Feature request
Add 69 FinServ-specific GenAI security checks (64 standalone + 5 upstream
extensions) to the AIML Security Assessment, derived from the
AWS guide for Financial Services risk management of the use of Generative AI
(March 2026).
Why
Financial-services customers building GenAI workloads on AWS must demonstrate
controls aligned with SR 11-7, FFIEC CAT, NYDFS 500.06, PCI-DSS 12.3.2,
DORA Art.6, MAS TRM 9, ISO 27001 A.12, ECOA, and the OWASP LLM Top 10. The
AWS FinServ GenAI Risk Guide (March 2026) names specific AWS mitigations
across 15 risk categories that are not currently covered (or only partially
covered) by the existing 52 SM/BR/AC checks in this framework.
What
- 64 new standalone checks shipped in a new Lambda function
finserv_assessments/ (FS-01 through FS-69, with 5 IDs contributed as
upstream extensions instead).
- 5 upstream-extension edits to existing checks rather than duplicate
them:
- FS-17 → SM-07 (Model Monitor data quality)
- FS-18 → SM-23 (Model drift detection)
- FS-19 → SM-22 (Model Registry approval workflow)
- FS-23 → BR-06 (Knowledge Base data-plane CloudTrail logging)
- FS-64 → BR-04 (Guardrail trace logging)
- 6 material gap checks (FS-64 to FS-69) covering mitigations called out
in the Guide but absent from FS-01..63 and the existing BR/SM/AC checks:
guardrail trace logging, KB data-source S3 event notifications, AgentCore
end-user identity propagation, agent financial transaction value
thresholds, API Gateway request body size limits, and prompt input
validation.
Risk categories covered (15 total)
| Range |
Category |
PDF § |
| FS-01 to FS-06 |
Unbounded Consumption |
§1.2.11 |
| FS-07 to FS-11 |
Excessive Agency |
§1.2.9 |
| FS-12 to FS-16 |
Supply Chain Vulnerabilities |
§1.2.12 |
| FS-17 to FS-21 |
Training Data & Model Poisoning |
§1.2.14 |
| FS-22 to FS-26 |
Vector & Embedding Weaknesses |
§1.2.15 |
| FS-27 to FS-30 |
Non-Compliant Output |
§1.2.1 |
| FS-31 to FS-34 |
Misinformation |
§1.2.3 |
| FS-35 to FS-38 |
Abusive or Harmful Output |
§1.2.4 |
| FS-39 to FS-42 |
Biased Output |
§1.2.5 |
| FS-43 to FS-46 |
Sensitive Information Disclosure |
§1.2.6 |
| FS-47 to FS-50 |
Hallucination |
§1.2.7 |
| FS-51 to FS-54 |
Prompt Injection |
§1.2.8 |
| FS-55 to FS-58 |
Improper Output Handling |
§1.2.13 |
| FS-59 to FS-60 |
Off-Topic & Inappropriate Output |
§1.2.2 |
| FS-61 to FS-63 |
Out-of-Date Training Data |
§1.2.10 |
| FS-64 to FS-69 |
Material Gap Checks (cross-category) |
— |
Deliverables
- New Lambda
functions/security/finserv_assessments/ (app.py, schema.py,
requirements.txt).
- Updates to
template.yaml, template-multi-account.yaml,
statemachine/aiml_security_assessments.asl.json,
deployment/1-aiml-security-member-roles.yaml,
deployment/aiml-security-single-account.yaml, and
functions/security/generate_consolidated_report/app.py.
- Extensions to the existing BR-04, BR-06, SM-07, SM-22, and SM-23 check
implementations (non-breaking detection/remediation refinements).
- New reference docs under
docs/: SECURITY_CHECKS_FINSERV_COMMON.md,
SECURITY_CHECKS_FINSERV_PART1_INFRA_CONTROLS.md,
SECURITY_CHECKS_FINSERV_PART2_GUARDRAILS_CONTENT_SAFETY.md,
SECURITY_CHECKS_FINSERV_PART3_APP_LAYER_AND_GAPS.md, and an updated
mappings CSV.
Implementation status
Implementation is complete in a personal fork. A PR will follow shortly
from mehtadman87/sample-aiml-security-assessment#feature/finserv-risk-checks
targeting this repo's main.
Acceptance criteria
Feature request
Add 69 FinServ-specific GenAI security checks (64 standalone + 5 upstream
extensions) to the AIML Security Assessment, derived from the
AWS guide for Financial Services risk management of the use of Generative AI
(March 2026).
Why
Financial-services customers building GenAI workloads on AWS must demonstrate
controls aligned with SR 11-7, FFIEC CAT, NYDFS 500.06, PCI-DSS 12.3.2,
DORA Art.6, MAS TRM 9, ISO 27001 A.12, ECOA, and the OWASP LLM Top 10. The
AWS FinServ GenAI Risk Guide (March 2026) names specific AWS mitigations
across 15 risk categories that are not currently covered (or only partially
covered) by the existing 52 SM/BR/AC checks in this framework.
What
finserv_assessments/(FS-01 through FS-69, with 5 IDs contributed asupstream extensions instead).
them:
in the Guide but absent from FS-01..63 and the existing BR/SM/AC checks:
guardrail trace logging, KB data-source S3 event notifications, AgentCore
end-user identity propagation, agent financial transaction value
thresholds, API Gateway request body size limits, and prompt input
validation.
Risk categories covered (15 total)
Deliverables
functions/security/finserv_assessments/(app.py, schema.py,requirements.txt).
template.yaml,template-multi-account.yaml,statemachine/aiml_security_assessments.asl.json,deployment/1-aiml-security-member-roles.yaml,deployment/aiml-security-single-account.yaml, andfunctions/security/generate_consolidated_report/app.py.implementations (non-breaking detection/remediation refinements).
docs/:SECURITY_CHECKS_FINSERV_COMMON.md,SECURITY_CHECKS_FINSERV_PART1_INFRA_CONTROLS.md,SECURITY_CHECKS_FINSERV_PART2_GUARDRAILS_CONTENT_SAFETY.md,SECURITY_CHECKS_FINSERV_PART3_APP_LAYER_AND_GAPS.md, and an updatedmappings CSV.
Implementation status
Implementation is complete in a personal fork. A PR will follow shortly
from
mehtadman87/sample-aiml-security-assessment#feature/finserv-risk-checkstargeting this repo's
main.Acceptance criteria
templates.
finserv_security_report_{execution_id}.csv.semgrep, secrets scan).