Essay
Step-one deliverable: a specific Initial → Efficient level per AI Security Maturity Model (AISMM) category, with the evidence and reasoning that justify it.
3 June 2026 · 5 min read · Binu Chacko
Situation
Maturity self-ratings are everywhere — every function has a number.
Complication
Unanchored self-ratings inflate, and auditors discount them on sight.
The question
“What makes a maturity level defensible?”
The answer
Observable self-placement tests per level, verbatim from the standard, scored from real control coverage and coverage-bounded.
The second artefact of an honest assessment is a maturity placement for every AI Security Maturity Model (AISMM) category in scope — a specific level on the Initial → Efficient scale, with the evidence and the reasoning that justify it. Not a workshop vote, not a self-reported score.
The Cloud Security Alliance (CSA) AI Security Maturity Model (AISMM) organises program maturity into 3 domains and 12 categories, each scored L1–L5. It answers how well a function runs each part of its program; the AI Controls Matrix (AICM) checklist underneath answers what exactly it does. Every category resolves to named AICM domains — the roll-up is on the board scorecard, derived from the canonical CSA rollup, never hand-drawn.
A level you cannot re-derive from evidence is not a level. It is a mood.
The smallest evidenced increment: one or two skills fitted to the category’s weakest objectives, measured before/after, then re-placed. That is the deployment loop on the Engage page — diagnose, prescribe, track, advance — and it is deliberately incremental: a category climbs one defensible rung at a time.
Disambiguation: AISMM here is the Cloud Security Alliance (CSA) AI Security Maturity Model — it grades how well you secure AI (Mandate 1). How far your teams use AI to defend is a different question, graded on our own AI-CMM autonomy ladder (Mandate 2) — our model, calibrated to the Society of Automotive Engineers (SAE) J3016 Levels of Automation lineage, always shown dashed, never presented as a CSA artefact.
← Newer essay
The AICM Coverage Assessment
Older essay →
The Shared Security Responsibility Model (SSRM) Ownership Map
Subscribe for the next essay.