Encrypt AI data at rest, including the vector store and source repositories, so that storage-level access does not expose embeddings or sensitive content.
AI/ML / Multi Agent Refarch / Controls / DEV
Encryption of AI Data at Rest
CCC.MARefArc.CN09 · PREV
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP21 | Human supervision and oversight | Mechanisms for human reviewers to inspect, approve, correct, or override agent outputs, supporting human-in-the-loop and human-over-the-loop workflows for sensitive or high-impact tasks. |
| CCC.MARefArc.CP05 | Agent-ingress zero-trust guardrails | Treats all inputs as untrusted and enforces authentication, authorization, input validation, content filtering, access control, rate limits, and dynamic policy before any request reaches an agent. |
| CCC.MARefArc.CP02 | Human-in-the-loop output review | Application-embedded controls that allow users to review, approve, or modify agent outputs before they are executed or shared. |
| CCC.MARefArc.CP13 | Vector-based semantic retrieval | Vector databases providing semantic search and grounding so agents can find relevant information from large text corpora. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.TH25 | Non-compliant outputs and model-risk-management gaps | AI-generated advice, marketing, or communications that fail KYC, suitability, disclosure, record-keeping, or model-risk-management expectations create regulatory exposure; weak supervision and accountability lines turn this into direct non-compliance. |
| CCC.MARefArc.TH03 | Embedding inversion and membership inference on the vector store | Vectors stored for semantic retrieval can be inverted to reconstruct original source text, or probed to infer whether specific confidential information is present, exposing PII or proprietary content held in the knowledge layer. |
| CCC.MARefArc.TH04 | Embedding-store poisoning degrades retrieved context | An actor with write access injects malicious or misleading embeddings into the vector store, degrading the accuracy of retrieved grounding context; the dense numerical representation makes the tampering hard to detect. |
| CCC.MARefArc.TH05 | Vector-store access-control, encryption, and audit gaps | Missing role-based access control, encryption at rest, or audit logging on the vector store allows unauthorized retrieval, modification, or undetected exfiltration of embeddings derived from sensitive internal data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MARefArc.CN09.AR01 | The vector store and all AI data repositories MUST be encrypted at rest using managed keys. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.MARefArc.CN09.AR02 | Access to encryption keys MUST be restricted and audited. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| finos-air | AIR-PREV-014 |