Skip to content

[FinServAssessments] Add 69 FinServ GenAI risk checks (FS-01 to FS-69) #21

Description

@mehtadman87

Feature request

Add 69 FinServ-specific GenAI security checks (64 standalone + 5 upstream
extensions) to the AIML Security Assessment, derived from the
AWS guide for Financial Services risk management of the use of Generative AI
(March 2026)
.

Why

Financial-services customers building GenAI workloads on AWS must demonstrate
controls aligned with SR 11-7, FFIEC CAT, NYDFS 500.06, PCI-DSS 12.3.2,
DORA Art.6, MAS TRM 9, ISO 27001 A.12, ECOA, and the OWASP LLM Top 10. The
AWS FinServ GenAI Risk Guide (March 2026) names specific AWS mitigations
across 15 risk categories that are not currently covered (or only partially
covered) by the existing 52 SM/BR/AC checks in this framework.

What

  • 64 new standalone checks shipped in a new Lambda function
    finserv_assessments/ (FS-01 through FS-69, with 5 IDs contributed as
    upstream extensions instead).
  • 5 upstream-extension edits to existing checks rather than duplicate
    them:
    • FS-17 → SM-07 (Model Monitor data quality)
    • FS-18 → SM-23 (Model drift detection)
    • FS-19 → SM-22 (Model Registry approval workflow)
    • FS-23 → BR-06 (Knowledge Base data-plane CloudTrail logging)
    • FS-64 → BR-04 (Guardrail trace logging)
  • 6 material gap checks (FS-64 to FS-69) covering mitigations called out
    in the Guide but absent from FS-01..63 and the existing BR/SM/AC checks:
    guardrail trace logging, KB data-source S3 event notifications, AgentCore
    end-user identity propagation, agent financial transaction value
    thresholds, API Gateway request body size limits, and prompt input
    validation.

Risk categories covered (15 total)

Range Category PDF §
FS-01 to FS-06 Unbounded Consumption §1.2.11
FS-07 to FS-11 Excessive Agency §1.2.9
FS-12 to FS-16 Supply Chain Vulnerabilities §1.2.12
FS-17 to FS-21 Training Data & Model Poisoning §1.2.14
FS-22 to FS-26 Vector & Embedding Weaknesses §1.2.15
FS-27 to FS-30 Non-Compliant Output §1.2.1
FS-31 to FS-34 Misinformation §1.2.3
FS-35 to FS-38 Abusive or Harmful Output §1.2.4
FS-39 to FS-42 Biased Output §1.2.5
FS-43 to FS-46 Sensitive Information Disclosure §1.2.6
FS-47 to FS-50 Hallucination §1.2.7
FS-51 to FS-54 Prompt Injection §1.2.8
FS-55 to FS-58 Improper Output Handling §1.2.13
FS-59 to FS-60 Off-Topic & Inappropriate Output §1.2.2
FS-61 to FS-63 Out-of-Date Training Data §1.2.10
FS-64 to FS-69 Material Gap Checks (cross-category)

Deliverables

  • New Lambda functions/security/finserv_assessments/ (app.py, schema.py,
    requirements.txt).
  • Updates to template.yaml, template-multi-account.yaml,
    statemachine/aiml_security_assessments.asl.json,
    deployment/1-aiml-security-member-roles.yaml,
    deployment/aiml-security-single-account.yaml, and
    functions/security/generate_consolidated_report/app.py.
  • Extensions to the existing BR-04, BR-06, SM-07, SM-22, and SM-23 check
    implementations (non-breaking detection/remediation refinements).
  • New reference docs under docs/: SECURITY_CHECKS_FINSERV_COMMON.md,
    SECURITY_CHECKS_FINSERV_PART1_INFRA_CONTROLS.md,
    SECURITY_CHECKS_FINSERV_PART2_GUARDRAILS_CONTENT_SAFETY.md,
    SECURITY_CHECKS_FINSERV_PART3_APP_LAYER_AND_GAPS.md, and an updated
    mappings CSV.

Implementation status

Implementation is complete in a personal fork. A PR will follow shortly
from mehtadman87/sample-aiml-security-assessment#feature/finserv-risk-checks
targeting this repo's main.

Acceptance criteria

  • New Lambda wired into both single-account and multi-account SAM
    templates.
  • New Step Functions branch added to the parallel-assessments state.
  • IAM permissions scoped to the minimum required by the new checks.
  • Consolidated HTML report reads the new
    finserv_security_report_{execution_id}.csv.
  • All existing GitHub Actions checks pass (ruff, cfn-lint, pytest,
    semgrep, secrets scan).
  • Local ASH v3 scan with severity threshold MEDIUM exits clean.
  • Reviewed and approved by the team.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions