1# AIGF to NIST SP 800-53r5 Mapping Document
2title: AI Governance Framework to NIST SP 800-53r5
3metadata:
4 id: AIR-NIST-MAP-001
5 version: "0.1.0"
6 type: MappingDocument
7 gemara-version: "1.1.0"
8 description: >
9 Maps FINOS AI Governance Framework mitigations (guidelines) to
10 NIST SP 800-53 Revision 5 security and privacy controls.
11 References derived from AIGF mitigation frontmatter.
12 author:
13 id: finos
14 name: FINOS
15 type: Human
16 mapping-references:
17 - id: FINOS-AIR
18 title: AI Governance Framework
19 version: "0.1.0"
20 url: "https://aigf.finos.org"
21 description: FINOS AI Governance Framework mitigations and risks
22 - id: NIST-800-53
23 title: NIST SP 800-53 Revision 5
24 version: "rev5"
25 url: "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf"
26 description: Security and privacy guidelines for information systems and organizations
27
28source-reference:
29 reference-id: FINOS-AIR
30 entry-type: Guideline
31target-reference:
32 reference-id: NIST-800-53
33 entry-type: Guideline
34remarks: >
35 AIGF guidelines mapped to NIST 800-53r5 guidelines based on mitigation
36 frontmatter references from the original AIGF content.
37
38mappings:
39 # AIR-PREV-002: Data Filtering From External Knowledge Bases
40 - id: MAP-PREV002-data-filtering
41 source: AIR-PREV-002
42 relationship: supports
43 targets:
44 - entry-id: AC-4
45 rationale: >
46 Data filtering enforces information flow policies across AI data pipelines.
47 - entry-id: AC-22
48 rationale: >
49 Data filtering prevents sensitive data exposure in publicly accessible content.
50 - entry-id: MP-6
51 rationale: >
52 Data filtering implements sanitization of media and data stores in AI pipelines.
53 - entry-id: PT-2
54 rationale: >
55 Data filtering enforces authority and purpose constraints on data processing.
56 - entry-id: SI-4
57 rationale: >
58 Data filtering implements monitoring across AI data pipelines.
59 - entry-id: SI-12
60 rationale: >
61 Data filtering supports information management and retention policies.
62 - entry-id: SI-15
63 rationale: >
64 Data filtering implements output masking and sanitization.
65 - entry-id: SI-19
66 rationale: >
67 Data filtering supports de-identification of personal information.
68
69 # AIR-PREV-003: User/App/Model Firewalling
70 - id: MAP-PREV003-firewalling
71 source: AIR-PREV-003
72 relationship: supports
73 targets:
74 - entry-id: AC-4
75 rationale: >
76 Layered firewalling enforces information flow policies at AI boundaries.
77 - entry-id: SC-5
78 rationale: >
79 Firewalling protects against denial of service at model interaction points.
80 - entry-id: SC-7
81 rationale: >
82 Firewalling at user, application, and model layers provides boundary protection.
83 - entry-id: SI-4
84 rationale: >
85 Firewalling enables monitoring of AI interactions for anomalous activity.
86 - entry-id: SI-10
87 rationale: >
88 Firewalling implements input validation for user and application prompts.
89 - entry-id: SI-15
90 rationale: >
91 Firewalling implements output filtering for model responses.