| MLOPS-01 | CI/CD Pipeline Security: Ensure secure practices are followed during model development and deployment. | 1. Review CI/CD pipeline configuration and code repository access controls.2. Verify that automated security scans (SAST/DAST) are integrated.3. Check for proper version control and rollback capabilities. | - CI/CD pipelines are secured and documented.- Security scans are run automatically.- Access to repositories is restricted and monitored. | - CI/CD configuration files- Security scan reports- Access logs from the version control system | NIST SP 800-53 (CM-6, SA-11), COBIT 2019 |
|---|
| MLOPS-02 | Container & Orchestration Security: Validate that container images and orchestration platforms are hardened. | 1. Review container image scanning reports.2. Evaluate Kubernetes (or other orchestration) configuration for secure defaults.3. Verify isolation and network segmentation. | - Containers are scanned for vulnerabilities.- Orchestration settings follow security best practices.- Isolation is enforced between application components. | - Container scanning reports- Kubernetes (or equivalent) configuration documents- Network segmentation diagrams | NIST SP 800-53 (CM-7), CIS Benchmarks |
|---|