AI Controls Matrix

• Publisher: CSA
• Status: active
• Version: 2025
• Release Date: 2025-07-10
• Date Added: 2025-08-29
• Source URL: https://cloudsecurityalliance.org/artifacts/ai-controls-matrix

---

Summary

The CSA AI Controls Matrix (AICM) is a vendor-neutral, actionable framework of 243 control objectives across 18 domains, designed to help organizations securely develop, deploy, and operate AI systems in cloud environments. It builds on CSA's Cloud Controls Matrix (CCM) and aligns with major standards such as ISO/IEC 42001, ISO/IEC 27001, NIST AI RMF, and the EU AI Act. It serves as both a governance tool and the foundation for CSA’s forthcoming STAR for AI certification program.

---

Key Takeaways

• Provides 243 AI-specific control objectives organized into 18 security domains.
• Designed for all AI cloud stakeholders including model providers, developers, operators, and consumers.
• Maps to existing security and governance frameworks such as ISO/IEC 42001, ISO/IEC 27001, NIST AI RMF, and BSI AIC4.
• Includes the AI-CAIQ self-assessment questionnaire for audits and vendor evaluations.
• Forms the foundation of CSA’s STAR for AI certification.

---

Additional Sources

• CSA Blog - Introducing the AICM

---

Tags

framework, cloud, risk, compliance, controls, matrix

---

License

Proprietary