Governance Research

AICM v1.1: Cloud Security Alliance Releases Major Update to AI Controls Matrix

On June 23, 2026, the Cloud Security Alliance released AICM v1.1, a comprehensive control framework for secure Generative AI and LLM systems in cloud environments. Building on CCM v4.1, it includes 247 controls across 18 domains, a new Model Development Security (MDS) domain, updated AI-CAIQ with 320 questions for STAR Level 1 submissions, and detailed mappings to major standards. The framework emphasizes a Shared Security Responsibility Model (SSRM) across CSP, MP, OSP, AP, and AIC actors, plus lifecycle, architectural, and threat relevance matrices. This bundle provides implementation and auditing guidelines, taxonomy, and practical tools for organizations to assess, implement, and demonstrate AI controls. Highly relevant for enterprise teams evaluating governance platforms, monitoring tools, and compliance solutions.

Updated on June 23, 2026
AICM v1.1: Cloud Security Alliance Releases Major Update to AI Controls Matrix

The Cloud Security Alliance released AICM v1.1 on June 23, 2026, marking a significant evolution of its dedicated AI security and governance control framework. This version builds directly on the foundation of AICM v1.0 (July 2025) and synchronizes closely with the Cloud Controls Matrix (CCM) v4.1. It introduces important enhancements including a new Model Development Security (MDS) domain, refined control specifications, updated mappings to key standards and regulations, and an expanded AI Consensus Assessments Initiative Questionnaire (AI-CAIQ).

AICM v1.1 is structured around the full Generative AI / LLM service stack, covering Cloud/GenAI Ops infrastructure, Foundation Models, Orchestrated Services, and AI Applications. The framework provides 247 controls organized into 18 security domains and is designed to help organizations implement, assess, and demonstrate responsible AI practices across the supply chain. A core component is the Shared Security Responsibility Model (SSRM), which defines typical responsibilities for five primary actors: Cloud Service Providers (CSP), Model Providers (MP), Orchestrated Service Providers (OSP), Application Providers (AP), and AI Customers (AIC).

The entire bundle — including the main spreadsheet with nine tabs, detailed Implementation and Auditing Guidelines, comprehensive mappings, taxonomy definitions, and supporting PDFs — offers a complete toolkit. It explicitly cautions that applicability matrices, ownership assignments, and architectural relevance indicators are high-level simplifications that must be adapted to specific contractual agreements, organizational structures, and technical environments. This release strengthens practical usability for internal audits, vendor due diligence, regulatory compliance, and STAR Registry submissions.

Key Findings

  • AICM v1.1 introduces a total of 247 controls organized across 18 security domains, representing a substantial expansion and refinement from v1.0, with the addition of the new Model Development Security (MDS) domain that delivers 13 dedicated AI-specific controls focused on model architecture, training data security, weights protection, guardrails implementation, and secure inference processes.

  • The framework establishes a comprehensive Shared Security Responsibility Model (SSRM) that clearly delineates typical ownership responsibilities among five key actors — Cloud Service Providers (CSP), Model Providers (MP), Orchestrated Service Providers (OSP), Application Providers (AP), and AI Customers (AIC) — across the four primary GenAI service delivery layers, while explicitly stating that these assignments are high-level simplifications that must be customized according to specific contractual agreements.

  • The accompanying AI-CAIQ v1.1 contains 320 assessment questions directly aligned with the 247 controls, structured to support formal STAR for AI Level 1 self-assessments, with mandatory fields for YES/NO/NA responses, SSRM ownership identification, and recommended detailed evidence in both service provider implementation descriptions and customer responsibilities.

  • Every control in the matrix is enriched with multiple layers of metadata, including control type classification (Cloud-Specific, Cloud & AI Related, or AI-Specific), architectural relevance to six CSA AI Reference Model components (physical, network, compute, storage, application, and data), lifecycle stage applicability, organizational function relevance, and relevance to nine key threat categories such as model manipulation, data poisoning, sensitive data disclosure, and insecure supply chain.

  • The Mappings tab provides detailed gap analysis and compensating control recommendations against five major frameworks and regulations — NIST AI 600-1 & RMF, ISO 42001 (complemented by ISO 27001/27002), EU AI Act, BSI AIC4, and AIUC-1 — helping organizations identify and address compliance shortfalls systematically.

  • Implementation Guidelines and Auditing Guidelines offer practical, role-specific best practices for all five SSRM actors, emphasizing risk-based planning, automation where possible, annual reviews upon significant changes, secure SDLC processes, input/output validation, sandboxing techniques, and continuous monitoring — while clearly stating these recommendations are not exhaustive.

  • The LLM Taxonomy tab provides essential definitions for assets, lifecycle phases (from data preparation through service retirement), threat categories, control types, and detailed breakdowns of the GenAI service stack, enabling consistent understanding and application of the framework across different organizational contexts.

  • AICM v1.1 synchronizes closely with CCM v4.1, resulting in title updates, control renumbering, new controls (including enhancements in DCS, LOG, and SEF domains), and strengthened guidance for audit logs sanitization, datacenter operations resilience, and incident records management.

  • The framework explicitly supports both self-auditing and third-party assessments, with dedicated Auditing Guidelines that align control evaluation procedures to relevant standards and include remediation tracking, reporting to stakeholders, and evidence review processes.

  • Change Log documentation reveals extensive updates in v1.1, including 4 new controls, removal of one control, significant renumbering, reclassification of several controls from AI-Specific to Cloud & AI Related, and expanded architectural and lifecycle relevance for multiple domains.

  • The entire bundle stresses that all applicability, ownership, and relevance matrices are high-level simplifications intended to be revised by users based on their specific environments, contracts, technologies, and organizational structures, reinforcing the need for contextual adaptation rather than rigid application.

  • Practical tools for real-world use are included, such as the STAR for AI Level 1 submission guide, detailed AI-CAIQ filling instructions with evidence expectations (policies, model cards, red-team results, risk assessments), and comprehensive acknowledgments of contributors from industry, ensuring the framework reflects broad consensus.

What the Report Covers

The AICM v1.1 bundle is a rich, multi-document package designed for comprehensive AI control management. The primary Excel spreadsheet contains nine tabs. The central AICM tab lists all 247 controls with full specifications, Control Domain, Title, ID, and extensive applicability matrices. These include Typical Control Applicability and SSRM Ownership across the four GenAI service delivery layers and five actors, Architectural Relevance (TRUE/FALSE for physical, network, compute, storage, application, and data components), Organizational Relevance (across functions like Cybersecurity, Architecture, Legal/Privacy, etc.), Lifecycle Relevance, and Threat Category relevance.

Supporting tabs provide critical context: the Introduction explains structure and usage notes; the LLM Taxonomy defines assets, lifecycle phases, threat categories, control types, and detailed GenAI stack components (from data and infrastructure through models, orchestrated services, to applications). Implementation Guidelines and Auditing Guidelines offer role-specific (CSP, MP, OSP, AP, AIC) recommendations and assessment procedures, stressing risk-based approaches, automation, annual reviews upon significant changes, and best practices without claiming exhaustiveness.

The AICM Scope Applicability (Mappings) tab delivers three-column gap analysis (Control Mapping, Gap Level: No/Partial/Full Gap, Addendum) for major frameworks and regulations. The separate AI-CAIQ spreadsheet contains 320 questions with full guidance for completion, including strict rules for answers and evidence columns. Accompanying PDFs include the 56-page Introduction Guidance (with executive summary, cheat sheet, SSRM actor definitions, and domain descriptions), Filling in the AI-CAIQ Instructions, and the STAR for AI Level 1 Submission Guide detailing account setup, form requirements, and submission process.

Additional tabs cover Acknowledgments and a detailed Change Log documenting all v1.1 modifications. Together, these materials cover scoping, control selection, implementation, auditing, self-assessment, regulatory mapping, and continuous improvement — forming a complete operational framework for AI governance programs.

Our Take

AI Governance Take

From an AI governance perspective, AICM v1.1 delivers a structured, actionable foundation that organizations can use to move beyond policy documents toward enforceable, auditable controls. The framework’s emphasis on the full lifecycle, clear SSRM ownership assignments, and rich metadata (architectural, threat, and organizational relevance) enables governance teams to build connected programs that integrate with security, monitoring, and compliance layers.

Teams should start by using the applicability matrices and taxonomy to define scope for their specific GenAI environments, then customize SSRM ownership based on actual contracts and architecture. The MDS domain provides much-needed focus on model development risks that many existing programs overlook. Implementation and auditing guidelines supply practical steps for policy establishment, risk assessment, secure development, and evidence generation — all aligned with the AI-CAIQ’s evidence expectations for credible STAR submissions.

For vendor evaluation and procurement, AICM serves as an excellent benchmark. Governance leaders can ask providers to map their capabilities against key controls in areas such as input/output validation, sandboxing, cache protection, model cards, audit management, and supply chain transparency. The mappings to standards like ISO 42001, NIST AI RMF, and EU AI Act help identify and close compliance gaps systematically.

Overall, AICM v1.1 raises the bar for what constitutes a mature AI governance program. It encourages organizations to treat governance as an active, technical discipline involving registries, ownership, runtime controls, pre-failure signal monitoring, and continuous validation. Enterprises adopting this framework will be better positioned to manage agentic risks, demonstrate accountability to stakeholders and regulators, and build trustworthy AI systems at scale. GAIG readers should consider AICM a core reference when assessing governance platforms and building internal control environments.

Related Articles

The State of AI in the Enterprise A Deloitte report Governance Research

Mar 3, 2026

The State of AI in the Enterprise A Deloitte report

Read More
ValidMind Publishes Governing Agentic AI in Financial Services Governance Research

Mar 30, 2026

ValidMind Publishes Governing Agentic AI in Financial Services

Read More
MIND and CISO ExecNet Research Report: Data Trust Is the Decisive Factor in AI Success Governance Research

Apr 9, 2026

MIND and CISO ExecNet Research Report: Data Trust Is the Decisive Factor in AI Success

Read More

Stay ahead of Industry Trends with our Newsletter

Get expert insights, regulatory updates, and best practices delivered to your inbox