feat(C5): add just-in-time access provisioning control for AI resources (5.2.9)

[RicoKomenda]

Summary

Adds 5.2.9 to C5.2 (Authorization & Policy) to address a gap identified during OASB cross-referencing and review of NIST SP 800-207 (Zero Trust) and NIST AI RMF guidance.

New control:

Verify that privileged access to model weights, training pipelines, and production AI configuration is provisioned on a just-in-time basis with a defined maximum session duration and automatic expiry, every access session is logged with actor identity, justification, and resource scope, and permanent standing privileged access to these resources is not permitted.

Level: 2

Why this is needed

Existing controls (5.2.1, 5.2.2) cover RBAC/ABAC policy and logging of access modifications, but do not require JIT provisioning or prohibit permanent standing access. Permanent standing access to model weights and training pipelines is a significant attack surface: a compromised account with standing access can silently exfiltrate weights, inject poisoned training data, or alter production configuration without any time-bounded detection window.

JIT access is well-supported by PAM tooling (HashiCorp Vault, CyberArk, AWS IAM Identity Center temporary roles, Azure PIM) and is verifiable through access log inspection. This is AI-specific because model weights and training pipelines are the critical assets in an AI system that do not have a direct equivalent in a general web application.

Changes

• 1.0/en/0x10-C05-Access-Control-and-Identity.md: add 5.2.9, fix MD060 separator rows
• 1.0/en/0x93-Appendix-D_AI_Security_Controls_Inventory.md: add entry to AD.2