Enforce Resource Limits on AI Models
AI models must have limits to prevent excessive resource use.
Plain language
This control is about setting boundaries on how much computer power or online resources an AI system can use. It's important because if an AI uses too many resources, it could slow down other systems or drive up costs unexpectedly.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for software developmentTopic
Unbounded ConsumptionOfficial control statement
Resource limits are enforced for artificial intelligence models.
Why it matters
Without enforced limits, AI models can exhaust CPU/GPU/RAM, degrading services and causing unplanned infrastructure and cloud spend.
Operational notes
Set per-model CPU/GPU/RAM quotas and concurrency caps; monitor utilisation and alerts, then tune limits as demand and forecasts change.
Implementation tips
- The IT manager should determine appropriate resource limits for AI models. They can start by analysing current usage patterns and estimating future needs. This means balancing performance with cost and considering any peak times of use.
- The system administrators should configure settings to enforce these limits. They can use tools available in the cloud platform or in-house systems to set maximum usage thresholds for CPU, memory, and network bandwidth.
- AI developers should design models with resource limits in mind. They should optimise the algorithms to ensure they require less computing power while still functioning effectively, and test these optimisations during the development phase.
- The finance officer should track resource usage over time to maintain budget control. They can use reports from cloud service providers that show resource consumption and costs, and compare them against the allocated budget.
- The risk management team should conduct regular reviews of AI resource usage. They should assess whether the current limits are appropriate, identify any trends that could indicate a future issue, and adjust limits if necessary.
Audit / evidence tips
-
Askdocumentation of current resource limits: Request a document or system configuration file showing the set resource limits for each AI model
Goodincludes detailed, current limits set for each model
-
Goodshows consistent usage within set limits
-
Askto see cost tracking reports related to resource usage: Verify this report with reference to previous months. Compare resource costs against the budget to ensure there are no unexpected spikes
Gooddisplays resource costs within the allocated budget
-
Goodprovides insight into adjustments made and their rationale
-
Gooddemonstrates proactive efforts to reduce resource demands
Cross-framework mappings
How ISM-2091 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.6 | ISM-2091 requires organisations to enforce resource limits specifically for artificial intelligence models to prevent excessive consumption | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.