sample-aiml-security-assessment

Security Checks Reference

This document provides a comprehensive reference for all 116 security checks performed by the AI/ML Security Assessment framework (52 core checks across Amazon Bedrock, Amazon SageMaker AI, and Amazon Bedrock AgentCore, plus 64 Financial Services GenAI Risk checks).

Table of Contents


Overview

The framework evaluates your AI/ML workloads against AWS security best practices across three services:

Service Number of Checks Focus Areas
Amazon SageMaker AI 25 Security Hub controls, encryption, network isolation, IAM, MLOps
Amazon Bedrock 14 Guardrails, encryption, VPC endpoints, IAM permissions, logging
Amazon Bedrock AgentCore 13 VPC configuration, encryption, observability, resource policies
Financial Services GenAI Risk 64 Unbounded consumption, excessive agency, supply chain, training data poisoning, vector weaknesses, non-compliant output, misinformation, harmful output, biased output, PII disclosure, hallucination, prompt injection, improper output handling, off-topic output, out-of-date training data

Check ID Convention

Each security check has a unique identifier with a service prefix:

Prefix Service Example
SM-XX Amazon SageMaker SM-01, SM-25
BR-XX Amazon Bedrock BR-01, BR-14
AC-XX Amazon Bedrock AgentCore AC-01, AC-13
FS-XX Financial Services GenAI Risk FS-01, FS-69

Severity Levels

Severity Description Action Required
High Critical security issues that could lead to data exposure, unauthorized access, or compliance violations Immediate remediation recommended
Medium Important security improvements that strengthen your security posture Address in next maintenance window
Low Minor optimizations and best practice recommendations Address when convenient
Informational Advisory information about your configuration No action required
N/A Check not applicable (no resources to assess) No action required

Status Values

Status Description
Failed Security issue identified that requires remediation
Passed Checked resources met the assessed best practice at time of scan
N/A No resources exist to check (for example, no notebooks, no guardrails configured)

Amazon SageMaker AI Security Checks (25)

SM-01: Internet Access

SM-02: AWS IAM Permissions

SM-03: Data Protection

SM-04: Amazon GuardDuty Integration

SM-05: MLOps Features

SM-06: Clarify Usage

SM-07: Model Monitor

SM-08: Model Registry

SM-09: Notebook Root Access

SM-10: Notebook Amazon VPC Deployment

SM-11: Model Network Isolation

SM-12: Endpoint Instance Count

SM-13: Monitoring Network Isolation

SM-14: Model Container Repository

SM-15: Feature Store Encryption

SM-16: Data Quality Encryption

SM-17: Processing Job Encryption

SM-18: Transform Job Encryption

SM-19: Hyperparameter Tuning Encryption

SM-20: Compilation Job Encryption

SM-21: AutoML Network Isolation

SM-22: Model Approval Workflow

SM-23: Model Drift Detection

SM-24: A/B Testing and Shadow Deployment

SM-25: ML Lineage Tracking


Amazon Bedrock Security Checks (14)

BR-01: AWS IAM Least Privilege

BR-02: Amazon VPC Endpoint Configuration

BR-03: Marketplace Subscription Access

BR-04: Model Invocation Logging

BR-05: Guardrail Configuration

BR-06: AWS CloudTrail Logging

BR-07: Prompt Management

BR-08: Agent AWS IAM Configuration

BR-09: Knowledge Base Encryption

BR-10: Guardrail AWS IAM Enforcement

BR-11: Custom Model Encryption

BR-12: Invocation Log Encryption

BR-13: Flows Guardrails

BR-14: Stale Bedrock Access


Amazon Bedrock AgentCore Security Checks (13)

AC-01: Runtime Amazon VPC Configuration

AC-02: AWS IAM Full Access

AC-03: Stale Access

AC-04: Observability

AC-05: Amazon ECR Repository Encryption

AC-06: Browser Tool Recording

AC-07: Memory Encryption

AC-08: Amazon VPC Endpoints

AC-09: Service-Linked Role

AC-10: Resource-Based Policies

AC-11: Policy Engine Encryption

AC-12: Gateway Encryption

AC-13: Gateway Configuration


Additional Resources


Financial Services GenAI Risk Checks (64 additional, 5 upstream extensions)

These 64 standalone checks (FS-XX) extend the framework with Financial Services risk-management controls derived from the AWS User Guide to Governance, Risk, and Compliance for Responsible AI Adoption. An additional 5 FS checks are contributed as extensions to existing SM-07, SM-22, SM-23, BR-04, and BR-06 (see in-file extension notes).

The full catalog is in SECURITY_CHECKS_FINSERV.md, organized into three parts:

The same document includes the shared intro, severity rubric, validation note, upstream-overlap table, and the compliance framework mapping table (SR 11-7, FFIEC CAT, NYDFS 500.06, PCI-DSS 12.3.2, DORA Art.6, MAS TRM 9, ISO 27001 A.12, ECOA, OWASP LLM Top 10).