Datacenter Security

CSA AI Controls Matrix v1.1 domain

Protect physical facilities and infrastructure supporting AI workloads.

What this domain means for procurement

Even cloud-delivered AI relies on physical facilities, hardware, media, and personnel controls. Buyers should establish who owns that layer and what assurance covers it.

How TrustAtlas dimensions support it

Security captures facility and hardware safeguards; dependency chain captures reliance on cloud and colocation providers that operate those controls.

SecurityDependency chain

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. Which parties operate the facilities that host the service, and what independent assurance covers those locations?
  2. How are physical access, removable media, hardware disposal, and environmental risks controlled?
  3. Can customers identify the regions and facility-provider dependencies used for their workloads?
← Cryptography, Encryption & Key Management Data Security and Privacy Lifecycle Management →

Related