2025大型語(yǔ)言模型供應(yīng)鏈安全要求

WorldDigitalTechnologyAcademyLargeLanguageModelSecurityRequirementsforSupplyChainWorldDigitalTechnologyAcademyWDTAAI-STR-Edition:2024-

世界數(shù)字技術(shù)學(xué)院（WDTAVersionStandardWDTAAI-STR-InitialWDTAAI-STR- 2024 初始發(fā)9WDTAAI-STR-AdjustedWDTAAI-STR- 2025年 調(diào)整后的審閱Asthedigitalageadvances,theintegrationofartificialintelligence,particularlylargelanguagemodels(LLMs),hasbecomeacornerstoneofmoderntechnologicalecosystems.Thesemodelsarenowpivotalinshapingindustries,drivinginnovation,andtransformingthewayweinteractwithtechnology.However,withthisrapidintegrationcomesanarrayofsecuritychallengesthatmustbeaddressedtoensurethesepowerfultools'safeandresponsibledeployment.TheWorldDigitalTechnologyAcademy(WDTA)haslongbeenattheforefrontofsettingglobalstandardsfordigitaltechnologyandinnovation.Ourcommitmenttofosteringasecureandinclusivedigitalworldisreflectedintherigorousdevelopmentofstandardsthatguidethedeploymentandmanagementofcutting-edgetechnologies.TheAISTR(Security,Trust,Responsibility)series,towhichthisdocumentbelongs,isacollectionofstandardsdesignedtoensurethatAItechnologiesareinnovative,secure,trustworthy,andethicallymanaged.ThesestandardsprovidecomprehensiveframeworksforaddressingthecomplexchallengesassociatedwithAIdeployment,focusingoncriticalaspectslikesafety,integrity,andresponsibleuse.AstheWDTAAI-STR-03standard,the"LargeLanguageModelSecurityRequirementsforSupplyChain"outlinescomprehensivemeasuresformanagingsecurityrisksacrossthesupplychainoflargelanguagemodels.Thisstandardcoverstheentirelifecycleofthesemodels,fromdevelopmentthroughdeployment,ensuringthateachphaseisrigorouslyscrutinizedforpotentialvulnerabilities.Byadheringtotheseguidelines,organizationscaneffectivelyprotecttheirAI-drivenoperationsfromemergingthreatsandcontributetoamoresecuredigitalWeextendourgratitudetotheexpertsandcontributorswhohaveworkeddiligentlytodevelopthisstandard.TheirexpertiseandcommitmenttoexcellenceensurethatWDTAcontinuestobealeaderinsettingthebenchmarkfordigitalsecurity.WeencourageallstakeholdersintheAIsupplychaintoadopttheseguidelines,helpingtobuildafuturewheretechnologicaladvancementgoeshandinhandwithsecurityandethicalresponsibility.

隨著數(shù)字時(shí)代的推進(jìn)，人工智能尤其是大語(yǔ)言模型（LLMs）的整合已成為現(xiàn)代技術(shù)世界數(shù)字技術(shù)學(xué)院（WDTA）AISTR（安全、信任、責(zé)任）AIWDTAAI?STR?03標(biāo)準(zhǔn)，《大型語(yǔ)言模型供應(yīng)鏈安全要求》全面規(guī)定了管理大知識(shí)和追求卓越的承諾確保了WDTA在數(shù)字安全基準(zhǔn)設(shè)定領(lǐng)域持續(xù)保持領(lǐng)先地位。Tableof Normative Termsand Artificial LargeLanguage Softwaresupply Opensource Third-party MachineLearning LargeLanguageModelInference LargeLanguageModelApplication DistributedComputing MachineLearningBillof OverviewofSupplyChainSecurityProtectionfor SupplyChainSecurityfor ObjectivesofSupplyChainSecurityManagementfor SupplyChainSecurityManagementfor Regulation OrganizationandPersonnel Supplier SupplyChainSecurityRequirementsfor Network SystemLayerSecurity OperatingSystemSecurity SystemSoftwareSecurity RuntimeEnvironmentSecurity PlatformandApplicationLayerSecurity GeneralSecurityRequirementsfor MachineLearningPlatformandModelInferenceFrameworkSecurity ModelApplicationFrameworkSecurity

MachineLearning LargeLanguageModelApplication LLMNetwork GeneralSecurityRequirementsfor ModelApplicationFrameworkSecurity SecurityRequirementsforDistributedComputing ModelLayerSecurity ModelAcquisitionSecurity ModelDeploymentandManagementSecurity ModelComplianceSecurity DataLayerSecurity DataSecurity DataComplianceSecurity DataMonitoringand

6.3.4SecurityRequirementsforDistributedComputing ModelLayerSecurity 7Thisdocumentpresentstheframeworkofsupplychainsecurityprotectionforlargelanguagemodels(LLMs),proposesrequirementsformanagingsupplychainsecurityrisksandsupplyactivitiesinvolvedinthedevelopment,operation,andmaintenance(O&M)ofLLMs,andprovidesrelevantinformationsuchascommonsupplychainsecurityrisksandtypicalsecurityThisdocumentcanguidesuppliersandconsumersinthesupplychainincarryingoutsecurityriskassessmentandmanagingsupplyactivities.Itcanalsoserveasafoundationforthird-partyorganizationsconductingsupplychainsecuritytestsandassessmentsforregulatoryNormativeThefollowingdocumentsconstituteessentialprovisionsofthisdocumentthroughnormativereferencesinthetext.Fordatedreferencedocuments,onlytheversioncorrespondingtothedateappliestothisdocument;forundatedreferencedocuments,thelatestversion(includingallamendments)appliestothisdocument.

護(hù)（O&M）過(guò)程中涉及的供應(yīng)鏈安全風(fēng)險(xiǎn)及供應(yīng)活動(dòng)管理提出要求，并提供常見供ISOISOSecuritymanagementsystemsforthesupplychain–Bestpracticesforimplementingsupplychainsecurity,assessmentsandplans–RequirementsandguidanceISO/IEC27036-Informationtechnology–Securitytechniques–Informationsecurityforsupplierrelationships–Part2:RequirementISO/IEC27036-Informationtechnology–Securitytechniques–Informationsecurityforsupplierrelationships–Part3:GuidelinesforinformationandcommunicationtechnologysupplychainISOISO/IEC27036-ISO/IEC27036-informationandcommunicationtechnologysupplychainNIST800-NIST800- InformationSystemsandOrganizationsNISTAIRMFArtificialIntelligenceRiskManagementISOISO/IEC42001isaninternationalstandardthatspecifiesrequirementsforestablishing,implementing,maintaining,andcontinuallyimprovinganArtificialIntelligenceManagementSystem(AIMS)withinorganizations.ItisdesignedforentitiesprovidingorutilizingAI-basedproductsorservices,ensuringresponsibledevelopmentanduseofAIsystems.ISO/IECInformationtechnology—Artificialintelligence—AIsystemlifecycleprocesses.ItisaninternationalstandardthatdefinesasetofprocessesandassociatedconceptsfordescribingthelifecycleofAIsystems.ThisstandardisparticularlyfocusedonAIsystemsbasedonmachinelearningandheuristicmethods.ItbuildsonexistingstandardslikeISO/IEC/IEEE15288andISO/IEC/IEEE12207,incorporatingAI-specificprocessesfromISO/IEC22989andISO/IEC230531.Thegoalistoprovideacomprehensiveframeworkforthedefinition,control,management,execution,andimprovementofAIsystemsthroughouttheirlifecycle.GB/T36637-Informationsecuritytechnology-GuidelinesfortheinformationandcommunicationtechnologysupplychainriskmanagementGB/T43698-Cybersecuritytechnology-SecurityrequirementsforsoftwaresupplychainNIST800-NISTAIRMFISOISO/IEC42001組織內(nèi)的系統(tǒng)（AIMS）。它是為實(shí)體設(shè)計(jì)的ISO/IEC它建立在ISO/IEC/IEEE15288等現(xiàn)有標(biāo)準(zhǔn)之上ISO/IEC/IEEE12207，整合了人工智能特定流程的GB/T36637-andcommunicationtechnologysupplychainriskGB/T43698-Cybersecuritytechnology-SecurityrequirementsforsoftwaresupplychainGB/T24420-GB/T24420-SupplychainriskmanagementGB/T32921-Informationsecuritytechnology-SecuritycriteriononsupplierconductofinformationtechnologyproductsGB/T24420-GB/T32921-信息安全技術(shù)?供應(yīng)商安全準(zhǔn)則TermsandThefollowingtermsanddefinitionsapplytothisArtificialArtificialintelligence(AI)isamultifacetedfieldwithincomputersciencefocusedoncreatingsystemsthatcanperformtaskstypicallyrequiringhumanintelligence.AnAIsystemisamachine-basedsystemthat,forexplicitorimplicitobjectives,infers,fromtheinputitreceives,howtogenerateoutputssuchaspredictions,content,recommendations,ordecisionsthatcaninfluencephysicalorvirtualenvironments.DifferentAIsystemsvaryintheirlevelsofautonomyandadaptivenessafterdeployment.LargeLanguageLarge-scale,pre-trainedandfine-tunedAImodelsthatcanunderstandinstructionsandgenerateoutputsacrossmultiplemodalities,includingbutnotlimitedtohumanlanguages,programcodes,images,andaudio,basedonlargeamountsofdata.Anorganizationorindividualdevelops,produces,augments,adapts,finetunes,provides,and/ordeployssoftwareproductsorservices.Softwaresupplythroughresourcesandprocessesbasedontherelationship.

人工智能（AI）是計(jì)算機(jī)科學(xué)中的一個(gè)多面領(lǐng)域，致力于開發(fā)能夠執(zhí)行通常需要人類智能的任務(wù)的系統(tǒng)。AIAIOpensourceAnorganizationandoperationmodefordevelopingandmaintainingopen-sourceThird-partyIndependentorcallablesoftwarecomponentsdevelopedbysoftwaredevelopmentorganizationsorpersonnelotherthansuppliersandconsumersusuallyconsistofbinaryorsourcecodeprogramfiles.MachineLearningAnintegratedenvironmentthatprovidessupportandtoolsfordeveloping,training,anddeployingmachinelearningmodels.LargeLanguageModelInferenceAnintegratedenvironmentdedicatedtodeploymentandtheperformanceofmodelLargeLanguageModelApplicationApplicationdevelopmentframeworkbasedonDistributedComputingAframeworkforprocessinglargeamountsofdatainparallelonmultipleMachineLearningBillofAlistofstandardizedmodelcards,models,datasets,datacards,systemcards,andothermaterialsinvolvedinbuildinganLLMmodel.

基于LLMLLM模型相關(guān)材料OverviewofSupplyChainSecurityProtectionforThemainobjectiveofthisdocumentistoidentify,evaluate,andmanagethesupplychainsecurityrisksintheLLMsystemlifecycle.LLMsmaybeusedinservices,operatedinwholeorinpartbythirdparties,orasproducts,receivedfromthirdparties,butnotoperatedbySupplyChainSecurityforThesupplychainusuallycoverstheprocurement,development,integration,andotherphasesofsoftwareandhardwareproducts.Itinvolvesproducers,suppliers,systemintegrators,serviceproviders,otherentities,andsoftenvironmentssuchastechnology,law,andstrategy.Unliketraditionalsupplychains,theLLMsupplychaincoverstheentirelifecycleoftheLLM,includingmodelandtrainingdataacquisition,trainingdatapreparation,modeltraining,fine-tuning,deployment,operationsandmaintenance(O&M),andotherstages.SupplychainsecuritymanagementforLLMsinvolvestwotypesofsecurityrequirements.Oneisgeneralsecurityrequirementsthroughoutthelifecycle,calledSupplyChainSecurityManagementforLLMs,suchasrequirementsforprocedures,organizations,personnel,andinformationsystemsrelatedtosupplychainsecuritymanagement.TheotherissecurityrequirementsrelatedtothesystemstructureofLLMs,calledsupplychainsecurityrequirementsforLLMs,whichincluderequirementsforthenetworklayer,systemlayer,platformandapplicationlayer,modellayer,anddatalayer.ObjectivesofSupplyChainSecurityManagementforIntegrity:Ensurethattheproductanditssystems,components,frameworks,models,data,andusedtoolsareprotectedagainstimplantation,tampering,orunauthorizedreplacementthroughouttheentirelifecycleofLLMproducts.Thisinvolvestheimplementationofrigorouscontrolsandcontinuousmonitoringateverystageofthesupplychain.Including,addressingcommonvulnerabilitiesinmiddlewaresecuritytopreventunauthorizedaccess,safeguardingagainsttheriskofpoisoningtrainingdatausedbyengineers,andenforcingazero-trustarchitecturetomitigateinternalthreats.Bymaintainingtheintegrityofeverystage,from

LLM系統(tǒng)生命周期中的供應(yīng)鏈安全風(fēng)險(xiǎn)。LLM可能被用于服務(wù)中，全部或部分由第三方運(yùn)營(yíng)，或作為產(chǎn)品從第三方接收，但不不同，LLM（大語(yǔ)言模型）LLM的整個(gè)生命周期，包括模型與訓(xùn)練數(shù)據(jù)獲取、訓(xùn)練數(shù)據(jù)準(zhǔn)備、模型訓(xùn)練、微調(diào)、部署、運(yùn)維（O&M）及其他階段。acquisitiontosupplierdeployment,consumersusingLLMscanensurethattheLLMproductsremainsecureandtrustworthy.Availability:Ensurethesupplychain'savailabilityforconsumers.Suppliersmustsupplymaterialsbyagreementsconcludedandsignedwithconsumerswithoutinterruptionbyhumanornaturalfactors.Additionally,theyshouldensurethatthesupplycanbepredictablyrecoveredtoanacceptablestateundercertainconditionsifitweretopartiallyfail.Confidentiality:Ensurethatinformationtransmittedalongthesupplychainisnotdisclosedtounauthorizedpersons,includinginformationabouttheconsumersthemselves.Controllability:Guaranteeconsumers'meaningfulcontroloverthesupplychain.Ensureconsumershaveanunderstandingofinformationinallphasesofthesupplychain,transparencyandcredibilityofsuppliers/serviceprovidersatalllevels,managementofdataflow,andtraceabilityofthesupplychain.Reliability:Ensurethesecurity,highavailability,andDisastertoleranceofLLMproductsandrelevantsystems,components,frameworks,models,anddata.Visibility:Ensuresupplychainsteps,changes,updates,anddeletionswitheverystepofthechangearetrackable,haveclearownership,andcanbetracedbackasneeded.Forexample,ifamodelisupdatedwithnewtrainingdata,thetrainingdataandthemodelbeforeandafterthetrainingshouldbedocumentedandtraceable.

LLM產(chǎn)品保持安全 SupplyChainSecurityManagementforRegulationFormulatesupplychainsecuritymanagementpoliciesandprocedures,includingbutnotlimitedtoriskmanagementregulations,processes,andmechanismsforsoftwaresupplyphasessuchasprocurement,delivery,andO&M.Formulateregulationsforcontinuousriskmonitoring,riskassessment,andincidentresponseforthesoftwaresupplychain.Theseregulationscancontainemergencyresponseprocedures,operationhaltingprocedures,systemrecoveryprocedures,timelynoticestobackwardandforwardsupplychainmembers,andothercontent.Conductsupplychainriskassessmentsregularly,formulateplans,andtakemeasurestoeliminateorreducerisks.TheseassessmentsshouldcoverallstagesoftheLLMsupplychain,identifyingpotentialvulnerabilitieslikethird-partyrisksordataintegrityissues.Usetheresultstodeveloptargetedmitigationstrategiesandupdatesecuritypolicies,ensuringcontinuousprotectionagainstemergingthreats.EstablishgovernanceframeworksforLLMdevelopmentthatenforcecompliancewithsecuritystandardsandindustrybestpracticesthroughoutthesupplychain.OrganizationandPersonnelProposesecurityrequirementsforsupplychainsecuritymanagementpersonnel,includingbutnotlimitedtoadministrators,architecturalengineers,AIengineers,DataScientists,ordinaryemployees,andthird-partypersonnel.Formulatesecuritytrainingplansandcarryoutregularsupplychainsecuritytraining.Thetrainingshouldinclude,withoutbeinglimitedto,softwareassetidentificationandanalysis,integrityguarantee,guardrails,andsoftwarevulnerabilityandbackdooranalysis.Conductsecurityawarenessandskilltrainingforallinternalemployeeswithadditionalspecializedtrainingforthoseinvolvedinsupplychainandsecuritymanagementsuch

制定針對(duì)軟件供應(yīng)鏈的持續(xù)風(fēng)險(xiǎn)監(jiān)控、風(fēng)險(xiǎn)評(píng)估和事件響應(yīng)的法規(guī)。這些法規(guī)可包procurement,informationsystemdevelopmentandmanagement,andproductO&Mbasedoncorrespondingsecurityrequirements.SupplierDevelopsupplierselectionstrategiesandregulationsandconductsecurityassessmentsofsuppliersforself-developedsoftware,customizedsoftware,off-the-shelfsoftware,anddifferentaspectsofothersoftwareaswell,includingbutnotlimitedtothebackground,capability,qualification,andcontinuousandsecureprovisionofproductsorservices.MaintainaninventoryofallAIsolutionsandassets,includingbutnotlimitedtoAIsourcesuppliers,supplychainmembers,modeltypes,internalowners,lastsecurityreviews,etc.Suppliersmustensureandattesttotheauthenticity,accuracy,andintegrityoftheinformationtransmittedalongthesoftwaresupplychainandtakemeasurestoavoidtamperingandleakage.Requiresupplierstocooperateinsecuritymonitoringandinspectionofthesoftwaresupplychain,includingthroughperiodicoron-demandindependentaudits.SupplyChainSecurityRequirementsforNetworkSegmentnetworkstoisolatecriticaldataandsystemsfromexternalandinternalnetworks:Implementnetworksegmentationtoreduceattacksurfaces,ensuringthatsensitiveinformationisinaccessiblefromunauthorizednetworkzones/unauthorizedresources,aligningwiththeZeroTrustprincipleofleastprivilege.Enforcesecureencryptionforallnetworkcommunications:Applyrobustencryptionprotocolsfordataintransittomaintainconfidentialityandintegrity,ensuringnocommunicationistrustedbydefault,evenwithininternalnetworks.Implementstrictaccesscontrolswithcontinuousmonitoring:Deploysecurityaccesscontrolsthatenforcetheleastprivilegeforaccessingcriticalinformationandservices,

Networkcontinuousloggingandmonitoringofaccesseventstodetectandrespondtopotentialthreatsinrealtime.Continuouslymonitorandanalyzenetworktrafficforanomalies:Utilizeadvancedmonitoringsolutionstoscrutinizenetworkactivitiescontinuously,swiftlyidentifyingandmitigatingabnormalbehaviorspertheMITREATT&CKandAtlasframework.Regularlyauditandmaintainnetworksecurityconfigurations:Conductcontinuoussecurityauditsandproactivemaintenanceonnetworkdevicessuchasrouters,switches,andfirewalls,ensuringthatpatchesandupdatesarepromptlyappliedtomitigatevulnerabilities,inlinewithZeroTrust'semphasisonongoingsecuritypostureassessment.SystemLayerSecurityThesystemlayermainlytargetsthesupplychainsecurityrequirementsfortheunderlyingLLMoperatingsystem,systemsoftware,andruntimeenvironment.OperatingSystemSecurityUpdatetheoperatingsystemregularlyandinstallsecuritypatchespromptlytopreventsystemsecurityvulnerabilityattacks.Establishasystemupdatemechanismandverificationprocesstoensurethatsecuritypatchesareinstalledpromptlyandaccurately.Implementaccesscontrolmeasurestomanagetheaccessofusersandprogramstooperatingsystemfunctions,includingbutnotlimitedtouserauthentication,authorization,andEstablishoperatingsystemsecuritymonitoringandprotectioncapabilitiestomonitorandpreventsuspiciousactivitiesorsecurityincidentsontime.SystemSoftwareSecurityInstallsystemsoftwarefromtrustedsourcesandverifyitsintegrityandUpdatesystemsoftwareregularlyandinstallsecuritypatchesintimetopreventsecurityvulnerabilityattacks.

MITREATT&CKAtlasLLMDigitalsignaturetechnologyshouldbeusedtoverifysoftwareConfiguresystemsoftwareaccordingtosecuritybestpracticestoavoidsecurityrisksfromdefaultconfigurations.RegularauditsandcompliancechecksofdevicesecurityconfigurationareRuntimeEnvironmentSecurityUsevirtualizationorcontainertechnologytocreateasecure,independent,andisolatedoperatingenvironmentforeachapplicationtoreducepossiblesecurityrisksandimpact.Deploycomprehensivemonitoringandanomalydetectionsystems,includingbutnotlimitedtoresourceusage,performancemetrics,andsecurityevents.Recordallcriticalruntimeactivitylogsandconductregularauditstopreventunauthorizedaccessandtampering.AudittheruntimeenvironmentregularlytoidentifyandfixsecurityconfigurationerrorsTheprocessingandstorageofsensitivedatashallbeconductedinatrustedcomputingPlatformandApplicationLayerSecurityTheplatformandapplicationlayerincludesmachinelearningframeworksandotherthird-partycomponentsandisthecriticalsupportenvironmentforoperatinglargelanguagemodels.GeneralSecurityRequirementsforManagethird-partycomponentsstrictlyintermsoftheirsourceandversiontoensuretimelyupdatesandpropersecurity.Conductregularsecuritychecksonthird-partycomponentsandupgradethempromptlytothelatestsecureversions.

Ensureimportedthird-partycomponentsundergosecurityreviews,includingcodeauditsanddependencyanalysis,topreventtheintroductionofcomponentswithsecurityrisks.Performfileparsinginasandboxorsimilarlyisolatedenvironmenttopreventsecurityrisksfrompotentialmemorycorruptionvulnerabilitiesintextparsingcomponents.Necessarylicensesandauthorizationsshouldbeobtainedbeforeusingthird-partycomponents.Ensurethatthecomponentsareusedlegallyandincompliancewithallrelevantcopyrightandusageagreements.EstablishandmaintainasoftwarebillofmaterialsMachineLearningPlatformandModelInferenceFrameworkSecurityRequirementsModelinferenceframeworksneedtobeusedduringmodeldeploymentandruntime.Atthisstage,themodelshallbeconsideredasanexecutableprogramandattentionshallbepaidtocodeexecutionrisksduringmodelinference.ConductsecurityanalysisandchecksonthemodelfilesbeforerunningtheContinuouslyvalidatemodelintegrityofaninferencingmodel.Anyauto-updatestomodelartifactsneedtobetracked.Implementatleastthetwo-personintegrityruletoanymodelartifactupdatestopreventunauthorizedactions.Whenusingthird-partymodels,carefullyenableparametersthattrustremotecode,suchas'trust_remote_code'intransformerslibrary,toreducetheriskofmaliciouscodeexecution.UsetrustedmodelfilestoavoidsecurityrisksarisingfromtheexecutionofmaliciousModelApplicationFrameworkSecurityKeysforinvokingLLMinterfacesshallnotbestoredinUseguardrailsandotherdetectivecontrolsinLLMapplicationstoimprovesteerabilityandreduceriskssuchaspromptinjection.

transformers調(diào)用LLMLLM應(yīng)用中使用防護(hù)欄和其他檢測(cè)控制措施，以提高可操控性并降低諸如提示W(wǎng)henusingcodeinterpretersorothercodeexecutiontools,employsecureisolationtechniquessuchascontainersorsandboxes.Filepathchecksshouldbeperformedtopreventpathtraversalvulnerabilitieswhenusingfileprocessingtools.Accesscontrolmeasuresshouldbetakentopreventunauthorizedoperationswhenusingdatabaseprocessingtools.SecurityRequirementsforDistributedComputingTheprimaryriskfordistributedcomputingframeworkscomesfromtheneedforpermissionchecksbetweenrootnodesandchildnodesinmanydistributedframeworks,allowingdevicesonthesamenetworktoconnectdirectlytonodesandsendcommands.Establishnetworkisolationtopreventpotentialexternalattackersfromaccessingdistributedcomputingnodes.Usesfirewallsandintrusiondetectionsystemstomonitorandcontroltrafficfromchildnodes.Decryptdatareceivedfromtherootnodeandencryptanydatasentbacktotherootnode.Employanauthorityverificationmechanismbetweentherootandchildnodestopreventmaliciousnodeconnectionsorcommandexecution.Userole-basedaccesscontroltoensurethatonlyauthorizedchildnodescancommunicatewiththerootnode.c.)RootNodesensurethattheentiredistributedframeworkadherestocybersecuritystandardssuchasNIST,CIS,ISO,andothers.Childnodescomplywiththerootnode’ssecuritypoliciesandstandards.ModelLayerSecurityModelAcquisitionSecurityObtainmodelfilesfromtrustedthirdpartiesandauthorizedmodelConductintegritychecksonmodelfilesobtainedfromthirdpartiestoensuretheyhavenotbeentamperedwithduringstorageandtransmission.

cNISTCISISOPerformsecuritychecks,includingpicklescanning,onmodelfilesobtainedfromthirdparties,topreventtheexecutionofmaliciouscodeorothersecurityrisks.ModelDeploymentandManagementSecurityDeploytoolstomonitormodelbehaviorandpromptlydetectandrespondtosuchEstablishandmaintainamachinelearningbillofmaterials(ML-BOM)regularly.TheML-BOMshoulddocumentmodelarchitectures,versionhistories,trainingandfine-tuningdatasetswiththeirsourcesandpreparationmethods,pre-trainedbasemodelsandtheirorigins,customalgorithmsortechniquesusedinmodeldevelopment,softwarelibraries,andtheirversions,hardwarespecificationsfortrainingandinferenceenvironments,andmodelcardswithperformancemetricsandintendedusecases.Implementasecure,version-controlledsystemfortheML-BOM,ensuringonlyauthorizedpersonnelcanaccessandmodifyitwhiletrackingchangesovertimetosupportauditingandenablerollbackifnecessary.IntegratetheML-BOMwithexistingdevelopmentanddeploymentpipelinesforautomaticupdates.UtilizetheML-BOMtofacilitatesupplychainriskassessments,complianceaudits,andincidentresponse,enablingquickidentificationofaffectedcomponentsincaseofasecurityevent.LeveragetheML-BOMforenhancedsecuritymeasuresbyusingittoverifytheintegrityofmodelcomponentsduringdeployment,cross-referencingitwithvulnerabilitydatabasestoproactivelyidentifypotentialrisks,andemployingitinconjunctionwithmonitoringtoolstodetectunexpectedchangesinmodelbehaviorthatmightindicateasupplychainattack.RegularlyupdatetheML-BOMtoreflectanychangesinthemodeloritscomponents,ensuringitremainsacurrentandaccuraterepresentationoftheLLM'ssupplychain.ModelComplianceSecurityEnsurethatmodeldevelopmentanddeploymentprocessescomplywithrelevantregulationsandstandards.EvaluatemodelsusingresponsibleAIprinciples,includingharmandsafetycriteria,beforeadvancingfurtherdevelopment.

定期建立和維護(hù)機(jī)?學(xué)習(xí)材料清單（ML?BOM）ML?BOM應(yīng)記錄模型架構(gòu)、為ML?BOM實(shí)施一個(gè)安全的版本控制系統(tǒng)，確保只有授權(quán)人員才能訪問(wèn)和修改，同時(shí)跟蹤隨時(shí)間的變化以支持審計(jì)，并在必要時(shí)實(shí)現(xiàn)回滾。將ML?BOM與現(xiàn)有的開利用ML?BOM促進(jìn)供應(yīng)鏈風(fēng)險(xiǎn)評(píng)估、合規(guī)審計(jì)和事件響應(yīng)，以便在發(fā)生安全事件ML?BOM強(qiáng)化安全措施。ML?BOM，LLM供應(yīng)Whenutilizingthird-partymodels,itisrecommendedtoselectmodelswithdetaileddisclosurestopreventcopyrightinfringementorlegalissues.ClarifyliabilitiesclausesforOpenSourceandclosedvendormodels.DataLayerSecurityDatalayersecurityisthebasisforensuringthesecurityofthelargelanguagemodelsupplychainandinvolvesthesecurityofdatacollection,storage,processing,andtransmission.Thischapterdoesnotcoverthesecurityissuesofthird-partymodeltrainingdata.DataSecurityImplementaccesscontrolmeasurestoprotectdatafromunauthorizedUserole-basedaccesscontrol(RBAC)torestrictdataaccessbasedonuserrolesandEnforcetheprincipleofleastprivilege,grantingusersonlytheminimumnecessaryEncryptiontechnologyisusedtoensurethesecurityofdatastorageandConductdataconsistencychecksandintegrityverificationtoensurethattheconsistencyandintegrityofthedataarenotcompromisedthroughoutitslifecycle.Backupimportantdataregularlyandestablishaneffectivedisasterrecoveryplantoensurethatoperationscanbequicklyrestoredintheeventofdatalossorsystemfailure.ManagelineageandtraceabilityofalldatausedinMachinelearningusingdatacardsanddatacatalogs.DataComplianceSecurityInthetrainingstageofthemodel,reviewdatasourcesforsecuritytoensurethatalldatacomesfromlegitimate,reliablesources.Obtainthenecessarypermissionsandauthorizationsbeforeusingthird-partydata.Ensurethelegalityofdatausageandcompliancewithallrelevantcopyrightandusageagreements.

DataLayerSecurity采用基于角色的訪問(wèn)控制（RBAC），Desensitizeoranonymizesensitivedataidentifiedtoensurethatitsusedoesnotinfringeonpersonalprivacyorcorporatesecrets.Defineandpubliclydiscl