Cloud Security Alliance AI Controls Matrix

The AI Controls Matrix (AICM) is a vendor-agnostic framework designed for organizations developing, implementing, and operating cloud-based AI systems. The framework contains 243 control objectives distributed across 18 security domains. The AICM builds on the Cloud Security Alliance's Cloud Controls Matrix (CCM) and incorporates AI security best practices. Control objectives are analyzed across five critical pillars: Control Type, Control Applicability and Ownership, Architectural Relevance, LLM Lifecycle Relevance, and Threat Category. The framework maps to multiple standards including ISO 42001, ISO 27001, NIST AI RMF 1.0, BSI AIC4, and the AI EU Act. The download bundle includes the control matrix spreadsheet, implementation guidelines, auditing guidelines, and mappings to various regulatory frameworks. The AICM is accompanied by the Consensus Assessment Initiative Questionnaire for AI (AI-CAIQ), which provides questions mapped to the AICM controls for self-assessment or third-party vendor evaluation. Organizations can use the AI-CAIQ to submit assessments to the STAR Registry for AI Level 1 certification. The framework targets AI model providers, orchestrated service providers, infrastructure operators, application developers, and AI customers.