Logging and Monitoring
CSA AI Controls Matrix v1.1 domain
Record and detect security, safety, operational, and agent behavior events.
What this domain means for procurement
AI-specific monitoring should connect system activity, model behavior, tool use, safety events, and human interventions while respecting data-minimization requirements.
How TrustAtlas dimensions support it
Security covers detection and audit telemetry; transparency covers customer-visible evidence; agent governance covers behavioral monitoring and intervention records.
SecurityTransparencyAgent governance
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- Which prompt, model, policy, tool-call, identity, and safety events are logged, and for how long?
- Can customers export logs to their security tooling without exposing unnecessary prompt or personal data?
- What alerts detect anomalous agent behavior, policy bypass, data leakage, or unexplained model drift?
- Are human approvals, overrides, and emergency stops captured in tamper-evident audit history?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored