~ / directory / csa-ai-controls-matrix
CA
Mixed · AI Governance & Standards · reviewed 2026-04

CSA AI Controls Matrix

Cloud Security Alliance's structured controls for securing AI systems.

Visit cloudsecurityalliance.org/artifacts/ai-controls-matrix
01

What it does

The Cloud Security Alliance's AI-specific controls matrix — a structured set of controls for securing AI systems. Published alongside MAESTRO and other CSA AI security initiatives. Covers adversarial robustness, system transparency, and cloud-specific AI security requirements.

02

Security relevance

CSA is a trusted authority in cloud security, and this matrix extends their expertise to AI. Complements ISO 42001 and NIST AI RMF with cloud-native AI controls. Natural companion to the MAESTRO framework for organisations using CSA standards.

03

When to use it

Use when building AI security control frameworks, particularly for cloud-deployed AI workloads. Reference alongside OWASP, NIST, and ISO standards. The structured matrix format makes it practical for mapping controls to your specific environment.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 10 in LLM, 10 in Agentic.

LLM Top 10 · 2025 · 10/10 covered
01
02
03
04
05
06
07
08
09
10
LLM01 · Prompt Injection LLM02 · Sensitive Information Disclosure LLM03 · Supply Chain LLM04 · Data & Model Poisoning LLM05 · Improper Output Handling LLM06 · Excessive Agency LLM07 · System Prompt Leakage LLM08 · Vector & Embedding Weaknesses LLM09 · Misinformation LLM10 · Unbounded Consumption
Agentic Top 10 · 2026 · 10/10 covered
01
02
03
04
05
06
07
08
09
10
ASI01 · Agent Goal Hijack ASI02 · Tool Misuse & Exploitation ASI03 · Identity & Privilege Abuse ASI04 · Agentic Supply Chain Vulnerabilities ASI05 · Unexpected Code Execution ASI06 · Memory & Context Poisoning ASI07 · Insecure Inter-Agent Communication ASI08 · Cascading Failures ASI09 · Human-Agent Trust Exploit ASI10 · Rogue Agents
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: CSA AI Controls Matrix
slug: csa-ai-controls-matrix
type: Mixed
category: AI Governance & Standards
url: https://cloudsecurityalliance.org/artifacts/ai-controls-matrix

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM01, LLM02, LLM03, LLM04, LLM05, LLM06, LLM07, LLM08, LLM09, LLM10]
  asi:  [ASI01, ASI02, ASI03, ASI04, ASI05, ASI06, ASI07, ASI08, ASI09, ASI10]

complexity:    Guided Setup
pricing:       —
audience:      Blue Team
lifecycle:     [govern]

tags: [Cloud, Controls, CSA, Framework]