| AID | 20 |
|---|---|
| Domain | Application & Interface Security |
| CID | AIS-10 |
| Control | API Security |
| Control Specification | Define, implement and evaluate processes, procedures and technical measures to protect APIs, including authorization flaws, API key management, regular security testing. Review and update technical measures for any improvements at least annually, or after significant system changes. |
| Control Type | Cloud & AI Related |
| AI CAIQ ID | AIS-10.2 |
| AI CAIQuestionnaire | Are technical measures for any improvements reviewed and updated at least annually or after significant system changes? |
| NIST AI 600-1 Mapping | GV-6.1-009<br /> MS-2.6-006<br /> MS-2.7-007<br /> MS-2.10-001<br /> MS-2.7-009 |
Reference: https://cloudsecurityalliance.org/artifacts/ai-controls-matrix