Summary
Each security check currently has severity, service, and status. Adding structured categorization fields would improve filtering, reporting, and compliance mapping — and unlock the work in issues for NIST AI RMF mapping and multi-tab report structure.
Proposed Fields
| Field |
Example values |
layer |
Infrastructure, Data, Model, Application, Agent |
phase |
Build, Deploy, Runtime, Monitor |
use_case |
RAG, Fine-tuning, Inference, Agent |
framework |
Well-Architected GenAI Lens, OWASP LLM Top 10, NIST AI RMF |
Files Likely Touched
- All assessor files in
aiml-security-assessment/functions/security/*/ — add fields to each check result dict
- HTML report template — add new filter dropdowns for these fields
docs/SECURITY_CHECKS.md and docs/AIMLSecurityAssessment-MappingsTable.csv — add new columns
Acceptance Criteria
Notes
This is a foundational issue — NIST AI RMF / ISO 42001 mapping and the multi-tab report structure both depend on these fields being present. Recommended to tackle this first.
Summary
Each security check currently has severity, service, and status. Adding structured categorization fields would improve filtering, reporting, and compliance mapping — and unlock the work in issues for NIST AI RMF mapping and multi-tab report structure.
Proposed Fields
layerInfrastructure,Data,Model,Application,AgentphaseBuild,Deploy,Runtime,Monitoruse_caseRAG,Fine-tuning,Inference,AgentframeworkWell-Architected GenAI Lens,OWASP LLM Top 10,NIST AI RMFFiles Likely Touched
aiml-security-assessment/functions/security/*/— add fields to each check result dictdocs/SECURITY_CHECKS.mdanddocs/AIMLSecurityAssessment-MappingsTable.csv— add new columnsAcceptance Criteria
Notes
This is a foundational issue — NIST AI RMF / ISO 42001 mapping and the multi-tab report structure both depend on these fields being present. Recommended to tackle this first.