Pillar 1: Security Controls
Protect data and systems from unauthorized access, misuse, and exploitation.
Overview
Pillar 1 establishes the technical safeguards required to protect sensitive data when AI agents access, process, and generate content. These 28 controls address core risks including data leakage, unauthorized access, insufficient audit trails, inadequate encryption, and adversarial attacks—all critical concerns for regulated financial services environments.
Primary Regulatory Alignment: FINRA 4511 (recordkeeping), SEC 17a-3/4 (records retention), GLBA 501(b) (safeguards), SOX 302/404 (internal controls)
Control Categories:
| Category | Controls | Focus |
|---|---|---|
| Access Management | 1.1-1.4 | Agent publishing, connectors, permissions |
| Data Protection | 1.5-1.9 | DLP, sensitivity labels, retention, encryption |
| Monitoring & Detection | 1.10-1.14 | Compliance monitoring, insider risk, threat detection |
| Advanced Security | 1.15-1.23 | Encryption, IRM, endpoint DLP, RBAC, eDiscovery, network isolation, adversarial input, information barriers, step-up auth |
| Security Posture | 1.24 | Multi-cloud AI security posture management |
| Agent Content & Publishing | 1.25-1.28 | MIME type restrictions, file upload controls, content moderation, publishing restrictions |
Controls
- 1.1 Restrict Agent Publishing by Authorization
- 1.2 Agent Registry and Integrated Apps Management
- 1.3 SharePoint Content Governance and Permissions
- 1.4 Advanced Connector Policies (ACP)
- 1.5 Data Loss Prevention (DLP) and Sensitivity Labels
- 1.6 Microsoft Purview DSPM for AI
- 1.7 Comprehensive Audit Logging and Compliance
- 1.8 Runtime Protection and External Threat Detection
- 1.9 Data Retention and Deletion Policies
- 1.10 Communication Compliance Monitoring
- 1.11 Conditional Access and Phishing-Resistant MFA
- 1.12 Insider Risk Detection and Response
- 1.13 Sensitive Information Types (SITs) and Pattern Recognition
- 1.14 Data Minimization and Agent Scope Control
- 1.15 Encryption - Data in Transit and At Rest
- 1.16 Information Rights Management (IRM) for Documents
- 1.17 Endpoint Data Loss Prevention (Endpoint DLP)
- 1.18 Application-Level Authorization and RBAC
- 1.19 eDiscovery for Agent Interactions
- 1.20 Network Isolation and Private Connectivity
- 1.21 Adversarial Input Logging
- 1.22 Information Barriers for AI Agents
- 1.23 Step-Up Authentication for AI Agent Operations
- 1.24 Defender AI Security Posture Management (AI-SPM)
- 1.25 MIME Type Restrictions for File Uploads
- 1.26 Agent File Upload and File Analysis Restrictions
- 1.27 AI Agent Content Moderation Enforcement
- 1.28 Policy-Based Agent Publishing Restrictions
FSI Agent Governance Framework v1.3 - February 2026