoring.

Gaps

AICM extends to access control for AI compute facilities.

Mapped Controls

PE-02 PE-03
DCS-10 Surveillance System
PE-06 PE-08
82%

Rationale

PE-06 covers monitoring; PE-08 addresses visitor access records.

Gaps

AICM extends surveillance to AI-specific facilities.

Mapped Controls

PE-06 PE-08
DCS-11 Adverse Event Response Training
AT-03 IR-02 PE-06
78%

Rationale

AT-03 covers security training; IR-02 addresses incident response training; PE-06 covers monitoring.

Gaps

AICM requires AI facility-specific security awareness including handling of sensitive training data.

Mapped Controls

AT-03 IR-02 PE-06
DCS-12 Cabling Security
PE-04 PE-09
85%

Rationale

PE-04 covers transmission medium access control; PE-09 addresses power and cabling.

Gaps

AICM extends cabling security to high-bandwidth AI training interconnects.

Mapped Controls

PE-04 PE-09
DCS-13 Environmental Systems
PE-13 PE-14 PE-15
88%

Rationale

PE-13/PE-14/PE-15 comprehensively cover fire, temperature/humidity, and water damage protection.

Gaps

AICM extends environmental controls to high-density AI compute environments with specific cooling requirements.

Mapped Controls

PE-13 PE-14 PE-15
DCS-14 Secure Utilities
PE-09 PE-10 PE-11
85%

Rationale

PE-09 covers power equipment; PE-10 addresses emergency shutoff; PE-11 covers emergency power.

Gaps

AICM extends power management to high-power AI training clusters.

Mapped Controls

PE-09 PE-10 PE-11
DCS-15 Equipment Location
PE-05 PE-18
80%

Rationale

PE-05 covers access control for output devices; PE-18 addresses location of information system components.

Gaps

AICM extends equipment location considerations to AI infrastructure placement and edge AI deployment.

Mapped Controls

PE-05 PE-18
DSP-01 Security and Privacy Policy and Procedures
AC-01 PL-01 PT-01
80%

Rationale

AC-01 establishes access control policy; PL-01 covers planning policy; PT-01 addresses personally identifiable information processing policy.

Gaps

AICM extends to AI-specific data security policies including training data governance, model data handling, and AI output data protection.

Mapped Controls

AC-01 PL-01 PT-01
DSP-02 Secure Disposal
MP-06 SI-12
78%

Rationale

MP-06 covers media sanitization; SI-12 addresses information management and retention.

Gaps

AICM extends data handling to AI training data lifecycle, model artifact management, and synthetic data governance.

Mapped Controls

MP-06 SI-12
DSP-03 Data Inventory
CM-08 PM-05 PT-03
75%

Rationale

CM-08 covers inventory; PM-05 addresses information security workforce; PT-03 covers data minimization.

Gaps

AICM requires AI-specific data inventory including training datasets, feature stores, and model registries.

Mapped Controls

CM-08 PM-05 PT-03
DSP-04 Data Classification
AC-16 RA-02
78%

Rationale

AC-16 covers security and privacy attributes; RA-02 addresses security categorization.

Gaps

AICM extends data classification to AI data types including training data sensitivity, model weight classification, and inference data categorization.

Mapped Controls

AC-16 RA-02
DSP-05 Data Flow Documentation
AC-04 CA-09 PL-02
78%

Rationale

AC-04 covers information flow enforcement; CA-09 addresses internal connections; PL-02 covers security concepts.

Gaps

AICM extends data flow mapping to AI pipelines including training data flows, model serving paths, and feedback loops.

Mapped Controls

AC-04 CA-09 PL-02
DSP-06 Data Ownership and Stewardship
AC-16 PM-05 PT-01
75%

Rationale

AC-16 covers security attributes; PM-05 addresses workforce; PT-01 covers PII processing.

Gaps

AICM requires data ownership for AI systems including training data provenance, model IP ownership, and synthetic data rights.

Mapped Controls

AC-16 PM-05 PT-01
DSP-07 Data Protection by Design and Default
SA-08 SC-28 PT-01
72%

Rationale

SA-08 covers security engineering; SC-28 provides protection at rest; PT-01 addresses PII processing policy.

Gaps

AICM extends privacy by design to AI systems including privacy-preserving ML techniques, differential privacy, and federated learning.

Mapped Controls

SA-08 SC-28 PT-01
DSP-08 Data Privacy by Design and Default
PT-01 PT-02 PT-03
75%

Rationale

PT-01/PT-02/PT-03 address PII processing, authority, and data minimization.

Gaps

AICM extends personal data handling to AI-specific scenarios including automated profiling, AI-driven decision making, and training data containing PII.

Mapped Controls

PT-01 PT-02 PT-03
DSP-09 Data Protection Impact Assessment
PT-01 RA-03 RA-08
72%

Rationale

PT-01 covers PII processing; RA-03/RA-08 address risk assessment and privacy impact.

Gaps

AICM requires AI-specific data protection impact assessments including algorithmic impact assessments and AI bias assessments.

Mapped Controls

PT-01 RA-03 RA-08
DSP-10 Sensitive Data Transfer
AC-04 SC-08 SC-13
85%

Rationale

AC-04 enforces information flow; SC-08 provides transmission confidentiality; SC-13 covers cryptographic protection.

Gaps

AICM extends data transfer controls to AI-specific transfers including model weight distribution and federated learning communications.

Mapped Controls

AC-04 SC-08 SC-13
DSP-11 Personal Data Access, Reversal, Rectification and Deletion
PT-04 PT-05 PT-06
72%

Rationale

PT-04/PT-05/PT-06 cover individual consent, privacy notice, and system of records.

Gaps

AICM extends consent management to AI-specific scenarios including consent for automated decision-making and AI training data usage.

Mapped Controls

PT-04 PT-05 PT-06
DSP-12 Limitation of Purpose in Personal Data Processing
PT-02 PT-03
72%

Rationale

PT-02 covers authority for PII processing; PT-03 addresses data minimization and retention.

Gaps

AICM extends data purpose limitation to AI including training data reuse restrictions, model purpose limitations, and transfer learning constraints.

Mapped Controls

PT-02 PT-03
DSP-13 Personal Data Sub-processing
PT-01 SA-04 SA-09
70%

Rationale

PT-01 covers PII processing; SA-04/SA-09 address acquisition and external systems.

Gaps

AICM extends to third-party AI data processing including cloud AI services, third-party model APIs, and data annotation services.

Mapped Controls

PT-01 SA-04 SA-09
DSP-14 Disclosure of Data Sub-processors
PT-01 SA-09
70%

Rationale

PT-01 covers PII processing policy; SA-09 addresses external information system services.

Gaps

AICM addresses cross-border AI data transfer restrictions including model training across jurisdictions and AI service localization requirements.

Mapped Controls

PT-01 SA-09
DSP-15 Limitation of Production Data Use
CM-04 PT-03
72%

Rationale

CM-04 covers security impact analysis; PT-03 addresses data minimization.

Gaps

AICM extends data retention to AI including training data retention, model artifact retention, and experiment metadata preservation.

Mapped Controls

CM-04 PT-03
DSP-16 Data Retention and Deletion
MP-06 PT-01 SI-12
78%

Rationale

MP-06 covers sanitization; PT-01 addresses PII processing; SI-12 covers information management.

Gaps

AICM extends secure disposal to AI artifacts including model deletion, training data sanitization, and inference log purging.

Mapped Controls

MP-06 PT-01 SI-12
DSP-17 Sensitive Data Protection
AC-03 SC-08 SC-28
82%

Rationale

AC-03 covers access enforcement; SC-08/SC-28 address data protection in transit and at rest.

Gaps

AICM extends data protection to AI-specific data including model weights, embeddings, and training data encryption.

Mapped Controls

AC-03 SC-08 SC-28
DSP-18 Disclosure Notification
IR-06 PT-01
72%

Rationale

IR-06 covers incident reporting; PT-01 addresses PII processing policy.

Gaps

AICM extends breach notification to AI-specific incidents including model compromise, training data exposure, and adversarial attack disclosure.

Mapped Controls

IR-06 PT-01
DSP-19 Data Location
PT-01 SA-09
70%

Rationale

PT-01 covers PII processing; SA-09 addresses external information system services.

Gaps

AICM extends subprocessor management to AI-specific scenarios including third-party model providers and data annotation subcontractors.

Mapped Controls

PT-01 SA-09
DSP-20 Data Provenance and Transparency
PT-01 PT-03 SA-08
55%

Rationale

PT-01/PT-03 cover PII processing and minimization; SA-08 covers security engineering principles.

Gaps

AICM addresses training data governance including data provenance, consent for training use, data quality requirements, and bias assessment in training datasets. NIST lacks AI training data-specific controls.

Mapped Controls

PT-01 PT-03 SA-08
DSP-21 Data Poisoning Prevention & Detection
PT-01 SI-12 RA-03
50%

Rationale

PT-01 covers PII processing; SI-12 addresses information management; RA-03 covers risk assessment.

Gaps

AICM addresses synthetic data governance including generation controls, privacy guarantees, utility validation, and synthetic data lineage tracking.

Mapped Controls

PT-01 SI-12 RA-03
DSP-22 Privacy Enhancing Technologies
AC-04 PT-01 SC-13
52%

Rationale

AC-04 covers information flow; PT-01 addresses PII processing; SC-13 covers cryptographic protection for privacy-preserving computation.

Gaps

AICM addresses privacy-preserving machine learning techniques including differential privacy, federated learning governance, and secure multi-party computation for AI. NIST does not address these AI-specific privacy techniques.

Mapped Controls

AC-04 PT-01 SC-13
DSP-23 Data Integrity Check
PT-01 PT-04 SA-09
55%

Rationale

PT-01/PT-04 cover PII processing and consent; SA-09 addresses external services.

Gaps

AICM addresses AI output data governance including generated content attribution, deepfake detection requirements, and AI-generated data labeling obligations.

Mapped Controls

PT-01 PT-04 SA-09
DSP-24 Data Differentiation and Relevance
SI-12 PT-03 AU-02
50%

Rationale

SI-12 covers information management; PT-03 addresses data minimization; AU-02 covers audit events.

Gaps

AICM addresses model data lineage requirements including end-to-end traceability from training data through model artifacts to inference outputs. NIST does not address AI data lineage.

Mapped Controls

SI-12 PT-03 AU-02
GRC-01 Governance Program Policy and Procedures
PL-01 PM-01 PM-02
80%

Rationale

PL-01/PM-01/PM-02 establish security planning, program, and roles.

Gaps

AICM extends governance to AI-specific oversight including AI ethics boards, model governance committees, and algorithmic accountability structures.

Mapped Controls

PL-01 PM-01 PM-02
GRC-02 Risk Management Program
PM-09 RA-01 RA-03
80%

Rationale

PM-09 covers risk management strategy; RA-01/RA-03 establish risk assessment policy and process.

Gaps

AICM extends risk management to AI-specific risks including model risk, algorithmic bias, and AI system safety.

Mapped Controls

PM-09 RA-01 RA-03
GRC-03 Organizational Policy Reviews
PL-01 PM-01
78%

Rationale

PL-01 covers planning policy; PM-01 establishes information security program.

Gaps

AICM requires AI-specific security program elements including AI governance frameworks and responsible AI programs.

Mapped Controls

PL-01 PM-01
GRC-04 Policy Exception Process
CA-05 PL-02
75%

Rationale

CA-05 covers plans of action; PL-02 addresses security concept of operations.

Gaps

AICM extends to AI governance roadmaps and AI security program maturity tracking.

Mapped Controls

CA-05 PL-02
GRC-05 Information Security Program
PM-01 PM-02 PM-03
78%

Rationale

PM-01/PM-02/PM-03 cover security program, roles, and capital planning.

Gaps

AICM extends to AI-specific resource allocation including AI security budget, AI talent requirements, and AI infrastructure investment.

Mapped Controls

PM-01 PM-02 PM-03
GRC-06 Governance Responsibility Model
PL-02 PM-01 PM-02
78%

Rationale

PL-02 covers security concepts; PM-01/PM-02 establish program and roles.

Gaps

AICM extends security program to AI-specific components including AI risk management frameworks and AI security operations.

Mapped Controls

PL-02 PM-01 PM-02
GRC-07 Information System Regulatory Mapping
CA-02 PM-01 PL-02
75%

Rationale

CA-02 covers assessments; PM-01 establishes program; PL-02 covers security concepts.

Gaps

AICM requires AI-specific policy review cycles including updates for emerging AI threats and regulatory changes.

Mapped Controls

CA-02 PM-01 PL-02
GRC-08 Special Interest Groups
PM-15 PM-16
78%

Rationale

PM-15 covers security groups and associations; PM-16 addresses threat awareness program.

Gaps

AICM extends stakeholder engagement to AI-specific parties including AI researchers, ethics boards, and AI regulators.

Mapped Controls

PM-15 PM-16
GRC-09 Acceptable Use of the AI Service
PM-01 PM-09 RA-01
55%

Rationale

PM-01/PM-09 cover security program and risk strategy; RA-01 establishes risk assessment policy.

Gaps

AICM addresses AI governance frameworks including responsible AI principles, AI ethics policies, and organizational AI strategy alignment. NIST 800-53 does not address AI governance specifically.

Mapped Controls

PM-01 PM-09 RA-01
GRC-10 AI Impact Assessment
PM-01 PM-02 PM-09
50%

Rationale

PM-01/PM-02 establish security program and roles; PM-09 covers risk management strategy.

Gaps

AICM requires AI ethics oversight including ethics review boards, algorithmic impact assessments, and human rights due diligence for AI systems.

Mapped Controls

PM-01 PM-02 PM-09
GRC-11 Bias and Fairness Assessment
RA-01 RA-03 PM-09
55%

Rationale

RA-01/RA-03 cover risk assessment; PM-09 addresses risk management strategy.

Gaps

AICM addresses AI-specific risk management including model risk quantification, AI system risk taxonomy, and AI risk appetite definition.

Mapped Controls

RA-01 RA-03 PM-09
GRC-12 Ethics Committee
PM-01 CA-02 CA-07
52%

Rationale

PM-01 establishes program; CA-02/CA-07 cover assessment and monitoring.

Gaps

AICM addresses AI regulatory compliance monitoring including tracking of emerging AI regulations (EU AI Act, state AI laws) and proactive compliance adaptation.

Mapped Controls

PM-01 CA-02 CA-07
GRC-13 Explainability Requirement
PM-02 PS-01 AT-01
50%

Rationale

PM-02 covers roles; PS-01 addresses personnel security; AT-01 covers training policy.

Gaps

AICM requires AI-specific roles and responsibilities including AI safety officers, model validators, and AI ethics leads.

Mapped Controls

PM-02 PS-01 AT-01
GRC-14 Explainability Evaluation
PM-01 PM-09 RA-03
48%

Rationale

PM-01/PM-09/RA-03 provide general governance and risk management frameworks.

Gaps

AICM addresses responsible AI principles including fairness, accountability, transparency, and explainability (FATE) requirements not covered by NIST 800-53.

Mapped Controls

PM-01 PM-09 RA-03
GRC-15 Human supervision
PM-15 PM-16 CA-07
52%

Rationale

PM-15/PM-16 cover external engagement and threat awareness; CA-07 covers continuous monitoring.

Gaps

AICM requires AI incident reporting to regulators and stakeholders including mandatory disclosure of AI system failures and bias incidents.

Mapped Controls

PM-15 PM-16 CA-07
HRS-01 Background Screening Policy and Procedures
PS-01 PS-03
85%

Rationale

PS-01 establishes personnel security policy; PS-03 covers personnel screening.

Gaps

AICM extends screening to AI-specific roles including data scientists, ML engineers, and AI ethics reviewers.

Mapped Controls

PS-01 PS-03
HRS-02 Acceptable Use of Technology Policy and Procedures
AC-20 PL-04
78%

Rationale

AC-20 covers use of external systems; PL-04 addresses rules of behavior.

Gaps

AICM extends acceptable use to AI systems including acceptable use of AI tools, model usage policies, and AI output verification requirements.

Mapped Controls

AC-20 PL-04
HRS-03 Clean Desk Policy and Procedures
AC-11 MP-02
80%

Rationale

AC-11 covers session lock; MP-02 addresses media access.

Gaps

AICM extends clean desk to AI workstation security including training data access and model development environment protection.

Mapped Controls

AC-11 MP-02
HRS-04 Remote and Home Working Policy and Procedures
AC-17 PE-17
78%

Rationale

AC-17 covers remote access; PE-17 addresses alternate work site security.

Gaps

AICM extends remote work security to AI development including remote access to training infrastructure and model repositories.

Mapped Controls

AC-17 PE-17
HRS-05 Asset returns
PS-04
82%

Rationale

PS-04 covers personnel termination procedures.

Gaps

AICM extends termination to AI-specific access revocation including model repositories, training infrastructure, and AI service accounts.

Mapped Controls

PS-04
HRS-06 Employment Termination
PS-04 PS-05
82%

Rationale

PS-04/PS-05 cover personnel termination and transfer procedures.

Gaps

AICM extends role change procedures to AI-specific access including model governance roles and data access permissions.

Mapped Controls

PS-04 PS-05
HRS-07 Employment Agreement Process
PS-01 PS-06
80%

Rationale

PS-01 covers personnel security policy; PS-06 addresses access agreements.

Gaps

AICM extends non-disclosure to AI-specific intellectual property including model architectures, training methodologies, and AI research.

Mapped Controls

PS-01 PS-06
HRS-08 Employment Agreement Content
PL-04 PS-06
78%

Rationale

PL-04 covers rules of behavior; PS-06 addresses access agreements.

Gaps

AICM extends rules of behavior to AI-specific requirements including responsible AI use and AI ethics obligations.

Mapped Controls

PL-04 PS-06
HRS-09 Personnel Roles and Responsibilities
PL-02 PM-02 PS-01
78%

Rationale

PL-02 covers security concepts; PM-02 addresses roles; PS-01 covers personnel security.

Gaps

AICM extends security roles to AI-specific positions and responsibilities.

Mapped Controls

PL-02 PM-02 PS-01
HRS-10 Non-Disclosure Agreements
PS-06 PS-09
78%

Rationale

PS-06 covers access agreements; PS-09 addresses position categorization.

Gaps

AICM extends compliance monitoring to AI-specific obligations and ethical commitments.

Mapped Controls

PS-06 PS-09
HRS-11 Security Awareness Training
AT-01 AT-02 AT-03
82%

Rationale

AT-01/AT-02/AT-03 comprehensively cover security awareness training policy, content, and role-based training.

Gaps

AICM extends security training to AI-specific topics including adversarial ML awareness, AI ethics training, and responsible AI use.

Mapped Controls

AT-01 AT-02 AT-03
HRS-12 Personal and Sensitive Data Awareness and Training
AT-02 AT-03 PT-01
78%

Rationale

AT-02/AT-03 cover security awareness and role-based training; PT-01 addresses PII processing.

Gaps

AICM extends personal data training to AI-specific scenarios including training data handling, AI privacy risks, and automated decision-making implications.

Mapped Controls

AT-02 AT-03 PT-01
HRS-13 Compliance User Responsibility
AT-02 PL-04 PS-06
78%

Rationale

AT-02 covers awareness training; PL-04/PS-06 address rules of behavior and agreements.

Gaps

AICM extends to AI ethics and responsible use training.

Mapped Controls

AT-02 PL-04 PS-06
HRS-14 AI Competency Training
AT-02 AT-03 PM-02
55%

Rationale

AT-02/AT-03 cover security awareness and role-based training; PM-02 addresses roles.

Gaps

AICM requires AI-specific competency development including ML security skills, adversarial ML knowledge, and AI safety training programs. NIST does not address AI competency frameworks.

Mapped Controls

AT-02 AT-03 PM-02
HRS-15 AI Acceptable Use
AT-01 PM-02 PS-01
52%

Rationale

AT-01 covers training policy; PM-02 addresses roles; PS-01 covers personnel security.

Gaps

AICM requires AI ethics training and certification including responsible AI practices, bias awareness, and AI governance education.

Mapped Controls

AT-01 PM-02 PS-01
I&S-01 Infrastructure and Virtualization Security Policy and Procedures
SA-01 SC-01 CM-01
80%

Rationale

SA-01 covers acquisition policy; SC-01 covers system protection policy; CM-01 addresses configuration management.

Gaps

AICM extends infrastructure security to AI-specific infrastructure including GPU clusters, ML platforms, and model serving infrastructure.

Mapped Controls

SA-01 SC-01 CM-01
I&S-02 Capacity and Resource Planning
CP-02 SC-05 SC-06
78%

Rationale

CP-02 covers contingency planning; SC-05 addresses denial of service protection; SC-06 covers resource availability.

Gaps

AICM extends capacity planning to AI compute including GPU/TPU allocation, training job scheduling, and inference scaling.

Mapped Controls

CP-02 SC-05 SC-06
I&S-03 Network Security
AC-04 SC-07 SC-08
82%

Rationale

AC-04 enforces information flow; SC-07 provides boundary protection; SC-08 covers transmission security.

Gaps

AICM extends network security to AI infrastructure including training network isolation and model serving network segmentation.

Mapped Controls

AC-04 SC-07 SC-08
I&S-04 OS Hardening and Base Controls
CM-02 CM-06 SI-02
80%

Rationale

CM-02/CM-06 cover baseline configurations and settings; SI-02 addresses flaw remediation.

Gaps

AICM extends OS hardening to AI infrastructure including ML framework patching and GPU driver security.

Mapped Controls

CM-02 CM-06 SI-02
I&S-05 Production and Non-Production Environments
CM-02 CM-04 SC-07
80%

Rationale

CM-02 covers baselines; CM-04 addresses impact analysis; SC-07 covers boundary protection.

Gaps

AICM extends to AI infrastructure hardening including container security for model serving and Kubernetes security for ML platforms.

Mapped Controls

CM-02 CM-04 SC-07
I&S-06 Segmentation and Segregation
AC-04 SC-03 SC-07
80%

Rationale

AC-04 covers information flow; SC-03 addresses security function isolation; SC-07 covers boundary protection.

Gaps

AICM extends segmentation to AI environments including training/inference isolation and model environment separation.

Mapped Controls

AC-04 SC-03 SC-07
I&S-07 Migration to Hosted Environments
CM-03 SA-03 SA-04
78%

Rationale

CM-03 covers change control; SA-03 addresses development lifecycle; SA-04 covers acquisition processes.

Gaps

AICM extends migration security to AI workloads including model migration, training data transfer, and AI environment portability.

Mapped Controls

CM-03 SA-03 SA-04
I&S-08 Network Architecture Documentation
CA-09 PL-02 SC-07
78%

Rationale

CA-09 covers internal connections; PL-02 addresses security concepts; SC-07 covers boundary protection.

Gaps

AICM extends network architecture to AI infrastructure including dedicated AI network segments and high-bandwidth training interconnects.

Mapped Controls

CA-09 PL-02 SC-07
I&S-09 Network Defense
SC-05 SC-07 SI-04
80%

Rationale

SC-05 covers denial of service protection; SC-07 provides boundary protection; SI-04 covers system monitoring.

Gaps

AICM extends network monitoring to AI infrastructure including training traffic analysis and inference endpoint monitoring.

Mapped Controls

SC-05 SC-07 SI-04
IAM-01 Identity and Access Management Policy and Procedures
AC-01 IA-01
85%

Rationale

AC-01 establishes access control policy; IA-01 covers identification and authentication policy.

Gaps

AICM extends IAM policies to AI systems including model access control, training infrastructure authentication, and AI API authorization.

Mapped Controls

AC-01 IA-01
IAM-02 Strong Password Policy and Procedures
IA-01 IA-05
85%

Rationale

IA-01/IA-05 cover identification/authentication policy and authenticator management.

Gaps

AICM extends identity management to AI-specific identities including service accounts for AI pipelines and model signing identities.

Mapped Controls

IA-01 IA-05
IAM-03 Identity Inventory
AC-02 IA-04
85%

Rationale

AC-02 covers account management; IA-04 addresses identifier management.

Gaps

AICM extends account management to AI system accounts including training job identities and inference service accounts.

Mapped Controls

AC-02 IA-04
IAM-04 Separation of Duties
AC-05 AC-06
85%

Rationale

AC-05 covers separation of duties; AC-06 addresses least privilege.

Gaps

AICM extends separation of duties to AI roles including model development, validation, and deployment role separation.

Mapped Controls

AC-05 AC-06
IAM-05 Least Privilege
AC-02 AC-06
85%

Rationale

AC-02 covers account management; AC-06 addresses least privilege.

Gaps

AICM extends least privilege to AI systems including fine-grained model access control and training data access restrictions.

Mapped Controls

AC-02 AC-06
IAM-06 User Access Provisioning
AC-02 IA-04 IA-05
85%

Rationale

AC-02 covers account management; IA-04/IA-05 address identifier and authenticator management.

Gaps

AICM extends to lifecycle management for AI service identities and model access credentials.

Mapped Controls

AC-02 IA-04 IA-05
IAM-07 User Access Changes and Revocation
AC-02 PS-04 PS-05
82%

Rationale

AC-02 covers account management; PS-04/PS-05 address personnel changes.

Gaps

AICM extends deprovisioning to AI access including model repository access and training infrastructure permissions.

Mapped Controls

AC-02 PS-04 PS-05
IAM-08 User Access Review
AC-02 AC-06
82%

Rationale

AC-02 covers account management; AC-06 addresses least privilege and access reviews.

Gaps

AICM extends access reviews to AI system access including periodic review of model access permissions and data access rights.

Mapped Controls

AC-02 AC-06
IAM-09 Segregation of Privileged Access Roles
AC-05 AC-06
82%

Rationale

AC-05 covers separation of duties; AC-06 addresses least privilege.

Gaps

AICM extends segregation to AI operations including separation between training, validation, and production environments.

Mapped Controls

AC-05 AC-06
IAM-10 Management of Privileged Access Roles
AC-02 AC-06 IA-02
85%

Rationale

AC-02 covers account management; AC-06 addresses least privilege; IA-02 covers identification and authentication.

Gaps

AICM extends privileged access to AI systems including admin access to ML platforms and model management systems.

Mapped Controls

AC-02 AC-06 IA-02
IAM-11 Customers' Approval for Agreed Privileged Access Roles
AC-02 AC-06
82%

Rationale

AC-02/AC-06 cover account management and least privilege.

Gaps

AICM extends access authorization to AI-specific resources including training compute, model endpoints, and data pipelines.

Mapped Controls

AC-02 AC-06
IAM-12 Safeguard Logs Integrity
AU-09 AU-10
80%

Rationale

AU-09 covers protection of audit information; AU-10 addresses non-repudiation.

Gaps

AICM extends user accountability to AI operations including audit trails for model modifications and training data changes.

Mapped Controls

AU-09 AU-10
IAM-13 Uniquely Identifiable Users
AC-02 IA-02 IA-04
85%

Rationale

AC-02 covers account management; IA-02/IA-04 address authentication and identifier management.

Gaps

AICM extends user identification to AI platform users including federated identity for multi-cloud AI environments.

Mapped Controls

AC-02 IA-02 IA-04
IAM-14 Strong Authentication
IA-02 IA-05 IA-08
85%

Rationale

IA-02/IA-05/IA-08 comprehensively cover authentication, authenticator management, and cross-org identification.

Gaps

AICM extends strong authentication to AI systems including MFA for model deployment and training infrastructure access.

Mapped Controls

IA-02 IA-05 IA-08
IAM-15 Passwords and Secrets Management
IA-02 IA-05
82%

Rationale

IA-02/IA-05 cover identification/authentication and authenticator management including password policies.

Gaps

AICM extends password management to AI system credentials including API keys, model access tokens, and service account credentials.

Mapped Controls

IA-02 IA-05
IAM-16 Authorization Mechanisms
AC-03 AC-06 AC-16
82%

Rationale

AC-03 covers access enforcement; AC-06 addresses least privilege; AC-16 covers security attributes.

Gaps

AICM extends authorization to AI-specific resources including fine-grained model access control and data access governance.

Mapped Controls

AC-03 AC-06 AC-16
IAM-17 Knowledge Access Control - Need to Know
AC-02 IA-02 SC-07
60%

Rationale

AC-02 covers account management; IA-02 covers authentication; SC-07 provides boundary protection for AI API access.

Gaps

AICM addresses AI API authentication and authorization including model inference API security, rate limiting, and API key management for AI services.

Mapped Controls

AC-02 IA-02 SC-07
IAM-18 Output Modification and Special Authorization
AC-02 AC-06 IA-03
58%

Rationale

AC-02 covers account management; AC-06 addresses least privilege; IA-03 covers device identification.

Gaps

AICM addresses machine-to-machine identity for AI systems including model-to-model authentication, pipeline service identities, and automated AI agent identity management.

Mapped Controls

AC-02 AC-06 IA-03
IAM-19 Agent Access Restriction
AC-05 AC-06 CM-05
60%

Rationale

AC-05 covers separation of duties; AC-06 addresses least privilege; CM-05 restricts changes.

Gaps

AICM requires role-based access control specific to AI lifecycle including separate roles for data scientists, ML engineers, model validators, and AI operations staff.

Mapped Controls

AC-05 AC-06 CM-05
IPY-01 Interoperability and Portability Policy and Procedures
SA-01 SA-04
72%

Rationale

SA-01 covers acquisition policy; SA-04 addresses acquisition process and interoperability requirements.

Gaps

AICM extends interoperability to AI systems including model portability, ML framework interoperability, and AI service migration.

Mapped Controls

SA-01 SA-04
IPY-02 Application Interface Availability
SA-04 SA-09
70%

Rationale

SA-04 covers acquisition processes; SA-09 addresses external services.

Gaps

AICM extends data portability to AI including training data export, model format standards (ONNX, PMML), and inference compatibility.

Mapped Controls

SA-04 SA-09
IPY-03 Secure Interoperability and Portability Management
SA-04 SA-09 SC-08
72%

Rationale

SA-04 covers acquisition; SA-09 addresses external services; SC-08 covers transmission security.

Gaps

AICM extends policy compatibility to AI services including API compatibility, model serving standards, and AI service level agreements.

Mapped Controls

SA-04 SA-09 SC-08
IPY-04 Data Portability Contractual Obligations
SA-04
68%

Rationale

SA-04 covers acquisition process including portability and interoperability requirements.

Gaps

AICM extends portability to AI-specific scenarios including multi-cloud ML deployment and vendor-neutral AI infrastructure.

Mapped Controls

SA-04
LOG-01 Logging and Monitoring Policy and Procedures
AU-01 AU-02
85%

Rationale

AU-01 establishes audit policy; AU-02 defines auditable events.

Gaps

AICM extends logging to AI-specific events including model inference logs, training events, and AI system decision logs.

Mapped Controls

AU-01 AU-02
LOG-02 Audit Logs Protection
AU-09 AU-11
85%

Rationale

AU-09 covers audit information protection; AU-11 addresses audit record retention.

Gaps

AICM extends log protection to AI audit trails including model decision logs and training provenance records.

Mapped Controls

AU-09 AU-11
LOG-03 Security Monitoring and Alerting
AU-06 CA-07 SI-04
82%

Rationale

AU-06 covers audit review; CA-07 provides continuous monitoring; SI-04 covers system monitoring.

Gaps

AICM extends security monitoring to AI systems including model behavior monitoring and adversarial input detection.

Mapped Controls

AU-06 CA-07 SI-04
LOG-04 Audit Logs Access and Accountability
AC-06 AU-06 AU-09
82%

Rationale

AC-06 covers least privilege; AU-06/AU-09 address audit review and protection.

Gaps

AICM extends audit access controls to AI logs including restricted access to model decision explanations.

Mapped Controls

AC-06 AU-06 AU-09
LOG-05 Audit Logs Monitoring and Response
AU-06 IR-04 SI-04
82%

Rationale

AU-06 covers audit analysis; IR-04 addresses incident handling; SI-04 covers monitoring.

Gaps

AICM extends audit procedures to AI-specific analysis including AI anomaly investigation and model drift forensics.

Mapped Controls

AU-06 IR-04 SI-04
LOG-06 Clock Synchronization
AU-08
88%

Rationale

AU-08 directly addresses time stamps and clock synchronization for audit records.

Gaps

AICM extends time synchronization to distributed AI systems including training cluster clocks and inference endpoint timestamps.

Mapped Controls

AU-08
LOG-07 Logging Scope
AU-02 AU-03
85%

Rationale

AU-02 defines auditable events; AU-03 specifies audit record content.

Gaps

AICM extends logging content to AI-specific data including model version, input features, confidence scores, and decision explanations.

Mapped Controls

AU-02 AU-03
LOG-08 Log Records
AU-02 AU-03
82%

Rationale

AU-02/AU-03 cover audit event types and record content for log sanitization requirements.

Gaps

AICM addresses log sanitization for AI systems including removal of sensitive training data from logs and PII scrubbing from inference logs.

Mapped Controls

AU-02 AU-03
LOG-09 Log Protection
AU-09 AU-11
85%

Rationale

AU-09 protects audit information; AU-11 addresses retention.

Gaps

AICM extends log storage to AI-specific retention requirements including model decision log retention for regulatory compliance.

Mapped Controls

AU-09 AU-11
LOG-10 Encryption Monitoring and Reporting
AU-02 CA-07 SC-13
80%

Rationale

AU-02 defines events; CA-07 provides continuous monitoring; SC-13 covers cryptographic protection of logs.

Gaps

AICM extends encryption monitoring to AI system logs including protection of model inference logs and training event records.

Mapped Controls

AU-02 CA-07 SC-13
LOG-11 Transaction/Activity Logging
AU-02 AU-03 AU-12
85%

Rationale

AU-02/AU-03/AU-12 comprehensively cover event definition, content, and generation.

Gaps

AICM extends key event logging to AI-specific events including model deployment, retraining triggers, and bias threshold alerts.

Mapped Controls

AU-02 AU-03 AU-12
LOG-12 Access Control Logs
AC-02 AU-02 AU-03
82%

Rationale

AC-02 covers account management; AU-02/AU-03 cover audit events and content.

Gaps

AICM extends access logging to AI systems including model access, training data access, and AI API usage tracking.

Mapped Controls

AC-02 AU-02 AU-03
LOG-13 Failures and Anomalies Reporting
AU-05 AU-06 SI-04
82%

Rationale

AU-05 covers audit processing failures; AU-06 addresses audit review; SI-04 covers monitoring.

Gaps

AICM extends failures and anomalies monitoring to AI systems including training failures, model serving errors, and inference anomalies.

Mapped Controls

AU-05 AU-06 SI-04
LOG-14 Input Monitoring
AU-02 AU-06 SI-04
55%

Rationale

AU-02 covers audit events; AU-06 addresses audit review; SI-04 covers system monitoring.

Gaps

AICM requires AI decision logging including model inference decision trails, feature importance logs, and explanation records for automated decisions. NIST does not address AI decision transparency.

Mapped Controls

AU-02 AU-06 SI-04
LOG-15 Output Monitoring
AU-02 AU-03 CA-07
52%

Rationale

AU-02/AU-03 cover audit events and content; CA-07 provides continuous monitoring.

Gaps

AICM requires model performance monitoring logs including drift detection metrics, accuracy degradation alerts, and model health dashboards.

Mapped Controls

AU-02 AU-03 CA-07
MDS-01 Training Pipeline Security
SA-08 CM-01 PL-01
45%

Rationale

SA-08 covers security engineering principles; CM-01 establishes configuration management; PL-01 covers planning. These provide general framework for model security governance.

Gaps

AICM MDS-01 establishes comprehensive model security policy and procedures including model lifecycle governance, model risk management, and model security standards. NIST 800-53 has no equivalent model security controls.

Mapped Controls

SA-08 CM-01 PL-01
MDS-02 Model Artifact Scanning
CM-08 SA-03
42%

Rationale

CM-08 covers component inventory; SA-03 addresses development lifecycle. These partially support model inventory.

Gaps

AICM requires model inventory and registry including model cards, versioning, lineage tracking, and model deprecation management. NIST has no model registry equivalent.

Mapped Controls

CM-08 SA-03
MDS-03 Model Documentation
SA-11 CA-08 RA-05
40%

Rationale

SA-11 covers developer testing; CA-08 addresses penetration testing; RA-05 covers vulnerability scanning. These provide a testing framework adaptable to models.

Gaps

AICM requires model validation and testing including accuracy validation, bias testing, robustness testing, and adversarial evaluation. NIST testing controls are not designed for ML model validation.

Mapped Controls

SA-11 CA-08 RA-05
MDS-04 Model Documentation Requirements
CM-03 CM-05 SA-03
45%

Rationale

CM-03/CM-05 cover change control and access restrictions; SA-03 addresses development lifecycle.

Gaps

AICM requires model deployment security including deployment approval workflows, canary deployments, model signing, and deployment rollback procedures.

Mapped Controls

CM-03 CM-05 SA-03
MDS-05 Model Documentation Validation
SI-04 CA-07 AU-06
42%

Rationale

SI-04/CA-07 cover monitoring; AU-06 addresses audit review.

Gaps

AICM requires model monitoring including performance drift detection, data drift monitoring, concept drift alerts, and model behavior anomaly detection. NIST monitoring controls are infrastructure-focused.

Mapped Controls

SI-04 CA-07 AU-06
MDS-06 Adversarial Attack Analysis
SI-07 SC-13 CM-03
40%

Rationale

SI-07 covers integrity verification; SC-13 addresses cryptographic protection; CM-03 covers change control.

Gaps

AICM requires model integrity protection including cryptographic model signing, weight tampering detection, and model provenance verification.

Mapped Controls

SI-07 SC-13 CM-03
MDS-07 Robustness against Adversarial Attack / Model Hardening
AC-03 AC-06 CM-05
55%

Rationale

AC-03/AC-06 cover access enforcement and least privilege; CM-05 restricts changes.

Gaps

AICM requires model access control including inference API authorization, model weight access restrictions, and model management role separation.

Mapped Controls

AC-03 AC-06 CM-05
MDS-08 Model Integrity Checks
SA-11 RA-05 SI-07
38%

Rationale

SA-11/RA-05 cover testing and vulnerability assessment; SI-07 covers integrity.

Gaps

AICM requires adversarial robustness including adversarial attack testing, evasion resistance, and model hardening against adversarial inputs. NIST has no adversarial ML controls.

Mapped Controls

SA-11 RA-05 SI-07
MDS-09 Model Signing/Ownership Verification
PT-01 PT-03 SA-08
40%

Rationale

PT-01/PT-03 cover PII processing and minimization; SA-08 covers security engineering.

Gaps

AICM requires model privacy including membership inference protection, model inversion defense, differential privacy integration, and training data extraction prevention.

Mapped Controls

PT-01 PT-03 SA-08
MDS-10 Model Continuous Monitoring
SA-03 SA-08 SA-15
42%

Rationale

SA-03/SA-08/SA-15 cover development lifecycle, security engineering, and development standards.

Gaps

AICM requires explainability and interpretability requirements including feature importance, decision explanation, and model transparency standards.

Mapped Controls

SA-03 SA-08 SA-15
MDS-11 Model Failure
CM-03 CM-09 SA-03
45%

Rationale

CM-03/CM-09 cover change control and configuration plans; SA-03 addresses development lifecycle.

Gaps

AICM requires model versioning and lifecycle management including model retirement, version compatibility, and model lineage tracking across training iterations.

Mapped Controls

CM-03 CM-09 SA-03
MDS-12 Open Model Risk Assessment
SA-04 SA-09 RA-03
40%

Rationale

SA-04/SA-09 cover acquisition and external services; RA-03 addresses risk assessment.

Gaps

AICM requires third-party model governance including pre-trained model validation, foundation model risk assessment, and model supply chain security.

Mapped Controls

SA-04 SA-09 RA-03
MDS-13 Secure Model Format
RA-03 PM-09 SI-01
38%

Rationale

RA-03/PM-09 cover risk assessment and strategy; SI-01 addresses integrity policy.

Gaps

AICM requires model risk quantification including model risk scoring, risk-based model tiering, and model failure impact assessment. NIST risk assessment is not designed for ML model risk.

Mapped Controls

RA-03 PM-09 SI-01
SEF-01 Security Incident Management Policy and Procedures
IR-01 IR-08
82%

Rationale

IR-01 establishes incident response policy; IR-08 covers incident response plan.

Gaps

AICM extends incident management to AI-specific incidents including model compromise, adversarial attacks, and AI system failures.

Mapped Controls

IR-01 IR-08
SEF-02 Service Management Policy and Procedures
IR-01 IR-04 PM-01
80%

Rationale

IR-01/IR-04 cover incident response policy and handling; PM-01 establishes program.

Gaps

AICM extends incident management to AI-specific roles and procedures.

Mapped Controls

IR-01 IR-04 PM-01
SEF-03 Incident Response Plans
IR-02 IR-04 IR-08
80%

Rationale

IR-02/IR-04/IR-08 cover incident training, handling, and response plans.

Gaps

AICM extends incident response to AI-specific scenarios including model poisoning incidents and adversarial attack playbooks.

Mapped Controls

IR-02 IR-04 IR-08
SEF-04 Incident Response Testing
IR-03
82%

Rationale

IR-03 directly addresses incident response testing.

Gaps

AICM extends testing to AI-specific incident scenarios including model failure drills and adversarial response exercises.

Mapped Controls

IR-03
SEF-05 Incident Response Metrics
CA-07 IR-04 PM-06
80%

Rationale

CA-07 covers continuous monitoring; IR-04 addresses incident handling; PM-06 covers security metrics.

Gaps

AICM extends metrics to AI-specific incident KPIs including model recovery time and AI attack detection rate.

Mapped Controls

CA-07 IR-04 PM-06
SEF-06 Event Triage Processes
AU-06 IR-04 IR-05
82%

Rationale

AU-06 covers audit analysis; IR-04/IR-05 address incident handling and monitoring.

Gaps

AICM extends evidence collection to AI-specific forensics including model state snapshots and inference log analysis.

Mapped Controls

AU-06 IR-04 IR-05
SEF-07 Security Breach Notification
IR-06 IR-07
82%

Rationale

IR-06 covers incident reporting; IR-07 addresses incident response assistance.

Gaps

AICM extends incident communication to AI-specific stakeholders including AI safety boards and regulatory bodies.

Mapped Controls

IR-06 IR-07
SEF-08 Points of Contact Maintenance
IR-01 IR-06 PM-15
80%

Rationale

IR-01/IR-06 cover incident response and reporting; PM-15 addresses security groups and coordination.

Gaps

AICM extends external coordination to AI-specific organizations including AI safety organizations and industry AI security groups.

Mapped Controls

IR-01 IR-06 PM-15
SEF-09 Incident Response
IR-01 IR-04 IR-06
58%

Rationale

IR-01/IR-04/IR-06 cover incident response policy, handling, and reporting.

Gaps

AICM requires AI-specific incident response procedures including adversarial attack playbooks, model compromise response, training data breach protocols, and AI system failure escalation paths.

Mapped Controls

IR-01 IR-04 IR-06
STA-01 Supply Chain Risk Management Policies and Procedures
PM-01 SA-01 SR-01
80%

Rationale

PM-01 establishes program; SA-01/SR-01 cover acquisition and supply chain policy.

Gaps

AICM extends supply chain to AI-specific requirements including AI vendor assessment, model supply chain, and training data provenance.

Mapped Controls

PM-01 SA-01 SR-01
STA-02 SSRM Policy and Procedures
SR-01 SR-02 SR-03
78%

Rationale

SR-01/SR-02/SR-03 cover supply chain risk management, controls, and plan.

Gaps

AICM extends supply chain controls to AI-specific risks including pre-trained model risks and ML framework dependencies.

Mapped Controls

SR-01 SR-02 SR-03
STA-03 SSRM Supply Chain
SA-04 SR-01
78%

Rationale

SA-04 covers acquisition processes; SR-01 addresses supply chain risk management.

Gaps

AICM extends supplier agreements to AI-specific SLAs including model performance guarantees and AI service availability.

Mapped Controls

SA-04 SR-01
STA-04 SSRM Guidance
PM-02 SR-01
75%

Rationale

PM-02 covers roles; SR-01 addresses supply chain risk management.

Gaps

AICM extends supply chain oversight to AI-specific vendor management and AI provider risk assessment.

Mapped Controls

PM-02 SR-01
STA-05 SSRM Control Ownership
CA-02 SR-01
75%

Rationale

CA-02 covers assessments; SR-01 addresses supply chain risk management.

Gaps

AICM extends supplier assessment to AI-specific evaluation criteria including model quality, training data practices, and AI ethics compliance.

Mapped Controls

CA-02 SR-01
STA-06 SSRM Documentation Review
CA-02 SA-09 SR-01
75%

Rationale

CA-02 covers assessments; SA-09/SR-01 address external services and supply chain.

Gaps

AICM extends cloud provider assessment to AI service provider evaluation including AI-specific security certifications.

Mapped Controls

CA-02 SA-09 SR-01
STA-07 SSRM Control Implementation
CM-08 SR-01 SR-02
78%

Rationale

CM-08 covers inventory; SR-01/SR-02 address supply chain risk management.

Gaps

AICM extends supply chain inventory to AI components including model dependencies, ML library supply chain, and training data sources.

Mapped Controls

CM-08 SR-01 SR-02
STA-08 Supply Chain Inventory
RA-03 SR-01 SR-02 SR-03
78%

Rationale

RA-03/SR-01/SR-02/SR-03 comprehensively cover risk assessment and supply chain management.

Gaps

AICM extends supply chain risk assessment to AI-specific threats including model tampering and training data supply chain attacks.

Mapped Controls

RA-03 SR-01 SR-02 SR-03
STA-09 Supply Chain Risk Management
SA-04 SA-09
72%

Rationale

SA-04 covers acquisition; SA-09 addresses external services.

Gaps

AICM extends service agreements to AI-specific terms including model SLAs and AI service guarantees.

Mapped Controls

SA-04 SA-09
STA-10 Primary Service and Contractual Agreement
SA-04 SR-01
72%

Rationale

SA-04 covers acquisition processes; SR-01 addresses supply chain risk management.

Gaps

AICM extends supplier agreements to AI-specific compliance requirements.

Mapped Controls

SA-04 SR-01
STA-11 Supply Chain Agreement Review
CA-02 CA-07
78%

Rationale

CA-02/CA-07 cover assessments and continuous monitoring.

Gaps

AICM extends compliance monitoring to AI-specific regulatory requirements.

Mapped Controls

CA-02 CA-07
STA-12 Supply Chain Compliance Assessment
CA-02 SA-09 SR-01
75%

Rationale

CA-02 covers assessments; SA-09/SR-01 address external services and supply chain.

Gaps

AICM extends supply chain transparency to AI model provenance and training data sourcing.

Mapped Controls

CA-02 SA-09 SR-01
STA-13 Supply Chain Service Agreement Compliance
CA-02 PM-01 SR-01
75%

Rationale

CA-02 covers assessments; PM-01 establishes program; SR-01 addresses supply chain.

Gaps

AICM extends reporting to AI-specific supply chain metrics and AI vendor performance reporting.

Mapped Controls

CA-02 PM-01 SR-01
STA-14 Supply Chain Governance Review
RA-03 SR-01 SR-03
75%

Rationale

RA-03 covers risk assessment; SR-01/SR-03 address supply chain risk management.

Gaps

AICM extends to AI-specific supply chain risk mitigation including model source verification.

Mapped Controls

RA-03 SR-01 SR-03
STA-15 Supply Chain Data Security Assessment
SR-01 SA-04 CM-08
55%

Rationale

SR-01 covers supply chain; SA-04 covers acquisition; CM-08 covers inventory.

Gaps

AICM addresses AI model supply chain security including foundation model provenance, pre-trained model validation, and AI library dependency management.

Mapped Controls

SR-01 SA-04 CM-08
STA-16 Service Bill of Material (BOM)
SR-01 SR-02 SA-09
52%

Rationale

SR-01/SR-02 cover supply chain management; SA-09 addresses external services.

Gaps

AICM addresses AI vendor accountability including AI service provider transparency, algorithmic audit rights, and AI output responsibility allocation.

Mapped Controls

SR-01 SR-02 SA-09
TVM-01 Threat and Vulnerability Management Policy and Procedures
RA-01 RA-05 SI-01
82%

Rationale

RA-01/RA-05 cover risk assessment and vulnerability scanning; SI-01 addresses system integrity policy.

Gaps

AICM extends threat management to AI-specific threats including adversarial ML attacks, model poisoning, and AI supply chain threats.

Mapped Controls

RA-01 RA-05 SI-01
TVM-02 Malware and Malicious Instructions Protection Policy and Procedures
SI-01 SI-03
80%

Rationale

SI-01 covers system integrity policy; SI-03 addresses malicious code protection.

Gaps

AICM extends malware protection to AI-specific threats including model malware and malicious training data.

Mapped Controls

SI-01 SI-03
TVM-03 Vulnerability Identification
RA-05 SI-02
82%

Rationale

RA-05 covers vulnerability scanning; SI-02 addresses flaw remediation.

Gaps

AICM extends vulnerability management to AI infrastructure including ML framework vulnerabilities and model serving platform patches.

Mapped Controls

RA-05 SI-02
TVM-04 Detection Updates
SI-02 SI-03
80%

Rationale

SI-02/SI-03 cover flaw remediation and malicious code protection.

Gaps

AICM extends detection updates to AI-specific threat signatures and adversarial pattern detection.

Mapped Controls

SI-02 SI-03
TVM-05 External Library Vulnerabilities
RA-05 SA-11 SR-04
78%

Rationale

RA-05 covers vulnerability scanning; SA-11 covers developer testing; SR-04 addresses provenance.

Gaps

AICM extends vulnerability management to AI-specific libraries and ML framework dependencies.

Mapped Controls

RA-05 SA-11 SR-04
TVM-06 Penetration Testing
CA-08 RA-05
80%

Rationale

CA-08 covers penetration testing; RA-05 addresses vulnerability scanning.

Gaps

AICM extends penetration testing to AI-specific attack vectors including adversarial inputs and model extraction attempts.

Mapped Controls

CA-08 RA-05
TVM-07 Vulnerability Remediation Schedule
RA-05 SI-05
78%

Rationale

RA-05 covers vulnerability monitoring; SI-05 addresses security alerts and advisories.

Gaps

AICM extends vulnerability reporting to AI-specific disclosures including model vulnerability advisories.

Mapped Controls

RA-05 SI-05
TVM-08 Vulnerability Prioritization
RA-03 RA-05
78%

Rationale

RA-03/RA-05 cover risk assessment and vulnerability scanning.

Gaps

AICM extends vulnerability prioritization to AI-specific risk factors including model criticality and data sensitivity.

Mapped Controls

RA-03 RA-05
TVM-09 Vulnerability Management Reporting
CA-07 PM-06 RA-05
80%

Rationale

CA-07 covers continuous monitoring; PM-06 addresses security metrics; RA-05 covers vulnerability scanning.

Gaps

AICM extends exception management to AI-specific vulnerability exceptions and accepted model risks.

Mapped Controls

CA-07 PM-06 RA-05
TVM-10 Vulnerability Management Metrics
CA-07 PM-06 RA-05
78%

Rationale

CA-07/PM-06/RA-05 cover monitoring, metrics, and vulnerability management.

Gaps

AICM extends metrics to AI-specific vulnerability management KPIs including model patch rates and AI attack surface metrics.

Mapped Controls

CA-07 PM-06 RA-05
TVM-11 Guardrails
RA-03 RA-05 SI-04
55%

Rationale

RA-03 covers risk assessment; RA-05 covers vulnerability scanning; SI-04 covers system monitoring.

Gaps

AICM addresses AI-specific threat intelligence including adversarial ML attack patterns, AI vulnerability databases, and model-specific threat feeds.

Mapped Controls

RA-03 RA-05 SI-04
TVM-12 Threat Analysis and Modelling
CA-08 RA-05 SA-11
52%

Rationale

CA-08 covers penetration testing; RA-05 covers vulnerability scanning; SA-11 covers developer testing.

Gaps

AICM addresses AI red teaming including systematic adversarial testing of AI systems, automated attack generation, and AI-specific penetration testing methodologies.

Mapped Controls

CA-08 RA-05 SA-11
TVM-13 Threat Response
SI-04 CA-07 RA-05
50%

Rationale

SI-04/CA-07 cover monitoring; RA-05 covers vulnerability scanning.

Gaps

AICM addresses AI attack surface management including model endpoint enumeration, training infrastructure exposure assessment, and AI service attack surface reduction.

Mapped Controls

SI-04 CA-07 RA-05
UEM-01 Endpoint Devices Policy and Procedures
AC-19 CM-01 SC-42
78%

Rationale

AC-19 covers access control for mobile devices; CM-01 establishes configuration management; SC-42 covers sensor capability.

Gaps

AICM extends endpoint management to AI-specific devices including edge AI devices and AI development workstations.

Mapped Controls

AC-19 CM-01 SC-42
UEM-02 Application and Service Approval
CM-07 CM-11
80%

Rationale

CM-07 covers least functionality; CM-11 addresses user-installed software.

Gaps

AICM extends software restrictions to AI tools including ML framework installation policies and AI development tool management.

Mapped Controls

CM-07 CM-11
UEM-03 Compatibility
CM-02 SA-04
78%

Rationale

CM-02 covers baseline configurations; SA-04 addresses acquisition processes.

Gaps

AICM extends compatibility to AI software including ML framework version management and GPU driver compatibility.

Mapped Controls

CM-02 SA-04
UEM-04 Endpoint Inventory
CM-08
80%

Rationale

CM-08 directly addresses information system component inventory.

Gaps

AICM extends inventory to AI-specific endpoints including GPU workstations, edge AI devices, and AI development environments.

Mapped Controls

CM-08
UEM-05 Endpoint Management
CM-02 CM-03 CM-06
82%

Rationale

CM-02/CM-03/CM-06 comprehensively cover baselines, change control, and configuration settings.

Gaps

AICM extends configuration management to AI endpoint configurations including ML framework settings and AI development environment standards.

Mapped Controls

CM-02 CM-03 CM-06
UEM-06 Automatic Lock Screen
AC-11
85%

Rationale

AC-11 directly addresses session lock and screen lock functionality.

Gaps

AICM extends device lock to AI workstations with access to sensitive training data and models.

Mapped Controls

AC-11
UEM-07 Operating Systems
CM-02 CM-06 SI-02
82%

Rationale

CM-02/CM-06 cover baselines and settings; SI-02 addresses flaw remediation.

Gaps

AICM extends OS security to AI endpoint operating systems including ML framework security patches.

Mapped Controls

CM-02 CM-06 SI-02
UEM-08 Storage Encryption
SC-13 SC-28
85%

Rationale

SC-13/SC-28 cover cryptographic protection and protection at rest.

Gaps

AICM extends storage encryption to AI data at rest including local model caches and training data on endpoints.

Mapped Controls

SC-13 SC-28
UEM-09 Anti-Malware Detection and Prevention
SI-03
82%

Rationale

SI-03 directly addresses malicious code protection including anti-malware.

Gaps

AICM extends anti-malware to AI-specific threats on endpoints including adversarial sample detection.

Mapped Controls

SI-03
UEM-10 Software Firewall
CM-07 SC-07
80%

Rationale

CM-07 covers least functionality; SC-07 provides boundary protection including firewall.

Gaps

AICM extends software firewalls to AI endpoint network protection.

Mapped Controls

CM-07 SC-07
UEM-11 Data Loss Prevention
AC-04 SC-07 SI-04
82%

Rationale

AC-04 covers information flow; SC-07 provides boundary protection; SI-04 covers monitoring.

Gaps

AICM extends data loss prevention to AI data including preventing unauthorized model exfiltration and training data leakage.

Mapped Controls

AC-04 SC-07 SI-04
UEM-12 Remote Locate
CM-08
78%

Rationale

CM-08 covers component inventory for remote access devices.

Gaps

AICM extends remote device management to AI development devices used remotely.

Mapped Controls

CM-08
UEM-13 Remote Wipe
AC-19 MP-06
80%

Rationale

AC-19 covers mobile device access control; MP-06 addresses media sanitization.

Gaps

AICM extends BYOD/mobile to AI workload access from personal devices.

Mapped Controls

AC-19 MP-06
UEM-14 Third-Party Endpoint Security Posture
AC-20 SA-09 SR-01
75%

Rationale

AC-20 covers external system use; SA-09/SR-01 address external services and supply chain.

Gaps

AICM extends third-party endpoint management to AI vendor devices and contractor AI development environments.

Mapped Controls

AC-20 SA-09 SR-01

Methodology and Disclaimer

This coverage analysis maps from CSA AICM v1 clauses/requirements back to NIST SP 800-53 Rev 5 controls, assessing how well the SP 800-53 control set addresses each framework requirement.

Coverage weighting represents an informed estimate based on control-objective alignment, not a definitive compliance determination. Weightings consider whether SP 800-53 controls address the intent of each framework requirement, even where terminology and structure differ.

This analysis should be validated by qualified assessors for use in compliance or audit activities. The authoritative source for any compliance determination is always the framework itself.