Please enable JavaScript.
Coggle requires JavaScript to display documents.
HITRUST Vulnerability AI Security Mapping - Coggle Diagram
HITRUST Vulnerability AI Security Mapping
Vulnerability Management
AI System Security Assessment and Red Teaming Control
EU AI Act Similar Control
Article 9: Risk Management System
Article 15: Accuracy, Robustness, and Cybersecurity
OWASP top 10 llm similar control
LLM04: Data and Model Poisoning
AI System Inventory Management Control
ISO 42001 SIMILAR Control
Annex A, Control A.6 – AI System Life Cycle
NIST AI RMF
Govern 1.6 – AI System Inventory
EU AI ACT
Article 11 – Technical Documentation for High-Risk AI Systems
Trusted Data Source Catalog Management Control
ISO 42001 Similar Control
Annex A, Control A.7 – Data for AI Systems
NIST AI RMF Similar Control
Govern 1.6 – AI System Inventory
Map 1.2 – Data Sources and Use Cases
EU AI ACT Similar Control
Article 10 – Data and Data Governance
AI Training Data Inventory Management Control
ISO 42001 Similar Control
Annex A Control A.7 – Data for AI Systems
Annex A Control A.7.2 – Data for Development and Enhancement of AI Systems
Annex A Control A.7.5 – Data Provenance
NIST AI RMF
Govern 1.6 – AI System Inventory
Map 1.2 – Data Sources and Use Cases
EU AI act Similar Control
Article 10: Data and Data Governance
OWASP top 10 llm
LLM03:2025 Supply Chain
AI Data Integrity and Anomaly Detection Control
ISO 42001 Similar Control
Control A.7 (Data for AI systems)
EU AI Act
Article 10 — Data and Data Governance (high-risk AI systems)
Owasp top 10 llm
LLM04 / LLM03
AI Input Validation and Adversarial Filtering Control
ISO 42001 Similar Control
Annex A — AI-System Verification & Validation (A.6.2.4)
Data & Adversarial Resilience (A.7 / adversarial robustness guidance in Annexes)
EU AI Act
Article 15 — Accuracy, Robustness and Cybersecurity
OWASP top 10 llm
LLM01 – Prompt Injection
NIST AI RMF
TEVV / Map 1.2 / Govern 1.6
MAS TRM
AI Model Risk Management (AI MRM) — Data quality / data governance controls
AI Output Sensitive Data Filtering Control
ISO 42001 Similar Control
A.8.3 – Privacy and Personal Data Protection / Output Management
NIST AI RMF
DATA-PRIV-2 – Protect Sensitive Data in AI Outputs (under MANAGE / Govern Function)
EU AI ACT
Article 10 – Data Governance / Article 15 – Cybersecurity & Robustness
MAS TRM
Data Leakage Prevention & Output Validation Controls
OWAP top 10 llm
LLM07 – Sensitive Information Disclosure
AI API Rate Limiting Control
ISO 42001 Similar Conrol
A.8.5 – System Abuse Prevention / Availability Management
NIST AI RMF
SEC-RES-1 – Resilience & Robustness (Rate Limiting / Abuse Prevention)
EU AI ACT
Article 15 – Robustness and Cybersecurity Measures
MAS TRM
Application & API Abuse Prevention Controls
OWASP TOP 10 LLM
LLM09 – Denial of Service / Resource Exhaustion
SAIF
Pillar 4 – Usage Quotas and Rate Limiting
AI Software Asset Inspection Control
ISO 42001
A.8.2 – Supply Chain Security & Component Integrity
Reasoning:
NIST AI RMF
SUP-INT-1 – Software/Model Supply Chain Integrity
EU AI ACT
Article 15 – Robustness and Cybersecurity
Owasp top 10 llm
LLM05 – Supply Chain Vulnerabilities
MAS TRM
Software Asset Verification Controls
AI Output Encoding for Injection Protection Control
ISO 42001 similar Control
A.7.5 – Information Security and Robustness of AI System Outputs
NIST AI RMF
MANAGE Function – Secure and Robust AI Outputs (TEVV: Testing, Evaluation, Verification, and Validation
EU AI Act
Article 15 – Robustness, Cybersecurity, and Supply Chain Security
MAS TRM
Section 10.3 – Application Security Controls
OWASP TOP 10 LLM
LLM05 – Inadequate Output Handling
SAIF
Pillar 4 – Secure System Interactions
AI Asset Integrity Verification Control
ISO 42001
A.8.2 – Supply Chain Security & Component Integrity
NIST AI RMF
SUP-INT-1 – Software/Model Supply Chain Integrity
EU AI ACT
Article 15 – Robustness & Cybersecurity
MAS TRM
Third-Party Model & Dataset Verification Controls
OWASP Top 10 llm
LLM05 – Supply Chain Vulnerabilities
AI Output Precision and Specificity Reduction Control
ISO 42001 Similar Control
A.7.4 – Output Data Minimization & Security
NIST AI RMF
SEC-DATA-2 – Information Leakage Mitigation / Output Obfuscation
EU Ai Act
Article 15 (Accuracy, Robustness, and Cybersecurity)
MAS TRM
AI Output Obfuscation & Data Minimization Controls
OWASP top 10 llm
LLM06 – Model Inversion & Information Leakage Mitigation
Unique control
ISO 42001
Annex A.6.2.1 – AI System Inventory and Classification
Annex A.6.3.2 – AI Model Transparency and Explainability
NIST AI RMF
Govern 1.6
Govern 4.3
Govern 6.1
EU AI ACT
Article 16 – Data Governance and Management
OWASP TOP 10 LLM
LLM 02
nist
1
MEASURE 2.6, MEASURE 2.7, MEASURE 2.13, MEASURE 3.1
MANAGE 1.1, MANAGE 1.2, MANAGE 1.3, MANAGE 1.4, MANAGE 2.3, MANAGE 4.1
2
GOVERN 1.6 (AI Inventory)
GOVERN 1.5 (Periodic review)
GOVERN 2.1 (Ownership & responsibility)
MAP 2.1 (Model identification & categorization)
MAP 2.2 (System documentation)
MAP 3.3 (Applicational scope; system classification)
MAP 5.1 (Risk categorization impact)
MANAGE 3.1 (Tracking AI service providers / third-party components)
3
MAP 2.3 (Primary)
MAP 4.1, MAP 4.2
MAP 1.1
GOVERN 1.1, GOVERN 1.6
MEASURE 2.1
MANAGE 3.1
4
MAP 2.3 (Primary)
MAP 4.1, MAP 4.2
GOVERN 1.6, GOVERN 1.5, GOVERN 1.1
MEASURE 2.1
MANAGE 3.1
5
MAP 2.3 (Primary)
MAP 4.1
MEASURE 2.1, MEASURE 2.6, MEASURE 2.7
MANAGE 3.1
GOVERN 1.1
6
MEASURE 2.7 (Primary Match)
MEASURE 2.6, MEASURE 2.1
MEASURE 3.1
MAP 2.2, MAP 4.1
MANAGE 1.2, MANAGE 2.3
7
MEASURE 2.10 (Primary)
MEASURE 2.6, MEASURE 2.8
MAP 5.1, MAP 5.2
MANAGE 1.2, MANAGE 2.4
8
MEASURE 2.7 (Primary)
MEASURE 2.6
MANAGE 1.2, MANAGE 2.1
MAP 4.2
GOVERN 1.5
9
MAP 4.1 (Primary)
MAP 4.2
MEASURE 2.7
MANAGE 3.1, MANAGE 2.3
GOVERN 1.1
10
MEASURE 2.7 (Primary)
MEASURE 2.6, MEASURE 2.8
MAP 4.2
MANAGE 1.2, MANAGE 2.4
11
MAP 4.1 (Primary)
MAP 4.2
MEASURE 2.7
MANAGE 3.1
MANAGE 2.3
GOVERN 1.1
12
MEASURE 2.7 (Primary)
MEASURE 2.6, MEASURE 2.8
MAP 2.2
MANAGE 1.2, MANAGE 2.4