CSAIChaptersEventsBlog
Join CSA, RSAC, and UNLV for a one-day summit in Las Vegas exploring how AI is reshaping enterprise cybersecurity →

AI Controls Matrix v1.1: Strengthening the Foundation for Trustworthy AI

Published 07/14/2026

AI Controls Matrix v1.1: Strengthening the Foundation for Trustworthy AI
Written by Marina Bregkou, Principal Research Analyst, Associate VP, CSA.

The Cloud Security Alliance (CSA) recently announced the release of the AI Controls Matrix (AICM) v1.1, a significant update to our comprehensive framework for secure and trustworthy AI systems. Building on the strong foundation established with the original AICM release in 2025, this update expands our control coverage, includes a dedicated Model Security domain, AI-specific security controls, and delivers complete mappings to the world's major AI governance frameworks, including the EU AI Act, NIST AI RMF, and ISO 42001.

 

Why Your Organization Needs AICM v1.1

AI systems continue to amplify security risks across the enterprise: model manipulation, data poisoning, sensitive data disclosure, supply chain disruption, and machine speed vulnerabilities discovery and exploitation remain persistent challenges. The rapid adoption of AI agents and the entering into force of laws and regulations will further increase complexity. In this context, organizations are facing a governance void that needs to be addressed. Organizations need a vendor-agnostic, comprehensive security control framework that keeps pace with both the threat landscape and the regulatory environment.

AICM v1.1 delivers exactly that: 247 control objectives across 18 domains, with clear ownership models, lifecycle coverage from preparation to retirement, and pre-mapped alignment to every major AI security standard and regulation.

 

What's New in AICM v1.1

Expanded Control Coverage

AICM v1.1 expands from 243 to 247 control objectives, with refined specifications synchronized with CCM v4.1. This ensures organizations can maintain unified cloud and AI governance under a single, coherent framework.

 

Model Security (MDS) Domain

A key structural differentiator, (introduced in v1.0 and retained in v1.1) is the Model Security (MDS) domain — an entirely new domain specific to AI/ML model protection. With 13 AI-specific and AI related controls, MDS addresses threats amplified by generative AI systems, including:

  • Model poisoning and manipulation
  • Prompt injection attacks
  • Unauthorized model access
  • Model weights protection
  • Inference security

 

Updated AI-CAIQ v1.1

The AI Consensus Assessment Initiative Questionnaire has been updated to 320 questions, providing comprehensive coverage for AI security self-assessment and third-party evaluation aligned with v1.1 controls.

 

Complete Framework Mappings

AICM v1.1 now includes mappings to all major AI governance frameworks, each with detailed gap analysis identifying where AICM extends beyond target framework coverage:

Framework

No Gap

Partial Gap

Full Gap

Alignment with AICM

BSI AIC4

210 (85%)

34 (14%)

3 (1%)

★★★★★ Highest

ISO/IEC 42001: 2023

145 (59%)

97 (39%)

5 (2%)

★★★★ High

EU AI Act

50 (20%)

112 (45%)

85 (34%)

★★★ Moderate

NIST AI RMF & AI 600-1

18 (7%)

119 (48%)

110 (45%)

★★ Lower

Key insight: Security control frameworks (BSI AIC4, ISO 42001) show high alignment, while risk and regulatory frameworks (EU AI Act, NIST) show expected gaps and AICM provides the implementation controls they intentionally omit.

 

New AIUC-1 Mapping

AICM v1.1 introduces mapping to AIUC-1 (the security standard built for agentic AI systems), covering enterprise risk for autonomous AI systems, a critical addition as agentic AI deployments accelerate.

 

Understanding the Framework Mappings

AICM and ISO 42001

ISO 42001 is a management system standard that defines requirements and high-level control objectives for AI governance. AICM specifies how to operationalize those requirements. With 59% No Gap coverage and only 2% Full Gap, AICM serves as an implementation bridge for ISO 42001. Organizations pursuing ISO 42001 certification can use AICM's 247 controls as actionable guidance.

 

AICM and NIST AI RMF & AI 600-1

The 45% Full Gap with NIST frameworks is expected and by design. NIST AI RMF and AI 600-1 are risk frameworks, not control catalogs. They focus on AI lifecycle governance and intentionally delegate infrastructure security to companion frameworks like NIST SP 800-53. AICM bridges this gap with actionable controls for datacenter security, key management, business continuity, and interoperability.

 

AICM and EU AI Act

EU AI Act compliance requires more than regulatory alignment. The Act focuses on AI-specific obligations like transparency, risk assessment, human oversight, but does not prescribe infrastructure security. AICM fills this operational security gap, providing the datacenter, encryption, endpoint, and operational controls organizations need to securely deploy AI systems that meet EU AI Act requirements.

 

AICM and BSI AIC4

With 85% No Gap coverage, BSI AIC4 and AICM share a common architectural foundation: cloud security controls extended for AI. Organizations certified against BSI AIC4 (or C5) will find AICM highly complementary, with minimal additional control implementation required.

 

AICM and CCM: A Unified Governance Model

AICM is a superset of CCM v4.1, ensuring organizations can govern cloud and AI systems under a single framework. Key differences:

  • IVS → I&S (Renamed): CCM's "Infrastructure & Virtualization Security" domain is renamed "Infrastructure Security" in AICM. The scope and controls are otherwise identical.
  • MDS (New): AICM introduces "Model Security" as an entirely new domain specific to AI/ML model protection.

This architecture means existing CCM implementations can be extended to cover AI systems without starting from scratch.

 

The Complete AICM v1.1 Package

The v1.1 release includes everything organizations need to implement and assess AI security:

  1. AICM v1.1 Controls Spreadsheet: 247 control objectives with Type, Ownership, Relevance, Lifecycle, and Threat mapping
  2. AI-CAIQ v1.1: 320 self and third-party assessment questions
  3. Implementation Guidelines: Practical guidance for control implementation by stakeholder role (Model Provider, Application Provider, Orchestrated Service Provider, AI Customer, Cloud Service Provider)
  4. Auditing Guidelines: Assessment recommendations for control verification
  5. Framework Mappings: Complete mappings to ISO 42001, NIST AI RMF & AI 600-1, EU AI Act, BSI AIC4, and AIUC-1.

 

How to Use AICM v1.1

Four Steps to Secure Your AI Systems

  1. SCOPE -  Identify your AI systems: What do you need to protect?
  2. SELECT - Choose which controls apply based on your role and systems
  3. IMPLEMENT - Put the controls in place using the Implementation Guidelines
  4. ASSESS - Check your compliance using the AI-CAIQ questionnaire

 

Strategic Implementation Roadmap for CISOs

Implementation Timeline

 

The Path Forward: From Assessment to Certification

AICM v1.1 is a cornerstone of CSA's comprehensive approach to trustworthy AI:

  • Download the AICM v1.1 Package - Get started with implementation today
  • Complete the AI-CAIQ v1.1 - Assess your current AI security posture
  • Achieve STAR for AI Level 1 - Submit your self-assessment to the STAR Registry
  • Pursue STAR for AI Level 2 - Achieve third-party audit certification
  • Provide feedback -  Help us continue evolving the framework

 

Acknowledgments

AICM v1.1 represents the collective expertise of the Security Controls Catalog Working Group and the broader CSA research community. We extend our gratitude to all contributors, reviewers, experts and organizations who provided feedback on the initial release and helped shape this update.

The release of AICM v1.1 marks another milestone in CSA's mission to secure AI systems across the enterprise. With expanded controls, complete framework mappings, and the new Model Security domain, organizations now have the most comprehensive, actionable framework available for building trustworthy AI.

Download AICM v1.1 today

Share this content on your favorite social network today!

Unlock Cloud Security Insights

Unlock Cloud Security Insights

Choose the CSA newsletters that match your interests:

Subscribe to our newsletter for the latest expert trends and updates