Monitor third-party access

Implement systems to monitor third party access

Keywords

Access

Logins

Application

Optional

Frequency

Every 12 months

Type

Preventative

Crosswalks

AML-M0024: AI Telemetry Logging

Article 72: Post-Market Monitoring by Providers and Post-Market Monitoring Plan for High-Risk AI Systems

GOVERN 1.5: Risk monitoring and review

MANAGE 4.1: Post-deployment monitoring

LLM03:25 - Supply Chain

LLM05:25 - Improper Output Handling

LLM06:25 - Excessive Agency

LLM10:25 - Unbounded Consumption

AIS-10: API Security

LOG-05: Audit Logs Monitoring and Response

UEM-14: Third-Party Endpoint Security Posture

TVM-05: External Library Vulnerabilities

Control activities

Typical evidence

Configuring logging for third-party interactions. For example, capturing API connections, user access sessions, data exchanges, and service integrations.

Capturing access metadata. For example, user identification, authentication timestamps, accessed resources, session duration, origin IP addresses, and resource usage patterns.

E009.1 Config: Third-party access monitoring

Screenshot of logging system or SIEM configuration showing third-party interactions being monitored with captured metadata - may include cloud logging interface (Google Cloud Logging, AWS CloudWatch, Azure Monitor) showing logged API requests with timestamps/IPs/user agents, access logs capturing authentication events and resource access, or SIEM dashboard displaying third-party connection monitoring with relevant metadata fields.

AIUC-1 is built with industry leaders

"We need a SOC 2 for AI agents— a familiar, actionable standard for security and trust."

Phil Venables

Former CISO of Google Cloud

"Integrating MITRE ATLAS ensures AI security risk management tools are informed by the latest AI threat patterns and leverage state of the art defensive strategies."