Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
M-GA-A: Stream A
M-GA-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
M-GA-B-1
M-GA-B-1: Are accountability and compliance regularly reviewed through structured assessments?
Undefined Ownership:
Data and AI model ownership unclear or not assigned.
Documentation Gaps:
Absence of consistent model documentation or reliable audit trails.
No Accountability:
AI outcomes lack clear accountability, oversight, and responsibility mechanisms.
0
1
2
3
Description
Undefined Ownership:
Data and AI model ownership unclear or not assigned.
Documentation Gaps:
Absence of consistent model documentation or reliable audit trails.
No Accountability:
AI outcomes lack clear accountability, oversight, and responsibility mechanisms.
M-GA-B-2
M-GA-B-2: Is data governance systematically integrated into organizational operations, continuously reviewed, and optimized?
Partial Ownership Assignment:
Data owners identified for select datasets and models.
Preliminary Documentation:
Initial attempts at systematic model documentation and traceability.
Informal Ethical Concerns:
Ethical and bias concerns acknowledged, though informally managed.
0
1
2
3
Description
Partial Ownership Assignment:
Data owners identified for select datasets and models.
Preliminary Documentation:
Initial attempts at systematic model documentation and traceability.
Informal Ethical Concerns:
Ethical and bias concerns acknowledged, though informally managed.
M-GA-B-3
M-GA-B-3: Is comprehensive accountability proactively managed, regularly audited, and documented?
Enforced Accountability:
Clearly enforced accountability with responsible AI review boards overseeing model and dataset use.
Incident Management:
Comprehensive incident tracking, documentation, and continuous audits for responsible AI practices.
Full Traceability:
End-to-end traceability from data sourcing to model decisions, with explicit, accountable roles.
0
1
2
3
Description
Enforced Accountability:
Clearly enforced accountability with responsible AI review boards overseeing model and dataset use.
Incident Management:
Comprehensive incident tracking, documentation, and continuous audits for responsible AI practices.
Full Traceability:
End-to-end traceability from data sourcing to model decisions, with explicit, accountable roles.