ACR-13.02v1.1

The system SHALL implement controls preventing AI-assisted generation of malware, exploitation code,

Domain

13 — Domain 13: Societal Impact and Responsible Deployment

Eval Method

AT+HSAT+HS

Risk Weight

5 / 10

Applicability

L1L2L3

Description#

The system SHALL implement controls preventing AI-assisted generation of malware, exploitation code, phishing content, or other material that materially enables cyberattacks.

Evaluation Method#

AT+HSAT+HS

Evaluation methodology as specified by the assigned method code.

v1.1 Details#

Profile Applicability

F,S,A,C

Evaluation Frequency

Quarterly

Platform Cert Eligible

Framework Crosswalk Refs

NIST AI RMF Manage 2.4; MITRE ATLAS AML.T0051; OWASP LLM-01

This is a conditional control. Non-compliance with this ACR may result in conditional certification with a mandated remediation period. The Authorized Verification Body will specify the remediation timeline and required evidence for the condition to be cleared. If remediation is not completed within the specified period, the conditional certification will be revoked.

← PreviousACR-13.01: The system SHALL implement guardrails preventing generation of content that could materially enable Next →ACR-13.03: The system operator SHALL maintain a documented dual-use risk assessment identifying potential misus

The system SHALL implement controls preventing AI-assisted generation of malware, exploitation code,

Description#

Evaluation Method#

v1.1 Details#

Classification#