Home
Browse frameworks
Contact us
SAMMY premium
Sign in
AIMA
Browse AIMA
AIMA
ASPICE Cybersecurity
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
CRA Framework
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
PCI DSS 4.0.1
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
P-CT-A: Stream A
P-CT-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
P-CT-B-1
P-CT-B-1: Are structured mechanisms in place to facilitate user control over personal data?
Inconsistent UI:
UI elements for control (e.g. toggles, preferences) are ad hoc and hard-coded.
No Design Standards:
No reusable components or design guidelines for transparency.
Limited User Access:
Users cannot access or manage their data effectively.
0
1
2
3
Description
Inconsistent UI:
UI elements for control (e.g. toggles, preferences) are ad hoc and hard-coded.
No Design Standards:
No reusable components or design guidelines for transparency.
Limited User Access:
Users cannot access or manage their data effectively.
P-CT-B-2
P-CT-B-2: Is comprehensive transparency proactively maintained, with ongoing user communication and updates?
Standardized Interfaces:
Common UI patterns are introduced for preferences, opt-ins/outs, and data visibility.
Process Integration:
Consent and disclosure flows are reviewed in design and development phases.
Consistent Access:
APIs are used to give users access, edit, and delete data consistently.
0
1
2
3
Description
Standardized Interfaces:
Common UI patterns are introduced for preferences, opt-ins/outs, and data visibility.
Process Integration:
Consent and disclosure flows are reviewed in design and development phases.
Consistent Access:
APIs are used to give users access, edit, and delete data consistently.
P-CT-B-3
P-CT-B-3: Are advanced user control mechanisms fully integrated, continuously improved, and audited for effectiveness?
Adaptive Components:
Dynamic UI components adapt transparency and control options based on user needs.
Feedback-Driven Design:
Feedback loops inform design updates based on user behavior and satisfaction.
Comprehensive Control Panels:
Privacy dashboards and granular controls are standard in all user-facing systems.
0
1
2
3
Description
Adaptive Components:
Dynamic UI components adapt transparency and control options based on user needs.
Feedback-Driven Design:
Feedback loops inform design updates based on user behavior and satisfaction.
Comprehensive Control Panels:
Privacy dashboards and granular controls are standard in all user-facing systems.
✕