Skip to content

V1: Data Security & Privacy — MLASVS-DATA

Overview

Data is the foundation of any ML system. Compromised training data leads to compromised models. This category covers security controls for the entire data lifecycle: collection, storage, processing, labeling, training, and disposal.

Key Threats

Threat MITRE ATLAS MLASWE Reference
Data poisoning (training) AML.T0020 MLASWE-0002
Data poisoning (label manipulation) AML.T0020 MLASWE-0002
Data exfiltration AML.TA0010 MLASWE-0012
Supply chain via compromised datasets AML.T0020 MLASWE-0009
Privacy leakage from training data AML.T0018 MLASWE-0012
Data integrity compromise AML.TA0005 MLASWE-0002

Subcategories

DATA-1: Data Provenance (Controls DATA-001, DATA-002, DATA-006, DATA-020, DATA-026, DATA-030)

Ensuring data origin, transformation history, and integrity are verifiable.

DATA-2: Data Sanitization (Controls DATA-004, DATA-005, DATA-010, DATA-011, DATA-013, DATA-014, DATA-015, DATA-016, DATA-017, DATA-018, DATA-024, DATA-025, DATA-029)

Ensuring training and inference data is clean, validated, and free from poison/contamination.

DATA-3: Differential Privacy (Controls DATA-019, DATA-022, DATA-023)

Ensuring training algorithms incorporate privacy guarantees.

DATA-4: Access Control (Controls DATA-003, DATA-007, DATA-008, DATA-009, DATA-012, DATA-021, DATA-027, DATA-028)

Ensuring data is properly protected and access is controlled.

Control Inventory

L1 Controls (18)

ID Control MITRE ATLAS Test Ref
DATA-001 Data provenance tracking AML.TA0009 TEST-DATA-001
DATA-002 Cryptographic data integrity AML.TA0010 TEST-DATA-001
DATA-003 Data access control enforcement AML.TA0002 TEST-DATA-004
DATA-004 Input validation and sanitization AML.TA0005 TEST-DATA-002
DATA-005 PII/PHI detection in training data AML.TA0010 TEST-DATA-002
DATA-006 Data lineage documentation AML.TA0009 TEST-DATA-001
DATA-007 Secure data storage AML.TA0002 TEST-DATA-004
DATA-008 Data encryption at rest AML.TA0010 TEST-DATA-004
DATA-009 Data encryption in transit AML.TA0010 TEST-DATA-004
DATA-010 Data minimization AML.TA0010 TEST-DATA-002
DATA-011 Training data quality checks AML.TA0005 TEST-DATA-002
DATA-012 Data retention policy AML.TA0010 TEST-DATA-004
DATA-013 Data labeling security AML.TA0005 TEST-DATA-002
DATA-014 Cross-contamination prevention AML.TA0005 TEST-DATA-002
DATA-015 Data de-identification AML.TA0010 TEST-DATA-002
DATA-016 Consent and rights management AML.TA0010 TEST-DATA-002
DATA-017 Data distribution analysis AML.TA0005 TEST-DATA-002
DATA-018 Data corruption detection AML.TA0005 TEST-DATA-002

L2 Controls (12)

ID Control MITRE ATLAS Test Ref
DATA-019 Differential privacy (ε-guarantee) AML.TA0010 TEST-DATA-003
DATA-020 Cryptographic data provenance AML.TA0009 TEST-DATA-001
DATA-021 Federated data governance AML.TA0002 TEST-DATA-004
DATA-022 Secure multi-party computation AML.TA0010 TEST-DATA-003
DATA-023 Homomorphic encryption support AML.TA0010 TEST-DATA-003
DATA-024 Automated data poisoning detection AML.TA0005 TEST-DATA-002
DATA-025 Adversarial data filtering AML.TA0005 TEST-DATA-002
DATA-026 Real-time data integrity monitoring AML.TA0010 TEST-DATA-001
DATA-027 Data usage auditing AML.TA0009 TEST-DATA-004
DATA-028 Cross-border data compliance AML.TA0010 TEST-DATA-004
DATA-029 Synthetic data validation AML.TA0005 TEST-DATA-002
DATA-030 Data trust scoring AML.TA0009 TEST-DATA-001