Orchestration / HITL Approval
FR EN

Orchestration

HITL Approval

Human-in-the-loop approval: a human approves sensitive actions before they execute.

Plane
Orchestration
Flow steps
6
Frameworks
NIST AI 600-1 · NIST 800-53 · OWASP LLM06

Technology

Why use it

Insert a human decision point on high-impact or high-risk actions.

Why it matters to security

Turns a PDP obligation (“permit-with-obligations”) into a concrete guardrail against automated irreversible action.

Implementations approval queuesSlack / Teams workflowdedicated agent UIs

The more irreversible the action, the more a human must decide.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Manual approval for irreversible actions.
    NIST 800-53 AC-3OWASP LLM06:2025
    Delete, pay, external send: no automation.
  • Full context shown to the approver.
    NIST AI 600-1 MS-2.3-003
    Deciding without seeing the request and its effects is blind approval.
  • Approval decision logged.
    NIST 800-53 AU-2
    Who approved what, when must stay traceable.

Enterprise

Enterprise standard
  • Trigger thresholds defined per use case.
    NIST AI 600-1 GV-1.3-001
    The risk or amount above which a human steps in is written down.
  • Requester / approver separation of duties.
    NIST 800-53 AC-5
    The agent cannot be its own approver.
  • Expiry of pending requests.
    NIST 800-53 AC-12
    An approval not given in time fails safe (deny).

Advanced

High-assurance / regulated
  • HITL obligation driven by the PDP based on risk.
    NIST 800-53 AC-24
    The PDP requires a human only when risk warrants it.
  • End-to-end traceability (request → decision → effect).
    NIST 800-53 AU-10
    Non-repudiation ties the action to the human who allowed it.
  • Post-hoc review of approvals.
    NIST AI 600-1 MG-4.1-002
    Learn from past approvals to tune thresholds.

Architecture notes

  • Avoid “approval fatigue”.details ▸
    Too many requests and the human approves without reading.
    Reserve HITL for truly sensitive actions, or the control becomes a rubber stamp.

References

NIST AI 600-1
GV-1.3 (risk thresholds), MS-2.3 (context/verification), MG-4.1 (incident review).
NIST SP 800-53 Rev5
AC-3, AC-5 (Separation of Duties), AC-24, AU-10 (Non-repudiation).
OWASP LLM06:2025
Excessive Agency — HITL bounds automated action.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone