AARM Alignment¶
AARM (Autonomous Action Runtime Management) is an open system specification from the Cloud Security Alliance for securing AI-driven actions at runtime — intercept, authorize, and audit before execution.
This page maps AARM concepts to sections of the MLSecOps Practical Reference Guide. It is complementary alignment, not an official AARM document or conformance claim. For normative requirements, use the AARM specification.
Mapping¶
| AARM | MLSecOps |
|---|---|
| Runtime Authorization | Chapter 8 — Agentic AI Security |
| Context | Chapter 7 (retrieval / prompt context) · Chapter 8 (agent memory) · Chapter 11 — Evidence Pack (audit receipts) |
| Intent | Intent Gate (Ch.8) |
| Runtime Monitoring | Chapter 10 — Monitoring, SOC, and IR |
| Threat Model | Chapter 2 — Scope and Threat Model |
| Implementation | Appendix E — Implementation Reference |
AARM requirements (quick cross-ref)¶
| AARM requirement | MLSecOps pointer |
|---|---|
| R1 Pre-execution interception | Ch.8 — Intent Gate, tool policy |
| R2 Context accumulation | Ch.7, Ch.8 |
| R3 Policy + intent alignment | Ch.8 — Intent Gate |
| R4 Authorization decisions (allow / deny / modify / step-up / defer) | Ch.8 — HITL, scoped tools |
| R5 Tamper-evident receipts | Ch.11 — Evidence Pack |
| R6 Identity binding | Ch.2, Ch.8 |
| R7 Semantic distance / intent drift (Extended) | Ch.8, Ch.10 |
| R8 Telemetry export (Extended) | Ch.10 |
| R9 Least-privilege enforcement (Extended) | Ch.8 — scoped tools, MCP |
Related frameworks¶
- OWASP Agentic Security Initiative — Chapter 8
- OWASP AI Exchange — Chapter 1
- CSA MAESTRO — Chapter 15 References
Alignment page · MLSecOps Practical Reference Guide · not an AARM conformance statement