Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
O-OM-A: Stream A
O-OM-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
O-OM-B-1
O-OM-B-1: Is operational effectiveness regularly assessed with improvements systematically implemented?
Basic Compliance Awareness
: Security and compliance concepts are understood but not formalized.
Ad Hoc Checks
: Security reviews are sporadic and undocumented.
Minimal Documentation
: Few written procedures or audit trails exist.
0
1
2
3
Description
Basic Compliance Awareness
: Security and compliance concepts are understood but not formalized.
Ad Hoc Checks
: Security reviews are sporadic and undocumented.
Minimal Documentation
: Few written procedures or audit trails exist.
O-OM-B-2
O-OM-B-2: Are operational processes fully integrated, consistently managed, and continuously refined?
Standardized Security Practices
: Security controls are documented and partially automated.
Regular Audits
: Periodic audits and compliance checks are initiated.
Policy Alignment
: Processes begin aligning with regulatory and organizational requirements.
0
1
2
3
Description
Standardized Security Practices
: Security controls are documented and partially automated.
Regular Audits
: Periodic audits and compliance checks are initiated.
Policy Alignment
: Processes begin aligning with regulatory and organizational requirements.
O-OM-B-3
O-OM-B-3: Is operational effectiveness proactively managed, comprehensively optimized, and regularly audited?
Automated Compliance Enforcement
: Continuous compliance monitoring is fully automated.
Integrated Security Audits
: Routine, detailed security audits with full traceability.
Proactive Threat Mitigation
: Threat detection and response are integrated into daily operations.
0
1
2
3
Description
Automated Compliance Enforcement
: Continuous compliance monitoring is fully automated.
Integrated Security Audits
: Routine, detailed security audits with full traceability.
Proactive Threat Mitigation
: Threat detection and response are integrated into daily operations.