Platform / Supply Chain Governance
FR EN

Platform

Supply Chain Governance

Supply-chain governance: control the models, dependencies and third-party components of the AI stack.

Plane
Platform
Flow steps
3
Frameworks
OWASP LLM03 · NIST 800-53 · NIST AI 600-1

Technology

Why use it

Know and verify all third-party components (models, libraries, data, MCP servers) entering the system.

Why it matters to security

The AI supply chain is a major attack surface: a compromised model or dependency = a compromised system.

Implementations SBOM / AIBOMSigstoredependency scannersvendor review

You inherit the security of everything you integrate.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Component inventory (SBOM / AIBOM).
    NIST 800-53 CM-8OWASP LLM03:2025
    You can’t secure a chain whose links you don’t know.
  • Model and dependency provenance.
    NIST 800-53 SR-4
    Every component has a verifiable origin.
  • Dependency vulnerability scanning.
    NIST 800-53 RA-5
    Known-vulnerable components are identified.

Enterprise

Enterprise standard
  • Component authenticity (signatures).
    NIST 800-53 SR-11
    Verify a component wasn’t tampered with in transit.
  • Vendor contractual and process controls.
    NIST 800-53 SR-3
    Security requirements are imposed upstream.
  • Third-party model risk assessment.
    NIST AI 600-1 GV-6.1-001
    An external model is assessed before integration.

Advanced

High-assurance / regulated
  • Continuous chain-integrity verification.
    NIST 800-53 SI-7 · SR-4
    Any component drift is detected continuously.
  • Approved-component policy (allow-list).
    NIST 800-53 CM-7
    Only vetted components reach production.
  • Vendor incident response.
    NIST AI 600-1 MG-4.1-002
    A vendor flaw triggers an action plan.

Architecture notes

  • A third-party model is a supply-chain component.details ▸
    Its compromise becomes yours.
    Require provenance, signing and a security evaluation before integrating any external model.

References

OWASP LLM03:2025
Supply Chain — third-party models, dependencies and data.
NIST SP 800-53 Rev5
CM-8, SR-3 (Supply Chain Controls), SR-4 (Provenance), SR-11 (Component Authenticity), RA-5, SI-7, CM-7.
NIST AI 600-1
GV-6.1 — third-party risk management.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone