Cryptography, Encryption & Key Management
CSA AI Controls Matrix v1.1 domain
Protect AI data and assets with managed cryptographic controls.
What this domain means for procurement
Prompts, outputs, embeddings, fine-tuning data, model artifacts, and credentials all require appropriate encryption and key lifecycle controls.
How TrustAtlas dimensions support it
Data handling covers protected data throughout its lifecycle; security covers key custody, access controls, rotation, and cryptographic implementation.
Data handlingSecurity
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- Which customer data, embeddings, logs, model artifacts, and backups are encrypted in transit and at rest?
- Do you support customer-managed keys, and what data remains outside that key boundary?
- How are keys generated, accessed, rotated, revoked, and recovered, including during an incident?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored