全部技能 分类浏览
← 返回
未分类 Key 中文

Enterprise AI Security Controls Assessment

Assess OT/ICS security posture across 30 controls in 6 principles — Business Driven, Risk Based, Enterprise Wide, Methodical, OT Security Focused, and OT Sec...
基于六大原则(业务驱动、风险导向、全企业覆盖、系统化、专注OT安全、OT安全优先)评估OT/ICS安全态势,涵盖6大原则30项控制措施。
krishnakumarmahadevan-cmd krishnakumarmahadevan-cmd 来源
未分类 clawhub v1.2.0 1 版本 100000 Key: 需要
★ 0
Stars
📥 527
下载
💾 0
安装
1
版本
#latest

概述

Enterprise AI Security Controls Assessment

Assess your organization's AI security posture across 12 enterprise domains — Identity & Access, Data Protection, Prompt Injection Defense, Model Protection, API Security, Agent Permissioning, Output Filtering, Monitoring & Anomaly Detection, Compliance Mapping, Incident Response, Encryption & KMS, and Risk Intelligence. Each domain covers 5 controls (60 total) and produces prioritized remediation guidance.

Usage

{
  "tool": "enterprise_ai_security_controls_assessment",
  "input": {
    "organization_name": "Acme Corp",
    "industry": "Financial Services",
    "ai_maturity": "intermediate",
    "domains_to_assess": ["identity_access", "prompt_injection_defense", "api_security"],
    "current_controls": {
      "identity_access": {
        "mfa_enabled": true,
        "rbac_implemented": false,
        "service_account_rotation": "manual"
      },
      "prompt_injection_defense": {
        "input_validation": "basic",
        "system_prompt_hardening": false,
        "canary_tokens": false
      }
    }
  }
}

Parameters

ParameterTypeRequiredDescription
----------------------------------------
organization_namestringName of the organization being assessed
industrystringIndustry vertical (e.g., Financial Services, Healthcare, Retail)
ai_maturitystringCurrent AI maturity level: beginner, intermediate, advanced
domains_to_assessarraySubset of domain keys to assess. Omit to assess all 12 domains
current_controlsobjectKey-value map of existing controls per domain (see domain keys below)

Domain Keys

KeyDomain
-------------
identity_accessIdentity & Access Control
data_protectionData Protection
prompt_injection_defensePrompt Injection Defense
model_protectionModel Protection
api_securityAPI Security
agent_permissioningAgent Permissioning
output_filteringOutput Filtering
monitoring_anomalyMonitoring & Anomaly Detection
compliance_mappingCompliance Mapping
incident_responseIncident Response
encryption_kmsEncryption & Key Management (KMS)
risk_intelligenceRisk Intelligence

What You Get

  • Domain-by-domain scorecard — maturity rating per domain (Initial / Developing / Defined / Managed / Optimizing)
  • Control gap analysis — which of the 60 controls are missing, partial, or implemented
  • Prioritized remediation roadmap — Quick Wins (0–30 days), Medium-term (30–90 days), Strategic (90+ days)
  • Compliance alignment — mapped to NIST AI RMF, ISO 42001, SOC 2, and GDPR where applicable
  • Executive summary — board-ready summary of AI security posture

Example Output

{
  "organization": "Acme Corp",
  "overall_maturity": "Developing",
  "overall_score": 42,
  "domain_scores": {
    "identity_access": { "score": 60, "maturity": "Defined", "gaps": 2 },
    "prompt_injection_defense": { "score": 20, "maturity": "Initial", "gaps": 4 },
    "api_security": { "score": 55, "maturity": "Developing", "gaps": 2 }
  },
  "top_risks": [
    "No system prompt hardening exposes models to override attacks",
    "RBAC not implemented — lateral movement risk across AI services",
    "No canary token monitoring for prompt exfiltration"
  ],
  "quick_wins": [
    "Enable RBAC on all AI service accounts (3 days)",
    "Deploy input sanitization layer before LLM endpoints (7 days)",
    "Rotate all AI API keys and set expiry policies (1 day)"
  ],
  "compliance_gaps": ["NIST AI RMF: GOVERN-1.1", "ISO 42001: 6.1.2", "SOC 2: CC6.1"]
}

API Reference

Base URL: https://portal.toolweb.in/apis/security/entaisecconass

EndpointMethodDescription
-------------------------------
/GETHealth check
/api/ai-security/assessPOSTRun full assessment
/api/ai-security/domainsGETList all 12 domain definitions
/api/ai-security/domain/{domain_key}GETGet details for a specific domain

Authentication: Pass your API key as X-API-Key header or mcp_api_key argument via MCP.

Pricing

PlanDaily LimitMonthly LimitPrice
-----------------------------------------
Free5 / day50 / month$0
Developer20 / day500 / month$39
Professional200 / day5,000 / month$99
Enterprise100,000 / day1,000,000 / month$299

About

ToolWeb.in — 200+ security APIs, CISSP & CISM certified, built for enterprise AI security practitioners.

Platforms: Pay-per-run · API Gateway · MCP Server · OpenClaw · RapidAPI · YouTube

版本历史

共 1 个版本

  • v1.2.0 当前
    2026-05-02 05:35 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

it-ops-security

Web Vulnerability Assessment

krishnakumarmahadevan-cmd
生成全面的Web应用漏洞评估,包含OWASP标准检查清单、修复指南及测试脚本。
★ 0 📥 1,137
it-ops-security

Data Privacy Checklist

krishnakumarmahadevan-cmd
评估20个控制领域63项措施的数据隐私合规性,涵盖治理、同意、安全、泄露响应及供应商管理等。
★ 0 📥 816
professional

Iso42001 Aims Readiness

krishnakumarmahadevan-cmd
评估 ISO/IEC 42001:2023 AI 管理体系(AIMS)准备情况,生成合规差距分析并制定整改路线图。用于评估 AI 治理...
★ 0 📥 788

Skill工具集 © 2026