NVIDIA AI Workbench Shared Security Model
NVIDIA Docs Hub  NVIDIA AI Workbench  NVIDIA AI Workbench  NVIDIA AI Workbench Shared Security Model
Version 1.0.0
Date 2024.03.18
Note

This shared security model is for the NVIDIA AI Workbench General Availability Release of March 15, 2024.

Definitions

AI Workbench Application (The Software)

All of the files for the core application, including the three binaries (nvwb-cli, wb-svc, credential-manager) and the Desktop App, as well as application configuration and log files.
Supported Operating Systems (Operating System):

The operating systems and versions for which the AI Workbench Application can be installed for the General Availability Release. The current operating systems and versions are Windows 11; Windows 10 (Build 19041 or Higher); Ubuntu 22.04; and macOS 12 (Monterrey) or higher.
NVIDIA Software & Services

NVIDIA software or services required to use, or used in the course of working with The Software. Includes, but is not limited to, the NVIDIA drivers and NVIDIA Container Toolkit, as well as services such as NVIDIA GPU Cloud. Excludes the AI Workbench Application.
Third-Party Application Dependencies (System Dependency)

The third-party software required to install and use the AI Workbench Application on a Supported Operating System. Each Operating System has its list of third-party dependencies. Excludes NVIDIA Software.
Default Base Images

A specific list of NVIDIA-provided container images hosted in NGC that are presented as a list to the user for selection on Project creation. Excludes container images a user or organization uses outside of the specific list.
NVIDIA Base Images

The container images from NVIDIA are available in the NGC Open Catalog or NVIDIA AI Enterprise Catalog. Excludes the Default Base Images.
Non-NVIDIA Base Images

All container images outside of the Default Base Images and NVIDIA Base Images.
Example Projects

The set of NVIDIA-provided Workbench Projects is made available on GitHub.
User Modifications

Environment or file changes made by users or organizations to alter Project Base Images or Example Projects. Includes, but is not limited to, user modifications to a Project Environment via package installs, or the inclusion of User Generated Data into a Project.
Third-Party Integrations

The web services for which users can enable authentication for the AI Workbench Application to use. Currently restricted to GitHub.com and GitLab.com.
User Content

All information, data and files entered by users into a Workbench Project or created by them while working in a Workbench Project.
Sensitive Data

Credentials or secrets such as API keys or SSH that are stored, processed or managed by an individual or organization are confidential and only accessible to authorized users with proper permissions or privileges to view or use them.
Local Machine

A device with The Software installed that is in the physical possession of an end user.
Remote Machine

A bare metal or virtual device with The Software installed that is accessed over a network.

NVIDIA Responsibilities

As the provider of The Software and the Default Base Images, NVIDIA is responsible for the following.

  1. Software Release Updates

    1. Providing updates for vulnerabilities and product improvements of the AI Workbench Application and making them available to users and organizations.

    2. Notifying users and organizations of these updates promptly within the application.

    3. Secure delivery and signing of The Software and updates.

  2. Documentation

    1. Providing documentation on installation and operation of The Software and the Default Base Images.

  3. Default Base Images

    1. For high & critical CVEs in published Default Base Images, we will update the affected image to address the CVE. When the updates are ready, we will publish the updated image with a new tag.

    2. Users working with a Default Base Image that has been updated, for any reason not just CVEs, will get a notification in The Software.

End User and Organization Responsibilities

As the user of The Software and Default Base Images, you are responsible for the following.

  1. Performing Updates

    1. Ensuring you update The Software and any dependencies:

      1. The Software.

      2. NVIDIA Software.

      3. Third Party Dependencies.

  2. Security of users’ environment

    1. Vulnerability management.

    2. Implementing appropriate security controls.

  3. Data Controls & Protection

    1. Ensuring the proper controls and procedures are in place for User Content and Sensitive Data. This includes, but is not limited to, not committing Sensitive Data to Projects.

    2. Ensuring protection against data loss through regular backups.

    3. All creation, modification and deletion operations to User Content and Sensitive Data.

    4. All User Modifications to Projects.

  4. Updating Default Base Images

    1. Updating any Default Base Images following in-app notifications about updates to Default Base Images.

  5. Local & Remote Machines

    1. Responsibility for security includes but isn’t limited to, physical and network access to the machines and verifying SSH fingerprints for Remote Machines.

  6. Abiding by End User License Agreements & Terms of Use

    1. Abiding by the End User License Agreement for the NVIDIA AI Workbench.

    2. Abiding by the End User License Agreements or Terms of Use for the NVIDIA Software & Services used by you or your organization. Includes, but is not limited to the TOU for NVIDIA GPU Cloud

    3. Abiding by the End User License Agreement for the NVIDIA Base Images.

Previous NVIDIA AI Workbench Data Privacy and Data Collection
Next Install AI Workbench
© Copyright © 2024, NVIDIA Corporation. Last updated on Apr 29, 2024.