📋 Reference

Compliance Framework Controls

Every control Guardia scans across all 7 regulatory frameworks — mapped to the specific articles, sections, and severity levels we check against your Azure environment.

7
Regulatory
Frameworks
111
Individual
Controls
4
Severity
Levels
5
Jurisdictions
Covered
Severity:
Critical — immediate remediation required
High — address within 30 days
Medium — address within 90 days
Informational — best practice guidance
Filter:
🤖
ISO 42001:2023 — AI Management System
Governance, risk, transparency, and accountability for any organization developing or deploying AI.
🌍 Global AI Governance 7 Controls
AI System Inventory
§4 / §8 — Context of the Organization / Operation: All AI resources must be tagged and registered in the AI system inventory
High
AI Governance Policies
§4 — Context of the Organization: Documented ownership and governance policies required
High
Network Isolation
§8 — Operation: AI workloads must be network-isolated (private endpoints / VNet)
High
Least Privilege Access Control
§8 — Operation: Role assignments scoped to minimum required permissions
Medium
AI System Impact Assessment
§8 — Operation: Impact assessment tags required on AI resources
Medium
Monitoring, Measurement & Analysis
§9 — Performance Evaluation: Diagnostic settings and Application Insights must be enabled
High
AI Inventory Completeness
§4 — Context of the Organization: Informational check on AI resource discovery coverage
Info
AI Risk Assessment Documentation
§6.1 / §8.2 — risk-assessment-date, risk-owner, ai-risk-class tags verified on all AI resources
High
Documented Information Controls
§7.5 — Blob versioning, soft-delete (90d+), immutability on compliance artefact storage
Medium
AI Supplier / Third-Party Controls
§8.3 — vendor-name, data-processing-agreement, supplier-risk-tier tags on AOAI / Cognitive Services
Medium
AI System Change Control
§8.6 — Management lock (CanNotDelete) on resource groups containing production AI systems
Medium
Internal Audit — Infrastructure Evidence
§9.2 — Log Analytics workspace linked; alert rules present on all AI resources
High
Continual Improvement — Drift Tracking
§10.1 — Defender suppression rate ≤15%; HIGH/CRITICAL unresolved findings ≤3
Medium
🏦
SR 11-7 — Model Risk Management
Federal Reserve / OCC guidance on model development, validation, and governance for US financial institutions using AI/ML.
🇺🇸 United States Financial 6 Controls
Model Inventory
Model Development — All ML models must be inventoried with owner and purpose tags
High
Independent Validation
Model Validation — Evidence of independent model validation required
High
Production Hardening
Model Development — Production AI resources must meet hardening standards
High
Audit Trail
Governance — Full audit logging of model access and changes required
High
Environment Separation
Model Development — Dev / staging / production must be isolated
Medium
Champion / Challenger Governance
Model Validation — Version tagging required for A/B model governance
Medium
Model Risk Tiering / Classification
§3 — model-risk-tier (high/medium/low) tag on ML Workspaces and inference endpoints
High
Validation Independence — Subscription Scope
§4 — Dedicated validation workspace with RBAC isolation from development team
High
Ongoing Monitoring — Metric Alerts
§5 — Latency P95, error rate, token quota alert rules on inference endpoints
Medium
Model Performance Logging
§5 — Application Insights linked to AI inference resources; custom metric namespaces
High
Model Retirement / Decommission Controls
§6 — model-last-review-date and model-status tags on all AOAI resources
Medium
Vendor Model Due Diligence (AOAI)
§6 — content-filter-policy + deployed-model-version pin on Azure OpenAI resources
High
Stress / Sensitivity Testing Evidence
§7 — load-test-date tag; Azure Load Testing results on production AI resources
Medium
⚖️
EU AI Act (2024/1689)
Risk-based regulation covering unacceptable, high, limited, and minimal risk AI tiers for organizations operating in the EU market.
🇪🇺 European Union 2 Critical 8 Controls
Prohibited AI Practices
Article 5 — Resources must not be tagged for prohibited use cases (biometric mass surveillance etc.)
Critical
Accuracy, Robustness & Cybersecurity
Article 15 — High-risk AI must have monitoring, backup, and security hardening in place
Critical
Risk Classification
Article 9 — All AI resources must carry a risk classification tag (high/limited/minimal)
High
Data Governance
Article 10 — Training/input data must be documented with data-source tags
High
Human Oversight
Article 14 — High-risk AI must declare a human oversight mechanism
High
Technical Documentation
Article 11 — High-risk AI must have a technical documentation tag or linked record
Critical
Conformity Assessment
Article 43 — High-risk AI must have a conformity assessment tag or certification reference
High
EU AI Database Registration
Article 49 — High-risk AI must be registered in the EU AI database
High
Logging & Record-Keeping for High-Risk AI
Article 12 — Diagnostic settings auto-retention (3y+) on all high-risk AI resource types
High
Transparency — User-Facing Disclosure Tags
Article 13 — ai-system-name, intended-use, capability-limitations on public AI endpoints
Medium
Registration Obligations
Article 16 / 49 — eu-ai-act-registered + registration-id on high-risk resources
High
Quality Management System — Policy Evidence
Article 17 — QMS-aligned deny/audit Azure Policy initiatives at subscription scope
High
Deployer Obligations — Post-Market Monitoring
Article 26 — Action Groups with email/webhook receivers on all high-risk AI services
High
🏙️
MAS TRM 2021 — Technology Risk Management
Monetary Authority of Singapore guidelines on AI, cloud, outsourcing, and cyber hygiene for MAS-regulated financial institutions.
🇸🇬 Singapore Financial 8 Controls
Model Explainability
§13.3 — AI models in regulated decisions must declare an explainability method
Critical
AI Governance & Ownership
§4 / §13.1 — All AI resources must have owner and purpose tags assigned
High
Encryption at Rest (CMK)
§8 / §6 — Sensitive AI storage must use customer-managed keys
High
Access Control & Privileged Access
§9 — Role assignments must follow least-privilege; privileged access must be audited
High
Audit Logging & Monitoring
§6.5 / §13.4 — Diagnostic settings must be enabled on all AI resources
High
Data Residency & Localisation
§11 — AI resources handling MAS-regulated data must be in approved regions
High
Outsourcing & Cloud Risk
§11 — Cloud-hosted AI must carry outsourcing risk and criticality tags
High
IT Resilience & Business Continuity
§7 — AI resources must have backup, RTO, and availability zone coverage
Medium
Cyber Hygiene — Patch Compliance
§5.3 — Defender patch compliance assessments on AI-hosting VMs and AKS nodes
High
Cryptography in Transit
§6.4 — HTTPS-only enforced; minimum TLS 1.2 on APIM, App Service, Storage
High
IT Project Risk — Dev/Test Isolation
§10 — Separate resource groups / subscriptions for dev, test, prod AI workloads
Medium
Incident Response — Action Groups
§12 — Action Groups with email/SMS/webhook on AI resource alert rules
High
Model Governance — Version Lineage
§13.2 — model-version + training-dataset-ref tags on ML model endpoints
Medium
📊
SOX — Sarbanes-Oxley (ICFR / ITGC)
IT General Controls for AI/ML systems that impact financial reporting at US-listed public companies.
🇺🇸 United States Financial 7 Controls
Audit Trail Completeness
CC7 / §404 — All AI resources affecting financial output must have complete audit logs
Critical
Logical Access & Segregation of Duties
CC6 — Broad role assignments (Owner/Contributor) must be flagged and reviewed
High
Change Management
CC8 — Production AI resources must carry change-management and owner tags
High
Network Isolation for Financial AI
CC9 / PI1 — AI resources in financial workflows must use private networking
High
Privileged Access Review
CC6 — Privileged role assignments must be documented for periodic review
Medium
Change Management Scoping
CC8 — AI resources must declare whether they are in-scope for SOX ICFR
Medium
Control Environment (Azure Policy)
CC1 — Azure Policy assignments confirm baseline control environment hygiene
Info
Communication & Information — Log Forwarding
CC2 — All AI resource diagnostic logs forwarded to central Log Analytics (7-year retention)
High
Monitoring — Defender for Cloud Plans
CC4 — CloudPosture, MachineLearning, CognitiveServices Defender plans enabled
High
Control Activities — Policy Compliance %
CC5 — Azure Policy non-compliance rate ≤5% across financial AI subscriptions
High
System Monitoring — Alert Coverage Ratio
CC7.2 — ≥80% of AI resources covered by at least one active alert rule
Medium
Incident Response — Runbook Links
CC7.3 — incident-runbook-url tag on all SOX-scoped AI resources
Low
Risk Mitigation — Private Endpoint Coverage
CC9.2 — Private endpoints on Storage, Cosmos DB, Key Vault used by financial AI
High
🧭
NIST AI RMF 1.0 — AI Risk Management Framework
GOVERN, MAP, MEASURE, MANAGE functions for any organization developing, deploying, or procuring AI systems. Globally adopted.
🇺🇸 US / Global AI Risk 10 Controls
Accountability & Ownership
GOVERN 1.1/1.2 — All AI resources must have owner and team tags assigned
High
AI Risk Policies
GOVERN 2.1 / 6.1 — Documented risk policies must be referenced in resource tags
High
Impact Assessment
MAP 2.2 / 5.1 — Impact classification tags required on all AI resources
High
Bias & Fairness Monitoring
MEASURE 2.5/2.7 — AI resources must declare a bias-monitoring mechanism
High
Performance Drift Monitoring
MEASURE 2.6/2.8 — Application Insights / monitoring must track model drift
High
Explainability & Interpretability
MEASURE 2.9 — AI resources used in decisions must declare an explainability approach
High
AI Incident Response
MANAGE 2.4 / 4.1 — Incident response plan must be declared for AI systems
High
Risk Control Sustainability
MANAGE 2.2 — Controls must have review cadence tags showing ongoing governance
High
Risk Context & Intended Use
MAP 1.1/1.5 — Purpose and intended-use tags must be present on AI resources
Medium
AI Inventory
GOVERN 1.1 — Informational: AI resource discovery coverage check
Info
Organizational Risk Tolerance — Policy Scope
GOVERN 4.1 — Azure Policy covering all AI resource types (ML Workspaces + Cognitive Services)
Medium
AI Risk Culture — PIM & JIT Access
GOVERN 5.1 — PIM eligible assignments required for ML Workspace Owner/Contributor roles
Medium
Policies Updated — Version Evidence
GOVERN 6.1 — Policy assignment last-modified timestamps; flag policies >365 days stale
Low
Test & Eval Infrastructure
MEASURE 1.1 — Dedicated staging/test ML Workspaces separate from production
High
AI Risk Measurement — Defender Integration
MEASURE 2.1 — Defender for Cloud AI protection plans (CSPM + ML + Cognitive) enabled
High
AI Performance Metrics — App Insights Linked
MEASURE 2.3 — Application Insights components linked to each production inference endpoint
High
Measurement Effectiveness — Alert Coverage
MEASURE 4.1 — Metric alert rules on ≥80% of production AI resources
Medium
Response to Risk — Automation Runbooks
MANAGE 1.3 — Azure Automation accounts with runbooks for high-severity Defender recommendations
Medium
Risk Prioritisation — Defender Ownership
MANAGE 3.1 — HIGH/CRITICAL Defender findings have owner-assigned metadata
Medium
Residual Risk — Suppression Audit
MANAGE 4.2 — Defender suppression rate ≤10%; suppressed findings reviewed with justification
Medium
AI Risk Management — RBAC Depth
MAP 5.2 — Custom RBAC roles exist for AI workloads (not just built-in Contributor)
Low
🔒
DORA — Digital Operational Resilience Act (EU 2022/2554)
ICT risk, incident management, resilience testing, and third-party risk for EU financial entities. In force January 2025.
🇪🇺 European Union Financial 9 Controls
ICT Business Continuity
Article 11/12 — AI systems must have documented RTO/RPO and recovery plans
Critical
Network & Infrastructure Security
Article 9 — AI workloads must use private networking and firewall controls
Critical
ICT Risk Governance
Article 5/6 — Management-level ownership and risk classification tags required
High
ICT Incident Detection & Logging
Article 17/18 — Diagnostic settings must be enabled; alerts configured
High
Access Control & Privileged Access
Article 9 — Privileged access must follow least-privilege with documented review
High
Cryptographic Controls
Article 9 — Encryption at rest and in transit must be enforced on AI resources
High
ICT Third-Party Risk
Articles 28-30 — Cloud/AI vendors must be tagged with criticality and contract references
High
Digital Resilience Testing (TLPT)
Articles 24-27 — Threat-led penetration testing readiness must be declared
High
ICT Asset Classification
Article 8 — All ICT/AI resources must carry a DORA criticality classification tag
Medium
ICT Asset Register
Article 6 — Informational: ICT asset register coverage check
Info
ICT Vulnerability Management
Article 10 — Defender vulnerability assessment enabled on AI-hosting compute and containers
High
Backup & Recovery Testing Evidence
Article 11 — Azure Backup policies on critical AI data stores; RTO/RPO documented
High
Backup Redundancy — Geo-Replication
Article 12 — GRS/GZRS on Storage; multi-region on Cosmos DB used by AI services
High
ICT Security — PIM Coverage
Article 13 — PIM eligible assignments for Owner/Contributor on DORA-scoped resources
High
Major Incident Classification — Alert SLA
Article 19 — Sev 0/1 alert rules with ≤15 min notification SLA on critical AI endpoints
High
Incident Reporting — DORA Escalation Tags
Article 20 — dora-reportable, incident-contact, dora-entity-scope tags on AI resources
Medium
Advanced Testing — Penetration Test Evidence
Article 25 — last-pentest-date tag on DORA-scoped resources; flag if >12 months stale
Medium
Critical ICT Provider Oversight
Articles 31–44 — ict-provider-name, critical-ict-provider, dora-tpp-contract-ref on AOAI/Cognitive Services
Medium
Guardia AI · trustguardia.com · support@trustguardia.com · Controls reflect live scan checks as of v0.13.0