Identity & Access Management

CSA AI Controls Matrix v1.1 domain

Control human and machine identities that access AI systems and tools.

What this domain means for procurement

AI platforms introduce service accounts, API keys, agents, tools, and delegated identities. Buyers need least privilege, strong authentication, lifecycle controls, and attributable actions.

How TrustAtlas dimensions support it

Security covers authentication and authorization; agent governance covers non-human identity, delegated authority, and traceable autonomous actions.

SecurityAgent governance

This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.

Questions to ask vendors

Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.

  1. Do you support SSO, MFA, SCIM, granular roles, and separation of administrative duties?
  2. How are API keys, service accounts, agents, and delegated tool credentials created, scoped, rotated, and revoked?
  3. Can every agent action be attributed to a requesting identity, policy decision, and credential scope?
← Human Resources Interoperability & Portability →

Related