github.com/gemaraproj/gemara@v1.3.0

test/test-data/good-aigf-nist-mapping.yaml raw

 1# AIGF to NIST SP 800-53r5 Mapping Document
 2title: AI Governance Framework to NIST SP 800-53r5
 3metadata:
 4  id: AIR-NIST-MAP-001
 5  version: "0.1.0"
 6  type: MappingDocument
 7  gemara-version: "1.1.0"
 8  description: >
 9    Maps FINOS AI Governance Framework mitigations (guidelines) to
10    NIST SP 800-53 Revision 5 security and privacy controls.
11    References derived from AIGF mitigation frontmatter.
12  author:
13    id: finos
14    name: FINOS
15    type: Human
16  mapping-references:
17    - id: FINOS-AIR
18      title: AI Governance Framework
19      version: "0.1.0"
20      url: "https://aigf.finos.org"
21      description: FINOS AI Governance Framework mitigations and risks
22    - id: NIST-800-53
23      title: NIST SP 800-53 Revision 5
24      version: "rev5"
25      url: "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf"
26      description: Security and privacy guidelines for information systems and organizations
27
28source-reference:
29  reference-id: FINOS-AIR
30  entry-type: Guideline
31target-reference:
32  reference-id: NIST-800-53
33  entry-type: Guideline
34remarks: >
35  AIGF guidelines mapped to NIST 800-53r5 guidelines based on mitigation
36  frontmatter references from the original AIGF content.
37
38mappings:
39  # AIR-PREV-002: Data Filtering From External Knowledge Bases
40  - id: MAP-PREV002-data-filtering
41    source: AIR-PREV-002
42    relationship: supports
43    targets:
44      - entry-id: AC-4
45        rationale: >
46          Data filtering enforces information flow policies across AI data pipelines.
47      - entry-id: AC-22
48        rationale: >
49          Data filtering prevents sensitive data exposure in publicly accessible content.
50      - entry-id: MP-6
51        rationale: >
52          Data filtering implements sanitization of media and data stores in AI pipelines.
53      - entry-id: PT-2
54        rationale: >
55          Data filtering enforces authority and purpose constraints on data processing.
56      - entry-id: SI-4
57        rationale: >
58          Data filtering implements monitoring across AI data pipelines.
59      - entry-id: SI-12
60        rationale: >
61          Data filtering supports information management and retention policies.
62      - entry-id: SI-15
63        rationale: >
64          Data filtering implements output masking and sanitization.
65      - entry-id: SI-19
66        rationale: >
67          Data filtering supports de-identification of personal information.
68
69  # AIR-PREV-003: User/App/Model Firewalling
70  - id: MAP-PREV003-firewalling
71    source: AIR-PREV-003
72    relationship: supports
73    targets:
74      - entry-id: AC-4
75        rationale: >
76          Layered firewalling enforces information flow policies at AI boundaries.
77      - entry-id: SC-5
78        rationale: >
79          Firewalling protects against denial of service at model interaction points.
80      - entry-id: SC-7
81        rationale: >
82          Firewalling at user, application, and model layers provides boundary protection.
83      - entry-id: SI-4
84        rationale: >
85          Firewalling enables monitoring of AI interactions for anomalous activity.
86      - entry-id: SI-10
87        rationale: >
88          Firewalling implements input validation for user and application prompts.
89      - entry-id: SI-15
90        rationale: >
91          Firewalling implements output filtering for model responses.