Education & Guidance (EG) - Infrastructure Assessment

Assessment questionnaire for measuring maturity. Answer each question honestly based on current, implemented practices.

Source of truth: ../practices/EG-Infrastructure-OnePager.md | Canonical framing: ../HAIAMM-v3.0-Framing.md §8 / §12


Education & Guidance (EG) - Infrastructure Domain

HAIAMM Assessment Questionnaire v3.0

Practice: Education & Guidance (EG) Domain: Infrastructure Purpose: Assess organizational maturity in building AI infrastructure literacy for the platform/SRE workforce and deep practitioner skills for the reviewer population performing infrastructure security reviews, IaC assessments, and platform hardening of AI/HAI systems, with shadow AI infrastructure awareness as the primary L1 cultural outcome. Scoring Model: Evidence + Outcome Metrics (see Scoring Methodology below)


Instructions

  • Answer each question honestly based on current, implemented practices (not plans or aspirations)
  • Each question has two components: Evidence (what you did) and Outcome Metrics (how well it worked)
  • Scoring uses 4 tiers: Fully Mature (1.0), Implemented (0.67), Partial (0.33), Not Implemented (0.0)
  • Answer progressively - Complete all Level 1 questions before Level 2
  • Level progression - Achieve ALL questions at lower level before advancing
  • Baseline first - Record current metric values before setting targets

Scoring Methodology

Score Label Criteria
1.0 Fully Mature Evidence complete AND ≥3 outcome metrics meet targets
0.67 Implemented Evidence complete AND 2 outcome metrics meet targets
0.33 Partial Evidence partially complete OR <2 outcome metrics meet targets
0.0 Not Implemented No evidence of the activity in place

Maturity Level 1

Objective: Deliver foundational AI infrastructure literacy to ≥95% of the platform/SRE workforce touching AI/HAI infrastructure and role-based practitioner training to 100% of the reviewer population, with an active shadow-AI-infrastructure awareness campaign.


Question 1: Ship workforce AI infrastructure literacy training

Q1.1: Do you have a current-year AI infrastructure literacy course (≤20 minutes) completed by ≥95% of platform engineers, SREs, and cloud architects provisioning or operating AI/HAI infrastructure, covering the seven in-scope archetypes, GPU fleet operational risk, IaC-for-AI key differences, region/residency requirements, observability minimums, and the provisioning gate, with content updated within 30 days of any policy or archetype change?

Evidence Required: - [ ] LMS module published covering the seven AI/HAI infrastructure archetypes (inference endpoint/model-serving cluster, model registry, GPU/accelerator fleet, orchestrator/control plane, vector-store infrastructure, AI-specific CI/CD, feature store/online serving cache) with org-specific examples - [ ] GPU fleet operational risk module: credentials as high-value targets, training-data access scope as blast-radius control, workload isolation, GPU-spend tagging as shadow-infra detection signal - [ ] IaC-for-AI three key differences module: model artifacts require signing/checksum, inference endpoints require auth at every interface, GPU workload isolation requires explicit namespace or VM-level controls - [ ] Region/residency for AI serving infrastructure module: GDPR Art. 44–49 trigger for cross-border inference endpoints, two-line IaC attribute for region pinning, how to flag cross-border deployments - [ ] Observability minimums module: structured inference access logs, orchestrator state logs versus general application logs, prompt/completion log retention distinctions - [ ] LMS completion report showing current-year completion rate across in-scope platform/SRE headcount - [ ] Named training content owner with documented quarterly review cadence and evidence of update within 30 days of last policy change

Outcome Metrics:

Metric Baseline Current Target Met? Notes
% platform/SRE headcount with current-year AI infrastructure literacy completion ___% ___% ≥95%
% intake reviewers with completed practitioner training ___% ___% 100%
Reviewer calibration drift, avg tier delta across reviewers on shared samples ___ ___ ≤1 tier step
Reviewer calibration drift, avg risk misclassifications per sample ___ ___ ≤2 per sample

Metric Collection Guidance: - Platform/SRE literacy completion: LMS current-year completion report filtered to platform engineers, SREs, and cloud architects in scope of the AI/HAI infrastructure program. Cross-reference with HR headcount for denominator. Formula: completed_count / in-scope_headcount × 100 - Reviewer training completion: LMS report filtered to infrastructure-intake-approval-permissions group (platform security engineers, SRE on-call leads, cloud architects). 100% is a pass/fail gate. - Calibration drift, tier: Quarterly exercise where reviewers independently score the same sample infrastructure intake. Record each reviewer's tier assignment; calculate mean absolute deviation. Source: calibration debrief facilitator record. - Calibration drift, risk misclassifications: Same exercise; count risk identifications that differ from the facilitated consensus answer per reviewer per sample; average across reviewers.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No AI infrastructure literacy training in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 2: Deliver role-based practitioner training for the reviewer population

Q1.2: Has the practitioner population (platform security engineers, SRE on-call leads, cloud architects performing AI infrastructure reviews) completed a role-based training module (~2 hours) covering inference-endpoint attack surface (ATLAS AML.T0015/AML.T0024), model-registry supply-chain attacks (ATLAS AML.T0010), GPU-fleet IAM hardening, vector-store hardening (embedding inversion, namespace boundary failures), orchestrator control-plane security (EA/AGH/TM/RA TTPs), AI-specific CI/CD pipeline attacks, and IaC review patterns for all seven archetypes, with completion gated on intake-approval permissions and calibration drift inside target for two consecutive quarters?

Evidence Required: - [ ] Practitioner training module published covering inference-endpoint attack surface: model extraction (ATLAS AML.T0015 and AML.T0024), prompt injection at serving layer as AGH vector, no-public-endpoint enforcement, authentication bypass patterns - [ ] Model-registry attack surface module: supply-chain compromise (ATLAS AML.T0010), unsigned artifact promotion, two-party promotion gate, registry audit-log verification - [ ] GPU fleet IAM hardening module: no-standing-human-IAM policy, secrets-vault integration, training-data access scoping, GPU-spend anomaly as shadow-infra detection signal - [ ] Vector-store hardening module: embedding inversion (high-dimensional embedding reconstruction of sensitive source content), namespace/collection boundary failures, no-public-read-access requirement, TLS enforcement - [ ] Orchestrator control-plane security module: EA/TM/RA TTPs at orchestrator level, tool-scope boundary assessment in SR REM, control-plane authentication enforcement in DR review - [ ] AI-specific CI/CD attacks module: model poisoning through training pipeline (ATLAS AML.T0020), malicious model promotion via compromised credentials, eval-gate bypass, artifact signing gaps - [ ] IaC review patterns for each archetype: checklist-driven review identifying public endpoints, missing encryption, missing auth, missing isolation, missing logging, completing SR REM gap list within 15 minutes per archetype - [ ] Completion gating enforced; calibration exercise records from two consecutive quarters inside target (≤1 tier step, ≤2 risk misclassifications per sample)

Outcome Metrics:

Metric Baseline Current Target Met? Notes
% intake reviewers with completed practitioner training ___% ___% 100%
Reviewer calibration drift, avg tier delta on shared samples ___ ___ ≤1 tier step
Reviewer calibration drift, avg risk misclassifications per sample ___ ___ ≤2 per sample
Reviewer throughput, infrastructure intakes closed per reviewer per week (post-training trend) ___ ___ trending up

Metric Collection Guidance: - Practitioner training completion: LMS completion report filtered to infrastructure-intake-reviewer role group. Source: LMS + access-control system confirming permissions are gated on training. - Calibration drift, tier: Independent scoring of shared sample infrastructure intakes; mean absolute tier deviation across reviewer cohort. Source: quarterly calibration debrief facilitator records. - Calibration drift, risk misclassifications: Count of risk identification discrepancies per sample versus facilitated consensus; averaged across reviewers. Source: calibration debrief records. - Reviewer throughput: Infrastructure intake queue analytics, intakes closed per reviewer per week before and after training rollout. Source: intake queue system.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No practitioner training in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 3: Run the shadow-AI-infrastructure awareness campaign

Q1.3: Is a shadow-AI-infrastructure awareness campaign running with at least monthly content, a visible amnesty path linked from the AUP and intake form, measurable attribution of intake submissions and amnesty disclosures to campaign channels, and region/residency micro-content for every cross-border or regulated-data-processing AI/HAI infrastructure archetype active in the inventory?

Evidence Required: - [ ] Campaign launch documented: executive sponsor message naming shadow AI infrastructure, amnesty window announced, sanctioned-archetype catalog published with fast-track framing - [ ] Monthly content cadence evidenced: content calendar or publication log showing at least one shadow-AI-infra piece per month (new approved archetype, fast-track win, anonymized risk catch, external incident reframe) - [ ] Amnesty path linked from the AI Infrastructure AUP, the intake form, and the platform engineering Slack/Teams channel pins - [ ] Campaign channel URLs tagged for attribution; intake-queue referrer-source field populated showing campaign attribution rate - [ ] Region/residency micro-content (GDPR Art. 44–49 transfer basis, residency pinning in Terraform, cross-border deployment flagging in intake form) deployed for every cross-border or regulated-data-processing AI/HAI infrastructure archetype - [ ] Feedback channel for archetype/IaC-module nominations with documented ≤5 BD triage SLA

Outcome Metrics:

Metric Baseline Current Target Met? Notes
Shadow AI infra disclosures per quarter (amnesty path, intake queue tagged "amnesty") ___ ___ rises Q1–Q2 then trends down
Intake submissions attributable to campaign channels ___% ___% ≥30% of net-new intakes
% platform/SRE headcount with current-year AI infrastructure literacy completion ___% ___% ≥95%
Campaign content cadence met ___ ___ ≥1 piece/month

Metric Collection Guidance: - Shadow AI infra disclosures: Count of intake submissions tagged "amnesty" per quarter. Expect increase in Q1–Q2 post-launch and decrease thereafter. Source: intake queue analytics. - Campaign attribution: Percentage of net-new infrastructure intake submissions arriving via tagged campaign channel links or form-referrer fields. Source: intake queue referrer field; UTM tracking or equivalent. - Platform/SRE literacy completion: Same methodology as Q1.1. Shared metric. - Content cadence: Count of published shadow-AI-infra content pieces per calendar month. Source: content calendar or publication log.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No campaign running)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Maturity Level 2

Objective: Deepen practitioner skill through scenario-based training from real infrastructure intake cases, deliver cloud-provider-specific tracks (AWS/GCP/Azure AI infra) calibrated to SM-Infrastructure L2 risk tiers, and run seasonal shadow-AI-infra campaigns tied to provisioning cycles.


Question 4: Scenario-based reviewer training from real infrastructure intakes

Q2.1: Is there a scenario library of ≥30 anonymized real infrastructure intake cases powering practitioner training across the org's in-scope archetypes, with paired calibration exercises showing Critical-tier drift ≤1 tier step and ≤1 risk misclassification per sample for two consecutive quarters, including a practitioner capstone requiring three live end-to-end intakes under a senior-reviewer shadow?

Evidence Required: - [ ] Scenario library of ≥30 scenarios documented, each with as-submitted archetype description, original reviewer decisions (tier, risk identifications, SR gaps), any disagreement, and resolved outcome - [ ] Scenarios organized per archetype (inference cluster, GPU fleet, orchestrator, vector-store, AI CI/CD) and per risk cluster (model-extraction-heavy, IAM-over-privilege-heavy, tool-scope-violation-heavy, cross-border-transfer-heavy) - [ ] Paired calibration exercises in place: two reviewers score the same scenario independently; debrief facilitated on tier delta and risk identification deltas - [ ] Critical-tier calibration drift records for two consecutive quarters showing ≤1 tier step and ≤1 risk misclassification per sample - [ ] Practitioner capstone in place: practitioners run three live intakes with senior-reviewer shadow and produce passing TA snapshot and SR REM for each archetype - [ ] Scenario library reviewed quarterly with retirement criteria for stale provisioning patterns documented

Outcome Metrics:

Metric Baseline Current Target Met? Notes
Reviewer calibration drift on Critical-tier scenarios, avg tier delta ___ ___ ≤1 tier step
Reviewer calibration drift on Critical-tier scenarios, avg risk misclassifications ___ ___ ≤1 per sample
% Critical/High-tier infra instances with ≥1 team member trained on applicable cloud-provider track ___% ___% 100%
% training content refreshed in last 90 days ___% ___% ≥80%

Metric Collection Guidance: - Critical-tier calibration drift: Quarterly calibration exercise focused on Critical-tier scenarios (customer-facing inference clusters, GPU fleets processing regulated data). Record tier assignments and risk identifications independently; calculate mean absolute deviation. Source: calibration debrief facilitator records. - Cloud-provider track coverage: LMS completion records for cloud-provider tracks cross-referenced against SM-Infrastructure L2 inventory Critical/High-tier instances. Formula: instances_with_trained_practitioner / total_Critical_High_instances × 100 - Content freshness: LMS content-management change log; count modules updated within the last 90 days.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No scenario library in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 5: Cloud-provider-specific AI infrastructure tracks

Q2.2: Have cloud-provider-specific AI infrastructure tracks (AWS, GCP, Azure, as applicable) been delivered to ≥1 trained practitioner per Critical/High-tier infrastructure instance, covering AI-specific services and their security configurations on each provider, not generic cloud hardening, with team-level coverage tracked in the SM-Infrastructure inventory?

Evidence Required: - [ ] AWS AI infra track developed: SageMaker endpoint security (auth, VPC-private, model encryption, inference access logs), Bedrock provisioned-throughput security, EKS GPU workload isolation, ECR image signing for ML base images, SageMaker Model Registry two-party promotion gate, AWS Secrets Manager for fleet credentials, AWS PrivateLink for vector-store backends - [ ] GCP AI infra track developed: Vertex AI endpoint security (VPC Service Controls, IAM, Private Service Connect), GKE GPU node pool isolation, Vertex AI Model Registry promotion gate, Cloud KMS for model artifact encryption, Secret Manager for fleet credentials, GCS bucket ACLs for training corpus access scope - [ ] Azure AI infra track developed: Azure OpenAI deployment security (managed identity, private endpoints, Azure Policy), Azure ML compute cluster security, AKS GPU node pool isolation, ACR image signing, Azure AI Search network isolation and RBAC, Azure Key Vault for secrets - [ ] Each cloud-provider track paired with the SA-Infrastructure reference architecture for that cloud, training teaches the "green path" the team will implement and defend in DR - [ ] Mandatory enrollment policy: any team owning a Critical or High-tier infrastructure instance on the applicable cloud must have ≥1 trained practitioner - [ ] LMS completion records cross-referenced with SM-Infrastructure inventory showing ≥1 trained practitioner per Critical/High-tier instance

Outcome Metrics:

Metric Baseline Current Target Met? Notes
% Critical/High-tier infra instances with ≥1 team member trained on applicable cloud-provider track ___% ___% 100%
% workforce literacy completion maintained ___% ___% ≥95%
Shadow-AI-infra campaign behavior-target achievement rate ___% ___% ≥70% of campaigns
% training content refreshed in last 90 days ___% ___% ≥80%

Metric Collection Guidance: - Cloud-provider track coverage: LMS module completion records filtered to cloud-provider track modules joined against SM-Infrastructure L2 instance inventory by owning team. Formula: instances_with_trained_practitioner / total_Critical_High_instances × 100 - Workforce literacy maintained: Ongoing LMS current-year completion rate; same methodology as Q1.1. - Campaign behavior-target achievement: For each campaign with a pre-set behavior target (e.g., reduce untagged GPU workloads by 50%), record whether post-campaign measurement met target. - Content freshness: LMS content management change log; modules with last-updated date within 90 days of assessment.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No cloud-provider-specific tracks in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 6: Seasonal, behavior-driven shadow-AI-infra campaigns

Q2.3: Are shadow-AI-infra campaigns running on a seasonal, behavior-driven cadence tied to provisioning cycles, OKR planning, hiring surges, and post-incident moments, with pre-set measurable behavior targets, post-campaign measurement, ≥70% of campaigns hitting their target, and ≥80% of training content updated in the last 90 days?

Evidence Required: - [ ] At least 2 behavior-driven campaigns run in the last 12 months, each with a documented pre-measured behavior target (e.g., "reduce untagged GPU workloads in the AWS account by 50% in Q3") - [ ] Post-campaign measurement records for each campaign showing whether the behavior target was met - [ ] Campaign scheduling aligned to observed shadow-infra risk windows (large GPU reservation cycles, Q1 OKR planning, hiring surges, post-model-extraction or GPU-credential-leak incidents) - [ ] Amnesty windows running alongside campaigns with attribution tracking - [ ] Campaign redesign process: campaigns missing behavior targets by >20% are redesigned - [ ] Content change log showing ≥80% of training modules updated in last 90 days

Outcome Metrics:

Metric Baseline Current Target Met? Notes
Shadow-AI-infra campaign behavior-target achievement rate ___% ___% ≥70% of campaigns hit target
% training content refreshed in last 90 days ___% ___% ≥80%
Reviewer calibration drift on Critical-tier scenarios ___ ___ ≤1 tier step, ≤1 risk mismatch
% workforce literacy completion maintained ___% ___% ≥95%

Metric Collection Guidance: - Campaign behavior-target achievement: Post-campaign measurement comparing pre-campaign baseline to post-campaign state. Source: cloud account tagging analytics, intake queue analytics, or equivalent behavioral signal. - Content freshness: LMS content management change log; count modules with last-updated date in the 90-day window preceding assessment date. - Calibration drift: Same methodology as Q2.1. - Workforce literacy: Same methodology as Q1.1.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No behavior-driven campaigns in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Maturity Level 3

Objective: Operate continuous calibration at scale, externalize the AI infrastructure assurance curriculum and reviewer rubric through CNCF and OpenSSF AI, and contribute to cloud-provider partner programs and emerging AI infrastructure security certification pathways.


Question 7: Externalize the curriculum, scenario library, and reviewer rubric

Q3.1: Has the practitioner curriculum, anonymized scenario library, and reviewer rubric been published externally (CNCF AI/ML Working Group, OpenSSF AI, CNCF TAG Security, or cloud-provider partner security programs) with documented adoption, citations, forks, or direct acknowledgment, and do external community contributions loop back into internal content within 30 days?

Evidence Required: - [ ] Workforce AI infrastructure literacy module published externally under permissive license or as consortium deliverable (learning objectives, GPU fleet operational risk module, IaC-for-AI module, region/residency module, observability module, provisioning gate workflow) - [ ] Practitioner curriculum published externally (module outlines, per-archetype attack surface coverage, IaC review patterns, cloud-provider-specific hardening checklists, ATLAS technique coverage matrix) - [ ] Anonymized scenario library published (scenario format, per-archetype examples, calibration debrief format) - [ ] Reviewer rubric published (tier-assignment criteria for infra, risk-identification scoring, SR-gap-list completeness scoring for each archetype) - [ ] External adoption evidence: citations, forks/downloads, direct adoption acknowledgment from ≥1 other organization - [ ] Process documented for external contributions to flow back into internal content within 30 days

Outcome Metrics:

Metric Baseline Current Target Met? Notes
External adoption, citations, forks, downloads of curriculum/scenario library/rubric artifacts 0 ___ tracked, trending up
% Critical-tier reviewers holding an external AI infrastructure or cloud security credential 0% ___% ≥50% by year 2 of L3 (where credential exists)
Monthly live calibration cadence met ___ ___ monthly, on calendar
ATLAS TTP contributions or confirmations per year 0 ___ ≥1 where novel observations exist

Metric Collection Guidance: - External adoption: GitHub/GitLab fork and download counts; CNCF/OpenSSF citation tracker; cloud-provider partner program acknowledgment records. Tracked quarterly. - External credentials: HR credential registry cross-referenced with Critical-tier infrastructure reviewer list. Credentials in scope: CNCF CKS, OpenSSF AI Practitioner, cloud-provider security partner program credentials (AWS Security Competency, GCP Security Partner, Microsoft MISA), ISACA AI Risk. Formula: credentialed_Critical_tier_reviewers / total_Critical_tier_reviewers × 100 - Live calibration cadence: Calendar entries confirming monthly calibration rounds; facilitator sign-off records per round. - ATLAS contributions: ATLAS GitHub contribution history for infrastructure-domain techniques (inference-endpoint extraction, model-registry tampering, orchestrator control-plane compromise enabling EA/TM/RA). Source: contribution log.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No external publication in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 8: Continuous live calibration

Q3.2: Is a monthly live calibration cadence operating, each round using a current anonymized infrastructure intake from the live provisioning queue, independent reviewer scoring of tier/risks/top-3-SR-gaps, drift reported to the program sponsor, with calibration results feeding the scenario library within 30 days and ≥50% of Critical-tier reviewers holding an external credential where one exists?

Evidence Required: - [ ] Monthly calibration calendar entries confirmed for last 12 months (or since L3 initiation) - [ ] Per-round calibration records: anonymized infrastructure intake used, reviewer cohort, independent scoring results, drift calculation, facilitator debrief notes - [ ] Drift reported to program sponsor each month with trend over last quarter - [ ] Process documented and evidenced for adding new scenarios to the library within 30 days of calibration rounds revealing drift - [ ] Individual reviewer coaching records for reviewers with persistent drift on specific archetype types - [ ] Credential registry showing ≥50% of Critical-tier infrastructure reviewers credentialed where external credentials exist

Outcome Metrics:

Metric Baseline Current Target Met? Notes
Monthly live calibration cadence met ___ ___ monthly, on calendar
% Critical-tier infra reviewers holding external AI infrastructure or cloud security credential 0% ___% ≥50% (where credential exists)
Calibration results feeding scenario library within 30 days (% of drift-revealing rounds actioned) ___% ___% 100%
ATLAS TTP contributions or confirmations per year 0 ___ ≥1 where novel observations exist

Metric Collection Guidance: - Live calibration cadence: Program operations calendar; facilitator sign-off records per round. Count calendar months with a completed calibration round in the last 12 months. - External credentials: HR credential registry; count of Critical-tier infrastructure reviewers with recognized AI-infrastructure or cloud-security credential divided by total Critical-tier infrastructure reviewer count. - Scenario library pipeline: Change log of scenario library; count calibration rounds where drift was identified; count of those rounds resulting in a new scenario added within 30 days. - ATLAS contributions: ATLAS submission records for infrastructure-domain techniques. Source: ATLAS contribution log maintained by program lead.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No continuous live calibration in place)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Question 9: AI infrastructure security certification contribution

Q3.3: Does the program contribute ≥2 substantive artifacts per year to industry AI infrastructure security certification or curriculum working groups (CNCF, OpenSSF AI, cloud-provider partner security programs), and ≥1 MITRE ATLAS TTP contribution or confirmation per year where novel observations exist in own-operated AI/HAI infrastructure?

Evidence Required: - [ ] At least 2 substantive contributions per year to industry AI infrastructure security certification or curriculum working groups, documented with contribution artifact, working group name, and date (CNCF AI/ML WG, OpenSSF AI supply-chain security, cloud-provider partner security programs) - [ ] At least 1 MITRE ATLAS TTP contribution or confirmation per year where novel infrastructure observations exist (inference-endpoint extraction, model-registry tampering, orchestrator-compromise enabling EA/TM/RA) - [ ] Org's practitioner capstone aligned with certification-grade rubrics where external credentials exist - [ ] Reviewer external-credential pursuit supported: study resources, exam fee reimbursement, time allocation policy - [ ] Process documented for external working-group outputs to update internal curriculum within 30 days

Outcome Metrics:

Metric Baseline Current Target Met? Notes
Contributions to industry AI infrastructure certification/curriculum working groups per year 0 ___ ≥2 substantive
ATLAS TTP contributions or confirmations per year 0 ___ ≥1 where novel observations exist
% Critical-tier infra reviewers holding external credential 0% ___% ≥50% by year 2 of L3 (where credential exists)
External adoption of curriculum artifacts (citations, forks, downloads) 0 ___ tracked, trending up

Metric Collection Guidance: - Industry contributions: Contribution log maintained by program lead; each entry includes contribution type, working group name, submission date, acceptance or publication status. - ATLAS contributions: MITRE ATLAS GitHub pull requests or working-group submissions for infrastructure-domain techniques. Source: ATLAS contribution log. - External credentials: Same methodology as Q3.2. - External adoption: Repository analytics, CNCF/OpenSSF citation tracker, cloud-provider partner program acknowledgment records. Trend tracked quarterly.

Answer: - ☐ Fully Mature (Evidence complete + ≥3 metrics meet targets) - ☐ Implemented (Evidence complete + 2 metrics meet targets) - ☐ Partial (Evidence partially complete + <2 metrics meet targets) - ☐ Not Implemented (No industry certification contributions)

Evidence Location: _______ Metric Validation Date: ______ Notes: ________


Summary Scorecard

Level Q1 Q2 Q3 Avg Level Achieved?
L1 ___ ___ ___ ___ ☐ Yes ☐ No
L2 ___ ___ ___ ___ ☐ Yes ☐ No
L3 ___ ___ ___ ___ ☐ Yes ☐ No

Practice Maturity Statement:

The organization's EG-Infrastructure practice is at Level ___ with an average score of ___.

  • Level 1 achieved when all L1 questions score ≥0.67 (Implemented)
  • Level 2 achieved when all L1 questions score 1.0 (Fully Mature) AND all L2 questions score ≥0.67
  • Level 3 achieved when all L1–L2 questions score 1.0 AND all L3 questions score ≥0.67

Document Version: HAIAMM v3.0 Practice: Education & Guidance (EG) Domain: Infrastructure Last Updated: 2026-05-15 Author: Verifhai

Instructions:

  • Answer based on current practices, not plans
  • “Yes” requires documented evidence
  • Complete all Level 1 questions before Level 2
  • Partial implementation = “No”

↓ Download as Markdown