付録 B: 参考情報

The following standards, frameworks, and publications are referenced throughout AISVS.

Standards and Frameworks

• NIST AI Risk Management Framework 1.0

• NIST SP 800-218A: Secure Software Development Practices for Generative AI

• ISO/IEC 42001:2023: AI Management Systems Requirements

• OWASP Application Security Verification Standard (ASVS)

• OWASP Top 10 for Large Language Model Applications

• OWASP Secure Coding Practices: Quick Reference Guide

• MITRE ATLAS: Adversarial Threat Landscape for AI Systems

Specifications and Protocols

• OAuth 2.1 (IETF Draft)

• OpenID Connect Core 1.0

• SPDX (Software Package Data Exchange)

• CycloneDX Bill of Materials Standard

• Model Context Protocol (MCP) Specification

Cryptographic Standards

• FIPS 140-3: Security Requirements for Cryptographic Modules

• NIST Post-Quantum Cryptography Standards

Privacy and Data Protection

• General Data Protection Regulation (GDPR)

• EU Artificial Intelligence Act

• California Consumer Privacy Act (CCPA)

Policy Engines

• Open Policy Agent (OPA)

• Cedar Policy Language