Enforce least-privilege, role-based access control over all AI data stores, including source bases, the vector store, and model artifacts.
AI/ML / Multi Agent Refarch / Controls / DEV
Role-Based Access Control for AI Data
CCC.MARefArc.CN08 · PREV
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP14 | Approved-model registry and lifecycle | Catalog of approved models with metadata, version information, configuration parameters, and usage constraints, ensuring agents access only models meeting organizational, regulatory, and security standards. |
| CCC.MARefArc.CP11 | Adaptive learning | Generates learning signals based on execution outcomes to refine prompts, adjust agent configurations, or improve tool-selection strategies. |
| CCC.MARefArc.CP16 | Model-interaction zero-trust guardrails | Enforces authentication and authorization for every inference request and applies input validation against prompt injection, output filtering and redaction, access control, rate limits, and cost management before and after model execution. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.TH06 | Foundation-model training and fine-tuning data poisoning | Adversaries tamper with training, fine-tuning, or third-party data feeds behind the approved models, mislabeling data or embedding backdoor triggers and biases that corrupt downstream decisions without visible symptoms until a major failure. |
| CCC.MARefArc.TH07 | Adaptive-learning and continuous-learning exploitation | The adaptive-learning capability that refines prompts and configurations from execution outcomes can be steered by an adversary who systematically feeds misleading signals, gradually skewing agent behaviour when validation of learning inputs is inadequate. |
| CCC.MARefArc.TH01 | Model memorization leaks sensitive data across sessions | The hosted models accessed through the LLM layer may memorize sensitive inputs or training data and later disclose customer PII, proprietary algorithms, or trading strategies, including cross-user leakage into unrelated sessions. |
| CCC.MARefArc.TH02 | Hosted-provider data-handling exposure | Sensitive data submitted through the LLM gateway to third-party hosted models is exposed when the provider lacks transparent encryption, retention limits, or secure-deletion guarantees, leaving the institution without control over data it no longer holds. |
| CCC.MARefArc.TH20 | Model supply-chain tampering | Adversaries tamper with training data, weights, GPU firmware and operating systems, cloud orchestration, or ML libraries in the provider pipeline, embedding manipulations that are difficult to detect downstream of the LLM gateway. |
| CCC.MARefArc.TH21 | Backdoor triggers and safety-mechanism disablement | Where weights are accessible, adversarial fine-tuning, engineered trigger phrases, or tampering disables alignment and content-moderation safeguards, causing targeted unsafe behaviour under specific conditions. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MARefArc.CN08.AR01 | Access to AI data stores, including source bases, the vector store, and model artifacts, MUST be governed by role-based access control with least privilege. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.MARefArc.CN08.AR02 | Access grants MUST be reviewed periodically and revoked when no longer required. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| finos-air | AIR-PREV-012 |