github.com/gemaraproj/gemara@v1.3.0

test/test-data/good-aigf-principles.yaml raw

 1# AIGF Principles Catalog
 2title: AI Governance Framework Principles
 3metadata:
 4  id: AIR-PRIN
 5  type: PrincipleCatalog
 6  gemara-version: "1.1.0"
 7  description: >
 8    Core principles underpinning the FINOS AI Governance Framework.
 9    Each principle represents a foundational value that one or more
10    AIGF mitigations (guidelines) are designed to uphold.
11  version: 0.1.0
12  author:
13    id: finos
14    name: FINOS
15    type: Human
16  mapping-references:
17    - id: FINOS-AIR
18      title: AI Governance Framework
19      version: 0.1.0
20      url: "https://aigf.finos.org"
21      description: FINOS AI Governance Framework mitigations and risks
22
23groups:
24  - id: data-protection
25    title: Data Protection
26    description: >
27      Principles governing the handling, classification, and minimization
28      of sensitive data within AI systems.
29  - id: security-architecture
30    title: Security Architecture
31    description: >
32      Principles addressing layered defenses and resilience in AI
33      system design.
34  - id: governance
35    title: Governance
36    description: >
37      Principles ensuring transparency, accountability, and auditability
38      of AI data processing activities.
39
40principles:
41  - id: AIR-PRIN-001
42    title: Proactive Data Sanitization
43    group: data-protection
44    description: >
45      Apply filtering and anonymization techniques before data enters the
46      AI processing pipeline, vector databases, or any external service
47      endpoints.
48
49  - id: AIR-PRIN-002
50    title: Data Classification Awareness
51    group: data-protection
52    description: >
53      Understand and respect the sensitivity levels and access controls
54      associated with source data when determining appropriate filtering
55      strategies.
56
57  - id: AIR-PRIN-003
58    title: Principle of Least Exposure
59    group: data-protection
60    description: >
61      Only include data in AI systems that is necessary for the intended
62      business function, and ensure that even this data is appropriately
63      de-identified or masked when possible.
64
65  - id: AIR-PRIN-004
66    title: Defense in Depth
67    group: security-architecture
68    description: >
69      Implement multiple layers of filtering at data ingestion, during
70      processing, and at output generation to create robust protection
71      against data leakage.
72
73  - id: AIR-PRIN-005
74    title: Auditability and Transparency
75    group: governance
76    description: >
77      Maintain clear documentation and audit trails of what data filtering
78      processes have been applied and why.