Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-DD-A: Stream A
P-DD-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-DD-B-1
P-DD-B-1: Are default privacy controls systematically implemented and documented?
No Privacy Engineering:
Developers and designers operate without privacy design patterns or reusable components.
Lack of Tools:
No standard tools for consent, purpose limitation, or data classification.
Reliance on Individuals:
Teams depend on personal initiative rather than embedded technical safeguards.
0
1
2
3
Description
No Privacy Engineering:
Developers and designers operate without privacy design patterns or reusable components.
Lack of Tools:
No standard tools for consent, purpose limitation, or data classification.
Reliance on Individuals:
Teams depend on personal initiative rather than embedded technical safeguards.
P-DD-B-2
P-DD-B-2: Is privacy by design fully embedded and continuously improved across the entire AI lifecycle?
Reusable Components:
Privacy design patterns and libraries (e.g., consent modules, data masking APIs) are made available.
Process Guidance:
Templates and checklists guide teams through privacy requirements in design and development phases.
Shared Tooling:
Teams use shared SDKs for compliant data handling and user control mechanisms.
0
1
2
3
Description
Reusable Components:
Privacy design patterns and libraries (e.g., consent modules, data masking APIs) are made available.
Process Guidance:
Templates and checklists guide teams through privacy requirements in design and development phases.
Shared Tooling:
Teams use shared SDKs for compliant data handling and user control mechanisms.
P-DD-B-3
P-DD-B-3: Are comprehensive default privacy settings proactively managed and regularly audited?
Embedded PETs:
Privacy-enhancing technologies (PETs) like differential privacy and synthetic data are provided by default.
Integrated Safeguards:
Privacy controls are embedded into design systems and dev workflows.
Continuous Metrics:
Metrics on privacy defaults and user control coverage are continuously monitored and improved.
0
1
2
3
Description
Embedded PETs:
Privacy-enhancing technologies (PETs) like differential privacy and synthetic data are provided by default.
Integrated Safeguards:
Privacy controls are embedded into design systems and dev workflows.
Continuous Metrics:
Metrics on privacy defaults and user control coverage are continuously monitored and improved.