Assessment questionnaire for measuring maturity. Answer each question honestly based on current, implemented practices.
Source of truth:
../practices/EG-Endpoints-OnePager.md| Canonical framing:../HAIAMM-v3.0-Framing.md§8 / §12
Practice: Education & Guidance (EG) Domain: Endpoints Purpose: Assess organizational maturity in building endpoint AI literacy for managed-endpoint users and deep practitioner skills for the reviewer population performing endpoint AI security reviews, chatbot threat modeling, mobile AI assessment, and edge AI model-integrity verification, with shadow AI on endpoints as the primary L1 cultural outcome, including Art. 50 disclosure UX review as a key practitioner competency. Scoring Model: Evidence + Outcome Metrics (see Scoring Methodology below)
| Score | Label | Criteria |
|---|---|---|
| 1.0 | Fully Mature | Evidence complete AND ≥3 outcome metrics meet targets |
| 0.67 | Implemented | Evidence complete AND 2 outcome metrics meet targets |
| 0.33 | Partial | Evidence partially complete OR <2 outcome metrics meet targets |
| 0.0 | Not Implemented | No evidence of the activity in place |
Objective: Deliver foundational endpoint AI literacy to ≥95% of managed-endpoint users and role-based practitioner training to 100% of the endpoint AI reviewer population, with an active shadow-AI-on-endpoints awareness campaign.
Q1.1: Do you have a current-year endpoint AI literacy course (≤20 minutes) completed by ≥95% of managed-endpoint users, covering the seven endpoint AI archetypes (with org-specific examples), the Endpoint AI AUP data-class restrictions (personal-account prohibition, regulated data in AI prompts), AI browser extension safe and unsafe patterns, productivity AI quietly enabled in SaaS, mobile AI-specific risks, and the shadow AI disclosure path, with content updated within 30 days of any policy or archetype change?
Evidence Required: - [ ] LMS module published covering the seven endpoint AI archetypes with org-specific examples: coding assistant on engineering laptop, AI browser extension summarizing pages, customer support chatbot on the website, voice AI interface in mobile app, M365 Copilot/Teams feature, mobile AI app, kiosk running facial recognition - [ ] Endpoint AI AUP five-rule summary: sanctioned tools, no personal accounts for work AI, prohibited data classes (regulated, customer-confidential, source code, internal financial, draft communications about individuals), how to request approval, how to disclose tools already in use - [ ] AI browser extensions module: what makes an extension AI-capable, how to check if it is on the allowlist, what to do with an unapproved extension, why "trusted publisher" does not automatically mean safe for AI-capable extensions - [ ] Productivity AI quietly enabled in SaaS module: how AI features appear in M365, Slack, Notion, Google Workspace without explicit user action; how to recognize that Copilot or Gemini is now available; what data is accessible to the AI in each context; how to flag unexpected AI feature activation to IT - [ ] Mobile AI apps module: why AI apps with microphone/camera/location carry different risk; what consent disclosures should look like; what to do if unsure about an AI app on an org-issued device - [ ] Shadow AI disclosure amnesty path instructions included; LMS completion report showing ≥95% current-year completion - [ ] Named training content owner with documented quarterly review cadence
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| % managed-endpoint users with current-year endpoint AI literacy completion | ___% | ___% | ≥95% | ☐ | |
| % endpoint AI intake reviewers with completed practitioner training | ___% | ___% | 100% | ☐ | |
| Reviewer calibration drift, avg tier delta across reviewers on shared samples | ___ | ___ | ≤1 tier step | ☐ | |
| Reviewer calibration drift, avg TTP misclassifications per sample | ___ | ___ | ≤2 per sample | ☐ |
Metric Collection Guidance:
- Endpoint user literacy completion: LMS current-year completion report filtered to all managed-endpoint users (employees and contractors). Cross-reference with HR/contractor headcount for denominator. Formula: completed_count / total_managed_endpoint_users × 100
- Reviewer training completion: LMS report filtered to endpoint-AI-intake-approval-permissions group (endpoint security engineers, IT MDM/EDR admins, product security engineers for own-built surfaces, mobile/IoT engineers). 100% is a pass/fail gate.
- Calibration drift, tier: Quarterly exercise where reviewers independently score the same sample endpoint AI intake. Record each reviewer's tier assignment; calculate mean absolute deviation. Source: calibration debrief facilitator record.
- Calibration drift, TTP misclassifications: Same exercise; count TTP identifications that differ from the facilitated consensus per reviewer per sample; average across reviewers.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No endpoint AI literacy training in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q1.2: Has the endpoint AI reviewer population (endpoint security engineers, IT MDM/EDR admins, product security engineers for own-built surfaces, mobile AI engineers, edge AI engineers) completed a role-based training module (~2 hours) covering the seven endpoint AI archetypes in depth, EDR detection of AI-specific data-egress patterns, browser-extension review methodology, customer-facing chatbot threat modeling (AGH/EA/TM/RA TTPs and Art. 50 disclosure UX review), mobile AI permission scope assessment (OWASP MASVS), and edge AI model-integrity verification, with completion gated on intake-approval permissions and calibration drift inside target for two consecutive quarters?
Evidence Required: - [ ] Practitioner training module published covering the seven endpoint AI archetypes in depth: unique threat surface per archetype, relevant HAI TTPs, key SR requirements, elevated-risk signals (coding assistant with clipboard access to regulated directories, browser extension with full page-content access on internal financial apps, chatbot with action-taking capability, voice AI without disclosure UX, mobile AI with background microphone access) - [ ] EDR detection of AI-specific data-egress patterns module: how EDR surfaces AI tool network egress to provider domains; process execution and DNS/SNI patterns indicating a new AI tool; distinguishing sanctioned AI tool egress from shadow AI tool or unapproved browser extension - [ ] Browser-extension review methodology module: evaluating manifest.json permissions, content-script scope, background service worker network calls, declared API endpoints; Chrome Enterprise reports; data-class risk assessment per extension - [ ] Customer-facing chatbot threat modeling module: prompt injection via user input (AGH TTP); excessive agency with backend action capability (EA TTP); rogue agent drift in multi-turn conversations (RA TTP); tool misuse in internal API calls (TM TTP); customer-data-egress risk; Art. 50 disclosure UX review methodology (compliant disclosure vs. buried-in-terms; accessibility check; sector overlay) - [ ] Mobile AI permission scope assessment module: iOS entitlements and Android manifest permission review for over-privileged AI capabilities; consent and disclosure UX testing against Customer-Facing AI Endpoint Disclosure Policy; OWASP MASVS mobile AI security requirements - [ ] Edge AI model integrity and on-device inference threats module: model substitution attack patterns, hash verification and signing, firmware review for bundled AI model components, edge device identity and authentication - [ ] Completion gating enforced; calibration exercise records from two consecutive quarters showing drift inside target (≤1 tier step, ≤2 TTP misclassifications per sample)
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| % endpoint AI intake reviewers with completed practitioner training | ___% | ___% | 100% | ☐ | |
| Reviewer calibration drift, avg tier delta on shared samples | ___ | ___ | ≤1 tier step | ☐ | |
| Reviewer calibration drift, avg TTP misclassifications per sample | ___ | ___ | ≤2 per sample | ☐ | |
| Reviewer throughput, endpoint AI intakes closed per reviewer per week (post-training trend) | ___ | ___ | trending up | ☐ |
Metric Collection Guidance: - Practitioner training completion: LMS completion report filtered to endpoint-AI-reviewer role group. Source: LMS + access-control system confirming permissions are gated on training. - Calibration drift, tier: Independent scoring of shared sample endpoint AI intakes; mean absolute tier deviation across reviewer cohort. Source: quarterly calibration debrief facilitator records. - Calibration drift, TTP misclassifications: Count of TTP identification discrepancies per sample versus facilitated consensus; averaged across reviewers. Source: calibration debrief records. - Reviewer throughput: Endpoint AI intake queue analytics, intakes closed per reviewer per week before and after training rollout. Source: intake queue system.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No practitioner training in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q1.3: Is a shadow-AI-on-endpoints awareness campaign running with at least monthly content, a visible amnesty path linked from the AUP and intake form, measurable attribution of intake submissions and shadow AI disclosures to campaign channels, and customer-facing AI disclosure awareness content for every team shipping own-built AI surfaces in production?
Evidence Required: - [ ] Campaign launch documented: executive sponsor message naming shadow AI on endpoints as a real current risk; amnesty window announced; sanctioned-AI-tool catalog published; framing that the program is an enabler, not a surveillance program - [ ] Monthly content cadence evidenced: at least one piece per month targeted at managed-endpoint users (newly sanctioned AI tool, data-restriction reminder, anonymized shadow AI disclosure positive-reinforcement story, external AI browser extension or productivity AI data-exposure incident reframe) - [ ] "Has your SaaS AI changed?" series documented: periodic call-outs when major SaaS vendors (Microsoft, Google, Slack, Notion) roll out new AI features; clear instruction on whether those features are already covered, require IT approval, or are in review - [ ] Shadow AI disclosure path linked from: AUP document, IT helpdesk portal, engineering Slack/Teams channel pins, and onboarding checklist - [ ] Campaign channel URLs tagged for attribution; intake-queue referrer-source field populated showing campaign attribution rate - [ ] Customer-facing AI disclosure awareness content (Art. 50 requirements, compliant disclosure UX vs. non-compliant, how to submit a disclosure UX specification at intake) deployed for every team shipping own-built AI surfaces in production - [ ] Feedback channel for AI tool nominations with nominations triaged and acknowledged within 5 BD
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| Shadow AI disclosures per quarter (amnesty path, intake queue tagged "amnesty") | ___ | ___ | rises Q1–Q2 then trends down | ☐ | |
| Intake submissions attributable to campaign channels | ___% | ___% | ≥30% of net-new intakes | ☐ | |
| % managed-endpoint users with current-year endpoint AI literacy completion | ___% | ___% | ≥95% | ☐ | |
| Campaign content cadence met | ___ | ___ | ≥1 piece/month | ☐ |
Metric Collection Guidance: - Shadow AI disclosures: Count of intake submissions tagged "amnesty" per quarter. Expect increase in Q1–Q2 post-launch and decrease thereafter. Source: endpoint AI intake queue analytics. - Campaign attribution: Percentage of net-new endpoint AI intake submissions arriving via tagged campaign channel links or form-referrer fields. Source: intake queue referrer field; UTM tracking or equivalent. - Endpoint user literacy completion: Same methodology as Q1.1. Shared metric. - Content cadence: Count of published shadow-AI-on-endpoints content pieces per calendar month. Source: content calendar or publication log.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No campaign running)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Objective: Deepen practitioner skill through scenario-based training from real endpoint AI intake cases, deliver channel-specific tracks for developer endpoints, customer-support AI, mobile, and edge practitioners, and run seasonal shadow-AI-on-endpoints campaigns tied to SaaS release cycles and hiring periods.
Q2.1: Is there a scenario library of ≥30 anonymized real endpoint AI intake cases powering practitioner training across the org's in-scope archetypes, with paired calibration exercises showing Critical-tier drift ≤1 tier step and ≤1 TTP misclassification per sample for two consecutive quarters, including a practitioner capstone requiring three live end-to-end intakes producing TA snapshot, SR REM, and disclosure UX assessment?
Evidence Required: - [ ] Scenario library of ≥30 scenarios documented, each with as-submitted archetype description, original reviewer decisions (tier, TTP identifications, SR gaps, disclosure UX adequacy assessment), any disagreement, and resolved outcome - [ ] Scenarios organized per archetype (chatbot, mobile AI app, browser extension, productivity AI, edge AI) and per TTP cluster (AGH-heavy for chatbots, EA-heavy for action-taking AI, data-egress-heavy for browser extensions, Art. 50-gap-heavy for customer-facing surfaces) - [ ] Paired calibration exercises in place: two reviewers score the same scenario independently; debrief facilitated on tier delta, TTP identification delta, SR gap list differences, and disclosure UX adequacy assessment - [ ] Critical-tier calibration drift records for two consecutive quarters showing ≤1 tier step and ≤1 TTP misclassification per sample - [ ] Practitioner capstone in place: practitioners run three live intakes with senior-reviewer shadow and produce passing TA snapshot, SR REM, and (for customer-facing surfaces) a disclosure UX assessment record - [ ] Scenario library reviewed quarterly with retirement criteria for obsolete endpoint AI intake patterns documented
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| Reviewer calibration drift on Critical-tier chatbot and mobile AI scenarios, avg tier delta | ___ | ___ | ≤1 tier step | ☐ | |
| Reviewer calibration drift on Critical-tier scenarios, avg TTP misclassifications | ___ | ___ | ≤1 per sample | ☐ | |
| % Critical/High-tier assets with ≥1 practitioner trained on applicable channel track | ___% | ___% | 100% | ☐ | |
| % training content refreshed in last 90 days | ___% | ___% | ≥80% | ☐ |
Metric Collection Guidance:
- Critical-tier calibration drift: Quarterly calibration exercise focused on Critical-tier scenarios (customer-facing chatbots with backend action capability, mobile AI apps on regulated-data teams). Record tier assignments, TTP identifications, and disclosure UX adequacy assessments independently; calculate mean absolute deviation. Source: calibration debrief facilitator records.
- Channel-track coverage: LMS completion records for channel-specific tracks cross-referenced against SM-Endpoints inventory Critical/High-tier assets. Formula: assets_with_trained_practitioner / total_Critical_High_assets × 100
- Content freshness: LMS content-management change log; count modules updated within the last 90 days.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No scenario library in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q2.2: Have channel-specific practitioner tracks (developer-endpoint AI, customer-support AI, mobile AI, edge AI) been delivered to ≥1 trained practitioner per Critical/High-tier endpoint AI asset in each applicable channel, each track covering the archetype-specific TTPs and SA reference patterns, with team-level coverage tracked in the SM-Endpoints inventory?
Evidence Required: - [ ] Developer-endpoint AI track developed: coding assistant deployment, AI IDE extensions, AI-augmented build tools; data-class risk of source code and internal API keys entering AI backends; MDM policy enforcement for AI developer tools; EA and TM TTPs in agentic coding assistant contexts (tools that write files, run commands, make API calls); SR requirements for developer-only vs. broader deployment scope - [ ] Customer-support AI track developed: own-built customer support chatbots; AGH TTP via customer-supplied injection through chat input; Art. 50 disclosure UX review methodology; customer-data-egress risk when chat sends interaction to a vendor AI model; action capability in support AI (ticket creation, account lookup, refund initiation) and EA/TM TTP implications; customer-facing AI incident response patterns - [ ] Mobile AI track developed: own-built mobile app AI features; iOS/Android permission scope review for AI capabilities (microphone, camera, location, contacts, device files); OWASP MASVS mobile AI security requirements; on-device vs. cloud processing architectures; Art. 50 consent UX patterns for mobile; RA TTP in persistent on-device AI - [ ] Edge AI track developed: kiosks, IoT devices, embedded on-device inference; on-device model identity and integrity verification; model substitution attack patterns; edge device identity and authentication; firmware review methodology for AI model components; physical access threat surface; data-minimization by design for sensor and biometric-adjacent edge AI - [ ] Each track paired with the SA reference pattern for the relevant archetype - [ ] Mandatory enrollment: any practitioner reviewing a Critical or High-tier endpoint AI asset in the applicable channel must have ≥1 trained practitioner - [ ] LMS completion records cross-referenced with SM-Endpoints inventory showing ≥1 trained practitioner per Critical/High-tier asset
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| % Critical/High-tier assets with ≥1 practitioner trained on applicable channel track | ___% | ___% | 100% | ☐ | |
| % workforce literacy completion maintained | ___% | ___% | ≥95% | ☐ | |
| Shadow-AI-on-endpoints campaign behavior-target achievement rate | ___% | ___% | ≥70% of campaigns | ☐ | |
| % training content refreshed in last 90 days | ___% | ___% | ≥80% | ☐ |
Metric Collection Guidance:
- Channel-track coverage: LMS module completion records filtered to channel-specific track modules joined against SM-Endpoints L2 asset inventory by owning team. Formula: assets_with_trained_practitioner / total_Critical_High_assets × 100
- Workforce literacy maintained: Ongoing LMS current-year completion rate; same methodology as Q1.1.
- Campaign behavior-target achievement: For each behavior-driven campaign (e.g., "reduce unapproved AI browser extension presence on managed endpoints by 40% in Q2"), record whether post-campaign measurement met target.
- Content freshness: LMS content management change log; modules with last-updated date within 90 days.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No channel-specific tracks in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q2.3: Are shadow-AI-on-endpoints campaigns running on a seasonal, behavior-driven cadence tied to SaaS AI-feature rollouts, device provisioning cycles, hiring surges, and post-incident moments, with pre-set measurable behavior targets, post-campaign measurement, ≥70% of campaigns hitting their target, and ≥80% of training content updated in the last 90 days?
Evidence Required: - [ ] At least 2 behavior-driven campaigns run in the last 12 months, each with a documented pre-measured behavior target (e.g., "reduce unapproved AI browser extension presence on managed endpoints by 40% in Q2") - [ ] Post-campaign measurement records for each campaign showing whether the behavior target was met - [ ] Campaign scheduling aligned to observed shadow endpoint AI risk windows: major SaaS vendor AI-feature rollouts (M365 Copilot expansion, Google Workspace Gemini rollout, Slack AI GA), device provisioning cycles, hiring surges, post-external-incident moments (browser-extension data-exposure, chatbot data-leak incident) - [ ] Amnesty windows running alongside campaigns with attribution tracking - [ ] Campaign redesign process: campaigns missing behavior targets by >20% are redesigned - [ ] Content change log showing ≥80% of training modules updated in last 90 days
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| Shadow-AI-on-endpoints campaign behavior-target achievement rate | ___% | ___% | ≥70% of campaigns hit target | ☐ | |
| % training content refreshed in last 90 days | ___% | ___% | ≥80% | ☐ | |
| Reviewer calibration drift on Critical-tier chatbot and mobile AI scenarios | ___ | ___ | ≤1 tier step, ≤1 TTP mismatch | ☐ | |
| % workforce literacy completion maintained | ___% | ___% | ≥95% | ☐ |
Metric Collection Guidance: - Campaign behavior-target achievement: Post-campaign measurement comparing pre-campaign baseline to post-campaign state. Source: MDM browser-extension inventory reports (Chrome Enterprise Admin unapproved extension count), EDR egress analytics, intake queue new-submission volume, or equivalent. - Content freshness: LMS content management change log; count modules with last-updated date in the 90-day window preceding assessment date. Note: includes browser-extension review checklist currency post major Chrome Enterprise Admin policy changes. - Calibration drift: Same methodology as Q2.1. - Workforce literacy: Same methodology as Q1.1.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No behavior-driven campaigns in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Objective: Operate continuous calibration at scale, externalize the endpoint AI curriculum and reviewer rubric as industry-shared artifacts, and contribute to emerging endpoint AI and mobile AI security certification pathways.
Q3.1: Has the practitioner curriculum, anonymized scenario library, and reviewer rubric been published externally (CSA AI Safety Initiative, OWASP MASVS, OASIS, or sector ISAC) with documented adoption, citations, forks, or direct acknowledgment, and do external community contributions loop back into internal content within 30 days?
Evidence Required: - [ ] Workforce endpoint AI literacy module published externally under permissive license or consortium deliverable (learning objectives, assessment questions, reference-card template covering the seven archetypes and shadow AI disclosure) - [ ] Practitioner curriculum published externally (module outlines, channel-track coverage matrix, per-archetype reviewer job aids for chatbot, mobile AI, browser extension, edge AI) - [ ] Anonymized scenario library published (scenario format, per-archetype examples including Art. 50 disclosure UX review scenarios, calibration debrief format) - [ ] Reviewer rubric published (tier-assignment criteria using SM-Endpoints L2 rubric dimensions, TTP-identification scoring, SR-gap-list completeness scoring, disclosure UX adequacy assessment criteria) - [ ] External adoption evidence: citations, forks/downloads, direct adoption acknowledgment from ≥1 other organization - [ ] Community contributions accepted; process documented for external contributions to flow back into internal content within 30 days
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| External adoption, citations, forks, downloads of curriculum/scenario library/rubric artifacts | 0 | ___ | tracked, trending up | ☐ | |
| % Critical-tier endpoint AI reviewers holding external AI-assurance or endpoint-AI credential | 0% | ___% | ≥50% by year 2 of L3 (where credential exists) | ☐ | |
| Monthly live calibration cadence met | ___ | ___ | monthly, on calendar | ☐ | |
| ATLAS TTP contributions or confirmations per year | 0 | ___ | ≥1 where novel observations exist | ☐ |
Metric Collection Guidance:
- External adoption: GitHub/GitLab fork and download counts; CSA/OWASP MASVS/OASIS citation tracker; direct outreach acknowledgment records. Tracked quarterly.
- External credentials: HR credential registry cross-referenced with Critical-tier endpoint AI reviewer list. Credentials in scope: CSA AI Safety, ISACA AI Audit/AI Risk, OWASP MASVS examination credentials, sector-specific ISAC credentials relevant to chatbot security and mobile AI security. Formula: credentialed_Critical_tier_reviewers / total_Critical_tier_reviewers × 100
- Live calibration cadence: Calendar entries confirming monthly calibration rounds; facilitator sign-off records per round.
- ATLAS contributions: ATLAS GitHub contribution history for endpoint-domain techniques (novel browser-extension prompt-injection patterns, mobile AI over-privileged tool-use observations, edge device model-substitution technique instances). Source: contribution log.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No external publication in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q3.2: Is a monthly live calibration cadence operating, each round using a current anonymized endpoint AI intake from the live queue, independent reviewer scoring of tier/TTPs/SR-gaps/disclosure-UX-adequacy, drift reported to the program sponsor, with calibration results feeding the scenario library within 30 days and ≥50% of Critical-tier endpoint AI reviewers holding an external credential where one exists?
Evidence Required: - [ ] Monthly calibration calendar entries confirmed for last 12 months (or since L3 initiation) - [ ] Per-round calibration records: anonymized endpoint AI intake used, reviewer cohort, independent scoring results (tier, TTPs, SR gaps, disclosure UX adequacy for customer-facing surfaces), drift calculation, facilitator debrief notes - [ ] Drift reported to program sponsor each month with trend over last quarter - [ ] Process documented and evidenced for adding new scenarios to the library within 30 days of calibration rounds revealing drift - [ ] Individual reviewer coaching records for reviewers with persistent drift on specific archetype channels (e.g., consistently under-scoring edge AI model-integrity findings, development signal, not performance metric) - [ ] Credential registry showing ≥50% of Critical-tier endpoint AI reviewers credentialed where external credentials exist
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| Monthly live calibration cadence met | ___ | ___ | monthly, on calendar | ☐ | |
| % Critical-tier endpoint AI reviewers holding external AI-assurance or endpoint-AI credential | 0% | ___% | ≥50% (where credential exists) | ☐ | |
| Calibration results feeding scenario library within 30 days (% of drift-revealing rounds actioned) | ___% | ___% | 100% | ☐ | |
| ATLAS TTP contributions or confirmations per year | 0 | ___ | ≥1 where novel observations exist | ☐ |
Metric Collection Guidance: - Live calibration cadence: Program operations calendar; facilitator sign-off records per round. Count calendar months with a completed calibration round in the last 12 months. - External credentials: HR credential registry; count of Critical-tier endpoint AI reviewers with recognized endpoint-AI or AI-assurance credential divided by total Critical-tier endpoint AI reviewer count. - Scenario library pipeline: Change log of scenario library; count calibration rounds where drift was identified; count of those rounds resulting in a new scenario added within 30 days. - ATLAS contributions: ATLAS submission records for endpoint-domain techniques. Source: ATLAS contribution log maintained by program lead.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No continuous live calibration in place)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
Q3.3: Does the program contribute ≥2 substantive artifacts per year to industry endpoint AI certification or curriculum working groups (CSA AI Safety, ISACA AI, OWASP MASVS, sector-specific ISAC credentials for chatbot security and mobile AI security), and ≥1 MITRE ATLAS TTP contribution or confirmation per year where novel endpoint AI observations exist in own-built or consumed endpoint AI assets?
Evidence Required: - [ ] At least 2 substantive contributions per year to industry endpoint AI certification or curriculum working groups, documented with contribution artifact, working group name, and date - [ ] At least 1 MITRE ATLAS TTP contribution or confirmation per year where novel endpoint AI observations exist (novel browser-extension AI exfiltration, mobile AI over-privileged tool-use patterns, edge device model-substitution technique instances) - [ ] Org's practitioner capstone aligned with certification-grade rubrics where external endpoint-AI or AI-assurance credentials exist - [ ] Reviewer external-credential pursuit supported: study resources, exam fee reimbursement, time allocation policy - [ ] Process documented for external working-group outputs (new MASVS revision, new Art. 50 implementing act, new SaaS AI-feature rollout attack pattern) to update internal curriculum within 30 days
Outcome Metrics:
| Metric | Baseline | Current | Target | Met? | Notes |
|---|---|---|---|---|---|
| Contributions to industry endpoint AI certification/curriculum working groups per year | 0 | ___ | ≥2 substantive | ☐ | |
| ATLAS TTP contributions or confirmations per year | 0 | ___ | ≥1 where novel observations exist | ☐ | |
| % Critical-tier endpoint AI reviewers holding external credential | 0% | ___% | ≥50% by year 2 of L3 (where credential exists) | ☐ | |
| External adoption of curriculum artifacts (citations, forks, downloads) | 0 | ___ | tracked, trending up | ☐ |
Metric Collection Guidance: - Industry contributions: Contribution log maintained by program lead; each entry includes contribution type, working group name (CSA AI Safety, OWASP MASVS, OASIS conversational AI, sector ISAC), submission date, acceptance or publication status. - ATLAS contributions: MITRE ATLAS GitHub pull requests or working-group submissions for endpoint-domain techniques. Source: ATLAS contribution log. - External credentials: Same methodology as Q3.2. - External adoption: Repository analytics, CSA/OWASP MASVS/OASIS citation tracker, sector ISAC acknowledgment records. Trend tracked quarterly.
Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No industry certification contributions)
Evidence Location: _______ Metric Validation Date: ______ Notes: ________
| Level | Q1 | Q2 | Q3 | Avg | Level Achieved? |
|---|---|---|---|---|---|
| L1 | ___ | ___ | ___ | ___ | ☐ Yes ☐ No |
| L2 | ___ | ___ | ___ | ___ | ☐ Yes ☐ No |
| L3 | ___ | ___ | ___ | ___ | ☐ Yes ☐ No |
Practice Maturity Statement:
The organization's EG-Endpoints practice is at Level ___ with an average score of ___.
Document Version: HAIAMM v3.0 Practice: Education & Guidance (EG) Domain: Endpoints Last Updated: 2026-05-15 Author: Verifhai
Instructions: