← Policy gallery

cms_zero_trust_for_ai

ai-risk-management security pure_temporal ai-governancecmsfederalhealthcaresupply-chain-securityrag-red

AI tools that can make outbound requests are constrained by data minimization and network segmentation to contain the blast radius.

Formula

G(ai_outbound_capable → data_minimization ∧ network_segmented)

Why it matters

CMS Zero-Trust Architecture for AI: perform threat modeling, segment networks, and apply data minimization so an AI tool accesses only the resources strictly necessary.

Examples

passes the CMS AI rule's evidence is present

fails the required control is absent

Use it

ponens policies add cms_zero_trust_for_ai --into ./trace.json
ponens trace check ./trace.json