OASB
v1.0
Controls/Output Security/4.2
L1 EssentialAutomated verification

4.2 Action Confirmation for Destructive Operations

4. Output SecurityHow do we validate agent outputs?

Description

Destructive or irreversible operations MUST require explicit confirmation.

Rationale

Confirmation gates provide a checkpoint before irreversible damage occurs.

Audit Procedure

1. Identify destructive operations
2. Verify confirmation is required
3. Check confirmation cannot be bypassed

Remediation

1. Categorize operations by reversibility
2. Implement confirmation for irreversible ops
3. Log all confirmed actions

Framework Mappings

CIS Control 5.4NIST PR.AC-4
Previous4.1 Output ValidationNext4.3 Data Exfiltration Prevention