ConsultingWorkbench-backed AI security engagements — map, attack, defend, and prove your AI systems.
Scope a Review
aisecurityllc
Log inTake DiagnosticScope a Review
aisecurityllc
Scope a Review
← AttestationsIssuedATT-AISC-2025-0534

aisecurity.llc

AI SECURITY · PRIVACY · TRUST

SECURITY REVIEW ATTESTATION

Independent Assessment · Evidence-Based · Public-Safe

This attests that

A

ACME Corp

acmecorp.io

ACME Corp engaged aisecurity.llc to conduct a security review of the systems, processes, and public trust surfaces described below.

Service(s) performed

📋

Governance Evidence Sprint

Structured evidence collection and control mapping against NIST AI RMF and ISO 42001 frameworks.

📄

AI Policy Framework Review

AI use policy, model governance charter, acceptable use, and incident classification policy review.

🏛️

NIST AI RMF Alignment

Control mapping and gap analysis against the four NIST AI RMF core functions: Govern, Map, Measure, Manage.

📎

Buyer Evidence Pack Review

Assessment of governance artifacts suitable for enterprise procurement, board reporting, and regulatory inquiries.

Scope

Systems / Features in ScopeACME Corp AI governance program covering the AcmeAssist product line: AI use policy, model governance charter, risk register, incident classification procedure, NIST AI RMF self-assessment, and related evidence artifacts.
Review TypePolicy review, control evidence assessment, NIST AI RMF gap analysis, and governance maturity evaluation against ISO 42001 / AIMS readiness criteria.
Engagement IDAISC-2025-0534
Engagement PeriodJune 9, 2025June 27, 2025
Report DeliveredJuly 1, 2025

Results summary

74/ 100

Developing

ACME Corp's AI governance program is actively developing with a clear foundation in place. Core policies exist and the risk register is maintained. Two high-priority gaps were identified: the Model Governance Charter lacks an approved ownership and accountability chain, and NIST AI RMF Measure function evidence is incomplete. A targeted 90-day remediation roadmap was delivered.

2High findings
8Medium findings
15Low findings
6Informational

Domains reviewed

AI Governance

Policies, accountability structure, model lifecycle, and oversight mechanisms.

NIST AI RMF — Govern

Governance structures, policies, roles, and accountability for AI risk.

NIST AI RMF — Map

AI use case classification, risk categorization, and stakeholder impact mapping.

NIST AI RMF — Measure

Metrics, evaluation, and ongoing risk measurement practices.

NIST AI RMF — Manage

Risk response plans, incident procedures, and ongoing risk management.

Privacy & Data Governance

Data provenance, consent, and model training data governance.

Third-Party AI Governance

Vendor AI usage policies, sub-processor governance, and LLM provider oversight.

AI Incident Management

Classification procedure, escalation paths, and AI-specific incident scenarios.

External Governance Evidence

Buyer-facing governance artifacts, disclosures, and evidence package readiness.

Model Continuity & Resilience

Fallback procedures, model version control, and degraded-mode governance.

aisecurity.llc

https://aisecurity.llc

This attestation reflects governance maturity at the time of review. Not a certification, regulatory compliance opinion, or guarantee of future posture.

See the associated private report for full governance gap analysis, NIST AI RMF function scores, control evidence ratings, and remediation roadmap. Report ID: RPT-AISC-2025-0534.

Document ID: ATT-AISC-2025-0534 · Engagement: AISC-2025-0534