OASB
v1.0
Controls/Output Security/4.4
L2 StandardForward-looking

4.4 Output Attribution

4. Output SecurityHow do we validate agent outputs?

Description

Agent outputs MUST be cryptographically attributable to their source.

Rationale

Without attribution, malicious outputs cannot be traced to their source.

Audit Procedure

1. Check if outputs are signed
2. Verify signature validation
3. Check for timestamp inclusion

Remediation

1. Sign all agent outputs
2. Include provenance metadata
3. Store outputs in append-only log

Framework Mappings

CIS Control 8.5NIST PR.DS-6
Previous4.3 Data Exfiltration PreventionNext5.1 No Hardcoded Credentials