跳转至

MLASVS Categories Overview

Complete Control Inventory

V1: Data Security & Privacy — 30 Controls (18 L1 + 12 L2)

Note (DATA-3 numbering): Two files cover DATA-3 differential privacy — MLASVS-DATA-3-Differential-Privacy.md (standard ε-DP) and MLASVS-DATA-3-Differential-Privacy-FL.md (federated learning variant, referred to as DATA-3a). Both are counted under the existing 30-control total. See DATA-019 (standard DP) and DATA-021 (federated data governance) in the table below.

ID Control Level MITRE ATLAS Test Reference
DATA-001 Data provenance tracking L1 AML.TA0009 TEST-DATA-001
DATA-002 Cryptographic data integrity L1 AML.TA0010 TEST-DATA-001
DATA-003 Data access control enforcement L1 AML.TA0002 TEST-DATA-004
DATA-004 Input validation and sanitization L1 AML.TA0005 TEST-DATA-002
DATA-005 PII/PHI detection in training data L1 AML.TA0010 TEST-DATA-002
DATA-006 Data lineage documentation L1 AML.TA0009 TEST-DATA-001
DATA-007 Secure data storage L1 AML.TA0002 TEST-DATA-004
DATA-008 Data encryption at rest L1 AML.TA0010 TEST-DATA-004
DATA-009 Data encryption in transit L1 AML.TA0010 TEST-DATA-004
DATA-010 Data minimization L1 AML.TA0010 TEST-DATA-002
DATA-011 Training data quality checks L1 AML.TA0005 TEST-DATA-002
DATA-012 Data retention policy L1 AML.TA0010 TEST-DATA-004
DATA-013 Data labeling security L1 AML.TA0005 TEST-DATA-002
DATA-014 Cross-contamination prevention L1 AML.TA0005 TEST-DATA-002
DATA-015 Data de-identification L1 AML.TA0010 TEST-DATA-002
DATA-016 Consent and rights management L1 AML.TA0010 TEST-DATA-002
DATA-017 Data distribution analysis L1 AML.TA0005 TEST-DATA-002
DATA-018 Data corruption detection L1 AML.TA0005 TEST-DATA-002
DATA-019 Differential privacy (ε-guarantee) L2 AML.TA0010 TEST-DATA-003
DATA-020 Cryptographic data provenance L2 AML.TA0009 TEST-DATA-001
DATA-021 Federated data governance L2 AML.TA0002 TEST-DATA-004
DATA-022 Secure multi-party computation L2 AML.TA0010 TEST-DATA-003
DATA-023 Homomorphic encryption support L2 AML.TA0010 TEST-DATA-003
DATA-024 Automated data poisoning detection L2 AML.TA0005 TEST-DATA-002
DATA-025 Adversarial data filtering L2 AML.TA0005 TEST-DATA-002
DATA-026 Real-time data integrity monitoring L2 AML.TA0010 TEST-DATA-001
DATA-027 Data usage auditing L2 AML.TA0009 TEST-DATA-004
DATA-028 Cross-border data compliance L2 AML.TA0010 TEST-DATA-004
DATA-029 Synthetic data validation L2 AML.TA0005 TEST-DATA-002
DATA-030 Data trust scoring L2 AML.TA0009 TEST-DATA-001

V2: Model Security — 30 Controls (15 L1 + 15 L2)

ID Control Level MITRE ATLAS Test Reference
MODEL-001 Adversarial robustness testing L1 AML.T0015 TEST-MODEL-001
MODEL-002 Input perturbation limits L1 AML.T0015 TEST-MODEL-001
MODEL-003 Model input validation L1 AML.T0043 TEST-MODEL-001
MODEL-004 Output confidence calibration L1 AML.T0024.001 TEST-MODEL-002
MODEL-005 API rate limiting L1 AML.T0024.002 TEST-MODEL-002
MODEL-006 Access control on model endpoints L1 AML.TA0002 TEST-MODEL-002
MODEL-007 Model versioning L1 AML.TA0006 TEST-MODEL-005
MODEL-008 Model signing L1 AML.TA0006 TEST-MODEL-005
MODEL-009 Inference logging L1 AML.TA0009 TEST-MODEL-003
MODEL-010 Anomalous input detection L1 AML.T0015 TEST-MODEL-001
MODEL-011 Output sanitization L1 AML.T0024.001 TEST-MODEL-003
MODEL-012 Resource limits on inference L1 AML.T0029 TEST-MODEL-001
MODEL-013 Model behavior monitoring L1 AML.T0018 TEST-MODEL-003
MODEL-014 Secure model serialization L1 AML.TA0002 TEST-MODEL-005
MODEL-015 Model rollback capability L1 AML.TA0006 TEST-MODEL-005
MODEL-016 Certified adversarial robustness L2 AML.T0015 TEST-MODEL-001
MODEL-017 Robustness certification (provable bounds) L2 AML.T0015 TEST-MODEL-001
MODEL-018 Extraction resistance validation L2 AML.T0024.002 TEST-MODEL-002
MODEL-019 Differential privacy in model L2 AML.T0024.000 TEST-MODEL-003
MODEL-020 Membership inference prevention L2 AML.T0024.000 TEST-MODEL-003
MODEL-021 Backdoor detection validation L2 AML.T0020 TEST-MODEL-004
MODEL-022 Trojan detection L2 AML.T0020 TEST-MODEL-004
MODEL-023 Model watermarking L2 AML.T0024.002 TEST-MODEL-002
MODEL-024 Adversarial training validation L2 AML.T0015 TEST-MODEL-001
MODEL-025 Feature squeezing validation L2 AML.T0015 TEST-MODEL-001
MODEL-026 Model ensemble diversity L2 AML.T0015 TEST-MODEL-001
MODEL-027 Certified defense mechanisms L2 AML.T0015 TEST-MODEL-001
MODEL-028 Red team exercise completion L2 AML.TA0001 TEST-MODEL-001
MODEL-029 Continuous adversarial retesting L2 AML.T0015 TEST-MODEL-001
MODEL-030 Model provenance attestation L2 AML.TA0006 TEST-MODEL-005

V3: LLM Security — 24 Controls (14 L1 + 10 L2)

ID Control Level MITRE ATLAS Test Reference
LLM-001 Prompt injection prevention L1 AML.T0051 TEST-LLM-001
LLM-002 Input/output boundary enforcement L1 AML.T0051 TEST-LLM-001
LLM-003 Output validation and filtering L1 AML.T0057 TEST-LLM-002
LLM-004 System prompt isolation L1 AML.T0051 TEST-LLM-001
LLM-005 Context window limits L1 AML.T0029 TEST-LLM-003
LLM-006 Plugin permission scoping L1 AML.T0053 TEST-LLM-001
LLM-007 Tool call authorization L1 AML.T0053 TEST-LLM-001
LLM-008 Sensitive data exfiltration prevention L1 AML.T0057 TEST-LLM-002
LLM-009 Content filtering pipeline L1 AML.T0057 TEST-LLM-002
LLM-010 Human-in-the-loop for critical actions L1 AML.T0053 TEST-LLM-003
LLM-011 Rate limiting on LLM endpoints L1 AML.T0029 TEST-LLM-003
LLM-012 Token usage monitoring L1 AML.T0029 TEST-LLM-003
LLM-013 Input token limits L1 AML.T0029 TEST-LLM-003
LLM-014 Output length limits L1 AML.T0057 TEST-LLM-002
LLM-015 Prompt firewall deployment L2 AML.T0051 TEST-LLM-001
LLM-016 Semantic prompt filtering L2 AML.T0051 TEST-LLM-001
LLM-017 Jailbreak detection system L2 AML.T0051 TEST-LLM-003
LLM-018 RAG security controls L2 AML.T0051 TEST-LLM-001
LLM-019 Embedding-level anomaly detection L2 AML.T0051 TEST-LLM-001
LLM-020 Agentic workflow authorization L2 AML.T0053 TEST-LLM-003
LLM-021 Tool/plugin isolation sandbox L2 AML.T0053 TEST-LLM-001
LLM-022 Continuous red teaming pipeline L2 AML.T0051 TEST-LLM-003
LLM-023 Human override mechanisms L2 AML.T0053 TEST-LLM-003
LLM-024 Multi-turn attack detection L2 AML.T0051 TEST-LLM-003

V4-V7: Refer to category-specific documents