AWS
Google Cloud
Microsoft AzureOverview
AI services need clear ownership because they combine cloud permissions, model behavior, data paths, runtime cost, and business risk. Missing ownership makes triage, exception handling, and incident response slower.
Remediation guidance
Remediation
Add a consistent owner tag such as owner, service-owner, or team to AI services and related model/data assets.
- Assign an accountable service owner.
- Add ownership tags through IaC or provider tags.
- Use ownership during alert routing, review, and exception workflows.
Query logic
These are the stored checks tied to this control.
AI services should have owner tags
Connectors
AWSGoogle CloudMicrosoft Azure
Covered asset types
AI ServicesEndpointFeature StoreModel
Expected check: eq []
{
sageMakerNoteBooks(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
sageMakerModels(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
sageMakerEndpoints(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
sageMakerFeatureGroups(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureAIServiceAccounts(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureAIFoundryProjects(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureAISearchServices(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureAIVideoIndexerAccounts(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureBotServices(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureOpenAIDeployments(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureMachineLearningWorkspaces(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureMachineLearningEndpoints(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureMachineLearningModels(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
azureSynapseWorkspaces(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
vertexAIModels(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
vertexAIEndpoints(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
vertexAIDatasets(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
vertexAIFeaturestores(where: { tags_NONE: { key_MATCHES: "(?i)^(owner|service-owner|team)$" } }) { ...AssetFragment }
}
