open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(knowledge): add compliance-mapping document — EU AI Act, NIST AI RMF, ISO 42001

Browse source
This commit is contained in:
Kjell Tore Guttormsen 2026-04-10 12:29:14 +02:00
commit 5bb9d5bd11
2 changed files with 187 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

119
plugins/llm-security/knowledge/compliance-mapping.md Normal file
View file

@ -0,0 +1,119 @@
# Compliance Mapping
Maps the llm-security plugin's 13 posture categories and mitigation controls to three enterprise compliance frameworks: EU AI Act, NIST AI RMF, and ISO 42001.
Used by `posture-assessor-agent` and compliance-aware posture categories (14-16) to evaluate framework alignment.
## How to Read This Matrix
- **Plugin Control:** One of the 13 posture scanner categories
- **Control Type:** Automated (hooks), Configured (settings), Advisory (scans/audits)
- **EU AI Act:** Regulation (EU) 2024/1689 article(s) the control satisfies
- **NIST AI RMF:** AI 100-1 function(s) the control supports (Govern, Map, Measure, Manage)
- **ISO 42001:** ISO/IEC 42001:2023 clause(s) the control aligns with
- **Coverage Level:** Full (directly satisfies), Partial (contributes to), Supports (enables but does not fully satisfy)
---
## Framework Summary
| Framework | Full Reference | Scope | Key Requirements |
|-----------|---------------|-------|------------------|
| EU AI Act | Regulation (EU) 2024/1689 | High-risk AI systems in EU | Art. 9 risk management, Art. 12 record-keeping, Art. 13 transparency, Art. 14 human oversight, Art. 15 accuracy/robustness/cybersecurity, Art. 17 quality management |
| NIST AI RMF | NIST AI 100-1 (Jan 2023) | Voluntary framework for AI risk | Four functions: Govern, Map, Measure, Manage. GenAI profile: AI 600-1 |
| ISO 42001 | ISO/IEC 42001:2023 | AI management system (certifiable) | Cl. 4 context, Cl. 5 leadership, Cl. 6 planning/risk, Cl. 7 support, Cl. 8 operation, Cl. 9 performance evaluation, Cl. 10 improvement |
---
## Mapping Matrix
| Plugin Control | Control Type | EU AI Act | NIST AI RMF | ISO 42001 | Coverage |
|----------------|-------------|-----------|-------------|-----------|----------|
| Deny-First Configuration | Configured | Art. 15 (cybersecurity — attack surface reduction) | Govern (GV-1: policies), Manage (MG-2: risk response) | Cl. 8.1 (operational planning), Cl. 6.1 (risk assessment) | Partial |
| Secrets Protection | Automated | Art. 15 (cybersecurity — credential protection) | Manage (MG-2: risk controls) | Cl. 8.3 (risk treatment) | Full |
| Path Guarding | Automated | Art. 15 (cybersecurity — unauthorized access prevention) | Manage (MG-2: risk response) | Cl. 8.3 (risk treatment) | Full |
| MCP Server Trust | Configured | Art. 15 (robustness — third-party dependency trust) | Map (MP-3: identify risks from third parties), Govern (GV-6: supply chain) | Cl. 4.1 (external issues), Cl. 8.2 (AI risk assessment) | Partial |
| Destructive Command Blocking | Automated | Art. 15 (robustness — preventing harmful outputs), Art. 14 (human oversight mechanism) | Manage (MG-3: risk treatment) | Cl. 8.3 (risk treatment), Cl. 8.4 (system impact assessment) | Full |
| Sandbox Configuration | Configured | Art. 15 (robustness — execution isolation) | Manage (MG-2: risk response) | Cl. 8.1 (operational planning) | Partial |
| Human Review Requirements | Configured | Art. 14 (human oversight — meaningful human control) | Govern (GV-1: accountability), Map (MP-5: human-AI interaction) | Cl. 5.1 (leadership commitment), Cl. 9.3 (management review) | Full |
| Skill and Plugin Sources | Advisory | Art. 15 (cybersecurity — supply chain integrity) | Map (MP-3: third-party risks), Govern (GV-6: supply chain) | Cl. 4.1 (external issues), Cl. 8.2 (AI risk assessment) | Partial |
| Session Isolation | Configured | Art. 15 (robustness — fault isolation), Art. 12 (record-keeping — session boundaries) | Manage (MG-2: containment) | Cl. 8.1 (operational planning) | Partial |
| Cognitive State Security | Automated | Art. 15 (robustness — data integrity), Art. 9 (risk management — adversarial threats) | Map (MP-2: AI risk identification), Measure (MS-2: detect emergent risks) | Cl. 8.2 (AI risk assessment), Cl. 9.1 (monitoring) | Partial |
| Prompt Injection Hardening | Automated | Art. 15 (cybersecurity — input validation), Art. 9 (risk management) | Measure (MS-2: detect and track risks), Manage (MG-3: active response) | Cl. 8.3 (risk treatment), Cl. 9.1 (monitoring) | Full |
| Rule of Two | Automated | Art. 14 (human oversight — intervention capability), Art. 15 (robustness — multi-signal detection) | Measure (MS-2: detect trifecta patterns), Manage (MG-3: escalation) | Cl. 9.1 (monitoring), Cl. 8.4 (system impact assessment) | Full |
| Long-Horizon Monitoring | Automated | Art. 12 (record-keeping — behavioral audit trail), Art. 15 (robustness — continuous monitoring) | Measure (MS-1: performance monitoring), Manage (MG-4: continuous monitoring) | Cl. 9.1 (monitoring), Cl. 10.1 (continual improvement) | Full |
---
## Per-Framework Coverage Summary
### EU AI Act Coverage
| Article | Requirement | Plugin Controls Covering | Coverage |
|---------|-------------|-------------------------|----------|
| Art. 9 | Risk management system | Cognitive State Security, Prompt Injection Hardening, posture scanner, threat-model command | Partial — plugin provides risk detection tooling but is not a full risk management system |
| Art. 12 | Record-keeping | Long-Horizon Monitoring, Session Isolation, audit trail (v6.0) | Partial — session-level logging; structured audit trail adds SIEM-ready events |
| Art. 13 | Transparency | Posture reports, scan reports, AI-BOM (v6.0) | Partial — provides transparency tooling for AI components |
| Art. 14 | Human oversight | Human Review Requirements, Rule of Two, Destructive Command Blocking | Full — enforces human-in-the-loop via deny-first config and trifecta detection |
| Art. 15 | Accuracy, robustness, cybersecurity | All 13 categories contribute | Full — comprehensive automated + configured controls for robustness and cybersecurity |
| Art. 17 | Quality management system | Posture scanner, scan-orchestrator, test suite (1147 tests) | Partial — provides quality measurement; not a full QMS |
### NIST AI RMF Coverage
| Function | Subcategories Addressed | Plugin Controls | Coverage |
|----------|------------------------|-----------------|----------|
| Govern | GV-1 (policies), GV-6 (supply chain) | Deny-First Configuration, Human Review, Skill Sources, policy-as-code (v6.0) | Partial — provides governance enforcement tooling |
| Map | MP-2 (risk identification), MP-3 (third-party), MP-5 (human-AI) | MCP Server Trust, Cognitive State, Skill Sources, Human Review, threat-model | Partial — identifies AI-specific risks via scanning and threat modeling |
| Measure | MS-1 (monitoring), MS-2 (detection) | Long-Horizon Monitoring, Rule of Two, Prompt Injection, posture scanner | Full — continuous measurement via hooks and periodic scanning |
| Manage | MG-2 (response), MG-3 (treatment), MG-4 (monitoring) | Secrets Protection, Path Guarding, Destructive Blocking, Sandbox, clean command | Full — active risk management via automated blocking and remediation |
### ISO 42001 Coverage
| Clause | Requirement | Plugin Controls | Coverage |
|--------|-------------|-----------------|----------|
| Cl. 4 (Context) | Identify internal/external factors | MCP Server Trust, Skill Sources (external dependency tracking) | Supports |
| Cl. 5 (Leadership) | AI policy, accountability | Human Review Requirements, policy-as-code (v6.0) | Supports |
| Cl. 6 (Planning) | Risk assessment, AI objectives | Posture scanner, threat-model command | Partial |
| Cl. 7 (Support) | Resources, competence, awareness | Documentation (README, CLAUDE.md, knowledge base) | Supports |
| Cl. 8 (Operation) | Risk assessment, treatment, impact assessment | All automated hooks (risk treatment), posture/audit scans (assessment) | Full |
| Cl. 9 (Performance evaluation) | Monitoring, internal audit, management review | Long-Horizon Monitoring, posture scanner, scan-orchestrator, dashboard | Full |
| Cl. 10 (Improvement) | Continual improvement, corrective action | Baseline diff, watch/cron, clean command, version history | Partial |
---
## Coverage Limitations
The llm-security plugin is a **security tooling layer**, not a complete compliance solution. It provides:
- **Detection and measurement** (satisfies technical control requirements)
- **Enforcement at runtime** (satisfies operational control requirements)
- **Reporting and transparency** (contributes to documentation requirements)
It does **not** provide:
- Organizational governance processes (board-level AI policy, accountability structures)
- Full risk management lifecycle documentation
- Third-party audit certification
- Data governance or privacy controls (GDPR, data quality per Art. 10)
- Model training oversight (Art. 10, 11)
---
## Verification Log
Each compliance framework reference was web-verified on 2026-04-10:
| Reference | Verified Against | Source URL |
|-----------|-----------------|------------|
| EU AI Act Art. 9 (risk management) | Official text, Regulation (EU) 2024/1689 | https://artificialintelligenceact.eu/article/9/ |
| EU AI Act Art. 12 (record-keeping) | Official text | https://artificialintelligenceact.eu/article/12/ |
| EU AI Act Art. 13 (transparency) | Section 3-2 overview | https://artificialintelligenceact.eu/section/3-2/ |
| EU AI Act Art. 14 (human oversight) | Official text | https://artificialintelligenceact.eu/article/14/ |
| EU AI Act Art. 15 (accuracy, robustness, cybersecurity) | Official text | https://artificialintelligenceact.eu/article/15/ |
| EU AI Act Art. 17 (quality management) | Official text | https://artificialintelligenceact.eu/article/17/ |
| NIST AI RMF functions (Govern, Map, Measure, Manage) | NIST AI 100-1 | https://airc.nist.gov/airmf-resources/airmf/ |
| NIST AI RMF Core subcategories | NIST AI RMF Playbook | https://www.nist.gov/itl/ai-risk-management-framework/nist-ai-rmf-playbook |
| NIST AI 600-1 GenAI profile | NIST publication | https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf |
| ISO 42001 Clauses 4-10 structure | Barr Advisory guide | https://www.barradvisory.com/resource/iso-42001-requirements-explained/ |
| ISO 42001 Cl. 6.1 risk, Cl. 8 operation, Cl. 9 monitoring, Cl. 10 improvement | RSI Security analysis | https://blog.rsisecurity.com/the-10-comprehensive-clauses-of-iso-42001/ |
| ISO 42001 Cl. 8.2 risk assessment, Cl. 8.4 impact assessment | Cyberzoni clause guide | https://cyberzoni.com/standards/iso-42001/ |

68
plugins/llm-security/tests/scanners/compliance-mapping.test.mjs Normal file
View file

@ -0,0 +1,68 @@
// compliance-mapping.test.mjs — Tests for knowledge/compliance-mapping.md content
// Verifies: file exists, contains expected framework headers, all 13 posture categories, verification log
import { describe, it } from 'node:test';
import assert from 'node:assert/strict';
import { readFileSync } from 'node:fs';
import { resolve } from 'node:path';
import { fileURLToPath } from 'node:url';
const __dirname = fileURLToPath(new URL('.', import.meta.url));
const ROOT = resolve(__dirname, '../..');
const COMPLIANCE_PATH = resolve(ROOT, 'knowledge/compliance-mapping.md');
let content;
try {
content = readFileSync(COMPLIANCE_PATH, 'utf-8');
} catch {
content = null;
}
describe('knowledge/compliance-mapping.md', () => {
it('file exists', () => {
assert.ok(content !== null, 'compliance-mapping.md should exist');
});
it('contains EU AI Act header', () => {
assert.ok(content.includes('EU AI Act'), 'Should reference EU AI Act');
});
it('contains NIST AI RMF header', () => {
assert.ok(content.includes('NIST AI RMF'), 'Should reference NIST AI RMF');
});
it('contains ISO 42001 header', () => {
assert.ok(content.includes('ISO 42001'), 'Should reference ISO 42001');
});
// All 13 existing posture category names must appear
const categories = [
'Deny-First Configuration',
'Secrets Protection',
'Path Guarding',
'MCP Server Trust',
'Destructive Command Blocking',
'Sandbox Configuration',
'Human Review Requirements',
'Skill and Plugin Sources',
'Session Isolation',
'Cognitive State Security',
'Prompt Injection Hardening',
'Rule of Two',
'Long-Horizon Monitoring',
];
for (const cat of categories) {
it(`contains posture category: ${cat}`, () => {
assert.ok(content.includes(cat), `Should reference posture category "${cat}"`);
});
}
it('contains Verification Log section', () => {
assert.ok(content.includes('Verification Log'), 'Should have a Verification Log section');
});
it('contains at least one source URL', () => {
assert.ok(/https?:\/\//.test(content), 'Should contain at least one verification URL');
});
});