Home
Browse frameworks
Contact us
SAMMY premium
Sign in
SAMMY UI is optimized for resolutions with a width 1024px and higher.
AIMA
Browse AIMA
AIMA
ASVS
BSIMM 15
CIS Critical Security Controls
Cloud Controls Matrix
Cybersecurity Fundamentals
Cybersecurity Fundamentals 2.0
DSOMM
NIS2
NIST 800-171 Rev 2
NIST 800-171 Rev 3
NIST 800-34
NIST 800-53 v5
NIST CSF 2.0
NIST SSDF
OpenSAMM1.5
SAMM
Secure Controls Framework
Responsible AI Principles
Ethical and Societal Impact
Transparency and Explainability
Fairness and Bias
Governance
Strategy and Metrics
Policy and Compliance
Education and Awareness
Data Management
Data Quality and Integrity
Data Governance and Accountability
Data Training
Privacy
Data Minimization and Purpose Limitation
Privacy by Design and Default
User Control and Transparency
Design
Threat Assessment
Security Architecture
Security Requirements
Implementation
Secure Build
Secure Deployment
Defect Management
Verification
Security Testing
Requirement-based Testing
Architecture Assessment
Operations
Incident Management
Event Management
Operational Management
V-ST-A: Stream A
V-ST-B: Stream B
Maturity Level 1
Maturity Level 2
Maturity Level 3
V-ST-A-1
V-ST-A-1: Are basic security assessments occasionally conducted informally on AI systems?
Manual Testing:
Security testing is performed irregularly and manually.
Undefined Scope:
No clear scope or repeatable methodology for AI-specific vulnerabilities.
Limited Coverage:
Testing focuses primarily on traditional software vulnerabilities.
0
1
2
3
Description
Manual Testing:
Security testing is performed irregularly and manually.
Undefined Scope:
No clear scope or repeatable methodology for AI-specific vulnerabilities.
Limited Coverage:
Testing focuses primarily on traditional software vulnerabilities.
V-ST-A-2
V-ST-A-2: Is there informal measurement and basic improvement of security practices?
Standardized Tests:
Defined procedures for testing AI vulnerabilities.
Test Frameworks:
Use of open-source and commercial tools for AI security scanning.
Repeatable Workflows:
Testing integrated into development milestones.
0
1
2
3
Description
Standardized Tests:
Defined procedures for testing AI vulnerabilities.
Test Frameworks:
Use of open-source and commercial tools for AI security scanning.
Repeatable Workflows:
Testing integrated into development milestones.
V-ST-A-3
V-ST-A-3: Is there a systematic approach documented for conducting regular security assessments on AI systems?
Continuous Testing:
Real-time AI testing integrated with runtime monitoring.
Adversarial Simulations:
Regular red-teaming and stress-testing of AI models.
Integrated Governance:
Testing outputs inform governance and risk decisions.
0
1
2
3
Description
Continuous Testing:
Real-time AI testing integrated with runtime monitoring.
Adversarial Simulations:
Regular red-teaming and stress-testing of AI models.
Integrated Governance:
Testing outputs inform governance and risk decisions.