CCC.Vector.C03: Enforce Metadata-Level Access Controls
Control ID:CCC.Vector.C03
Title:Enforce Metadata-Level Access Controls
Objective:Apply access control policies to metadata fields used in filtering to
prevent unauthorized exposure or inference.
Control Family:
Vector Indexing
Related Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.Vector.TH03 | Cross-modal or Metadata Leakage | Attackers may infer sensitive information through metadata filters or by correlating embeddings across modalities (e.g., voice and face), bypassing surface-level access controls. | 1 | 1 | 0 |
| CCC.Core.TH01 | Access is Granted to Unauthorized Users | Logic designed to give different permissions to different entities may be misconfigured or manipulated, allowing unauthorized entities to access restricted parts of the service, its data, or its child resources. This could result in a loss of data confidentiality or tolerance of unauthorized actions which impact the integrity and availability of resources and data. | 1 | 1 | 0 |
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Vector.F04 | Metadata Filtering | Supports structured filtering on metadata fields alongside vector similarity search queries. |
| CCC.Vector.F10 | Multi-modal Vector Support | Supports storing and searching across vectors derived from multiple modalities (e.g., text, image, audio). |
Guideline Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-DET-001 | 0 | AI Data Leakage Prevention and Detection |
FINOS-AIGF | AIR-PREV-012 | 0 | Role-Based Access Control for AI Data |
FINOS-AIGF | AIR-DET-016 | 0 | Preserving Source Data Access Controls in AI Systems |