-
Pin all dependency versions with hash verification Exact versions pinned in requirements.txt, lock files, and Dockerfiles. HIPAA 2026: Vulnerability mgmt
-
Audit what credentials your AI tools can access AI libraries restricted to only the credentials they require. HIPAA 2026: Access controls, encryption
-
Inventory AI dependencies as security-relevant assets AI packages included in your asset inventory with documented owners. HIPAA 2026: Asset inventory (mandatory)
-
Disable auto-mounted Kubernetes service account tokens Pods that don't need cluster API access have auto-mount disabled. HIPAA 2026: Network segmentation
-
Monitor CI/CD pipelines for unexpected package changes Build pipelines monitored for unauthorized updates and config changes. HIPAA 2026: Audit logging, vuln scans
-
Apply least-privilege RBAC to AI workloads AI processes run with minimum necessary permissions. HIPAA 2026: Access controls (mandatory)
-
Treat CI/CD environments as production CI/CD runners hardened with egress filtering, secret rotation, and audit logging. HIPAA 2026: Logging, segmentation
-
Verify BA security controls for AI/SaaS vendors AI and SaaS vendor security controls documented and verified. HIPAA 2026: BA verification (annual)
-
Validate 72-hour IR capability for supply chain events Team can detect, contain, and restore from a supply chain compromise within 72 hours. HIPAA 2026: Contingency plan
0 of 9
Your gaps
Save your results
Enter your work email to keep a copy of your score and recommendations.
We'll send your results. No spam. Unsubscribe anytime. Privacy Policy
Results saved.
Score recorded.