Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Align cybersecurity controls with evolving regulations and make a real impact in the industry. Join CSA's Regulatory Analysis and Compliance Engineering Working Group!

Download Publication

Home
Publications
AI Organizational Responsibilities - Core Security Responsibilities
AI Organizational Responsibilities - Core Security Responsibilities
Who it's for:
  • CISOs and Chief AI Officers 
  • Business leaders, decision makers, and shareholders
  • AI engineers, analysts, and developers
  • Policymakers and regulators
  • Customers and the general public

AI Organizational Responsibilities - Core Security Responsibilities

Release Date: 05/05/2024

Working Group: AI Safety Initiative

This publication from the CSA AI Organizational Responsibilities Working Group provides a blueprint for enterprises to fulfill their core information security responsibilities pertaining to the development and deployment of Artificial Intelligence (AI) and Machine Learning (ML). Expert-recommended best practices and standards, including NIST AI RMF, NIST SSDF, NIST 800-53, and CSA CCM, are synthesized into 3 core security areas: data protection mechanisms, model security, and vulnerability management. Each responsibility is analyzed using quantifiable evaluation criteria, the RACI model for role definitions, high-level implementation strategies, continuous monitoring and reporting mechanisms, access control mapping, and adherence to foundational guardrails.

Key Takeaways:
  • The components of the AI Shared Responsibility Model
  • How to ensure the security and privacy of AI training data
  • The significance of AI model security, including access controls, secure runtime environments, vulnerability and patch management, and MLOps pipeline security
  • The significance of AI vulnerability management, including AI/ML asset inventory, continuous vulnerability scanning, risk-based prioritization, and remediation tracking

The other two publications in this series discuss the AI regulatory environment and a benchmarking model for AI resilience. By outlining recommendations across these key areas of security and compliance in 3 targeted publications, this series guides enterprises to fulfill their obligations for responsible and secure AI development and deployment.
Download this Resource

Bookmark
Share
Related resources

Related Resources

PublicationsBlogsWebinars
Dynamic Process Landscape: A Strategic Guide to Successful AI Implementation
Dynamic Process Landscape: A Strategic Guide to...
Download Now
Agentic AI Red Teaming Guide
Agentic AI Red Teaming Guide
Download Now
AI Organizational Responsibilities: AI Tools and Applications
AI Organizational Responsibilities: AI Tools an...
Download Now
View all publications
Protecting the Weakest Link: Why Human Risk Mitigation is at the Core of Email Security
Protecting the Weakest Link: Why Human Risk Mitigation is at the Co...
Published: 06/20/2025
NIST AI RMF: Everything You Need to Know
NIST AI RMF: Everything You Need to Know
Published: 06/17/2025
AI Agents vs. AI Chatbots: Understanding the Difference
AI Agents vs. AI Chatbots: Understanding the Difference
Published: 06/16/2025
The AI Trust Imperative: Why the CSA AI Trustworthy Pledge Matters Now More Than Ever
The AI Trust Imperative: Why the CSA AI Trustworthy Pledge Matters ...
Published: 06/12/2025
View all blogs
Cloudbytes Webinar Series
Cloudbytes Webinar Series
January 1 | Online
Learn more
View all webinars

Acknowledgements

Candy Alexander
Candy Alexander
Executive Cybersecurity Advisory, Alexander Cyber Advisory Services

Candy Alexander

Executive Cybersecurity Advisory, Alexander Cyber Advisory Services

Candy Alexander is an internationally recognized cybersecurity leader with over 35 years of experience driving strategic security initiatives for global organizations. As a strategic cybersecurity executive consultant, she not only specializes in helping organizations elevate their cyber risk management and security programs, but also instills confidence in her clients with her ability to align cybersecurity programs to achieve business obj...

Read more

Eray ALTILI
Eray ALTILI
Cyber Security Architect

Eray ALTILI

Cyber Security Architect

Renu Bedi
Renu Bedi
Manager-IT Security

Renu Bedi

Manager-IT Security

Hongtao Hao
Hongtao Hao
Cybersecurity Expert, KPMG

Hongtao Hao

Cybersecurity Expert, KPMG

Onyeka Illoh Headshot Missing
Onyeka Illoh

Onyeka Illoh

Gian Kapoor
Gian Kapoor
Principal Enterprise Architect

Gian Kapoor

Principal Enterprise Architect

Chris Kirschke
Chris Kirschke
Cloud Portfolio Information Security Officer at Albertsons Companies

Chris Kirschke

Cloud Portfolio Information Security Officer at Albertsons Companies

Security Leader with over 20+ years of experience across Financial Services, Streaming, Retail and IT Services with a heavy focus on Cloud, DevSecOps and Threat Modeling. Advises multiple security startups on Product Strategy, Alliances and Integrations. Sits on multiple Customer Advisory Boards helping to drive security product roadmaps, integrations and feature developments. Avid hockey player, backpacker and wine collector in his spare t...

Read more

Meghana Parwate
Meghana Parwate
Management Consultant

Meghana Parwate

Management Consultant

Rangel Rodrigues
Rangel Rodrigues
BISO | Information Security and Risk | CISSP | CCSP | CCSK | CCZT

Rangel Rodrigues

BISO | Information Security and Risk | CISSP | CCSP | CCSK | CCZT

As a Security Architect, I am responsible for identifying and documenting risks that may impact the business and addressing them regularly with business units. I have more than 15 years of experience in information security, compliance, and cloud technologies, working with diverse industries and clients across Latin America and US.

I also have experience in designing and managing technical compliance programs using frameworks and reg...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012, Michael Roza has been a pivotal member of the Cloud Security Alliance (CSA) family. He has contributed to over 140 projects, as a Lead Author or Author/Contributor and many more as a Reviewer/Editor.

Michael's extensive contributions encompass critical areas including Artificial Intelligence, Zero Trust/Software Defined Perimeter, Internet of Things, Top Threats, Cloud Control Matrix, DevSecOps, and Key Management. His lea...

Read more

Lars Ruddigkeit
Lars Ruddigkeit
Account Technology Strategist, Swiss FedGov

Lars Ruddigkeit

Account Technology Strategist, Swiss FedGov

Lars Ruddigkeit completed his PhD in Chemistry at the University of Bern in 2013 with a focus on computer-aided drug design. He began his professional career at Accenture in technology consulting in Big Data and Data Science. At UBS, he specialized in operational machine learning and cybersecurity as a machine learning architect in the Financial Service industry. He is a contributor to the Cloud Security Alliance working groups for Zero Tru...

Read more

MJ Schwenger
MJ Schwenger
vCIO/CISO, RCP

MJ Schwenger

vCIO/CISO, RCP

Maria (MJ) Schwenger is a seasoned Information Security Executive. She leverages her deep expertise across cybersecurity, privacy & compliance, AI/Generative AI, cloud modernization, and software development to spearhead transformative digital journeys. Renowned for her leadership in integrating emerging technologies like AI/GenAI, DevSecOps/SRE, Blockchain, IoT/Edge, and cloud-native optimization, she seamlessly unlocks innovative business...

Read more

Bhuvaneswari Selvadurai
Bhuvaneswari Selvadurai
Information Risk and Cybersecurity Lead

Bhuvaneswari Selvadurai

Information Risk and Cybersecurity Lead

Accomplished and resourceful executive with an exceptional track record in leading comprehensive security programs and risk management initiatives for top-tier institutions. Bringing years of combined and collaborative leadership expertise, I specialize in establishing and managing defense-in-depth security solutions tailored for retail companies, financial institutions, and healthcare clients.

Read more

Nishanth Singarapu Headshot Missing
Nishanth Singarapu
Principal – Cyber Security Architecture, Neustar

Nishanth Singarapu

Principal – Cyber Security Architecture, Neustar

Dr. Chantal Spleiss
Dr. Chantal Spleiss

Dr. Chantal Spleiss

Balancing Innovation & Regulation in Life Sciences, Technical Sciences, and Industry

Dr. Chantal Spleiss is an AI expert and Senior Consultant in Pharma/MedTech with an emphasis on cybersecurity.

Chantal's vast experience in different fields helps her connect the dots and explore terrains beyond the beaten track. She is a practical person with a determined focus on getting things done, done right, and in a timely manner. She lov...

Read more

Eric Tierling Headshot Missing
Eric Tierling

Eric Tierling

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Udith Wickramasuriya Headshot Missing
Udith Wickramasuriya

Udith Wickramasuriya

Jan Gerst
Jan Gerst
Cybersecurity Subject Matter Expert, Charter Communications

Jan Gerst

Cybersecurity Subject Matter Expert, Charter Communications

MSMIT Cloud, MBA, MSMIT Cybersecurity

CSA CSP CCSK 

Cornell University - Technology Leadership | Business Management 

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training