Skip to content

lfai/security-and-compliance

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Security and Compliance Work Group

This repository is used to develop and manage the Security and Compliance Work Group's assets as well as those from its subgroups. This may include use cases, threat models, profiles, and other artifacts.

Mission statement

The LF AI & Data Security and Compliance Work Group is dedicated to formulating interconnected security use cases, threat models, and policies that can be leveraged to create a comprehensive security and compliance strategy for AI-enabled applications throughout their lifecycle. The committee will establish a framework, which references and incorporates existing, relevant projects, standards and technologies, that enables an automated, self-sustaining cycle where effective governance fosters secure AI development, deployment and operations and AI-driven governance systems that can reduce risk and improve compliance in critical regulated environments.

Meetings

Important

The Security & Compliance Work Group meets, bi-weekly on Tuesdays @9am US Central, 7am US Pacific, 14:00 UTC/GMT using Zoom. Select the "Need an invite" link on our LF AI & Data calendar entry and join us!

The work group has 2 subgroups which have separate meetings you can sign up for:

How to get involved

Meetings and mailing lists

You will need to assure you have accounts created in both the Linux Foundation (LF) and the LF AI & Data Foundation (LFAI):

The work group will use the LF meeting management platform for all calls and formal communications and requires an LF account to participate.

In addition, the LF AI & Data Foundation has a separate account to which will be used by work group members for work group-specific communications and calendaring:

Creating LF accounts
  1. Create an Linux Foundation account

  2. Register for an LF AI & Data Account

Meetings and mailing list

Work group meetings will be held bi-weekly

  • 9am US Central, 7am US Pacific, 14:00 UTC/GMT
    • The meeting day/time will be revisited via member poll for 2026.
Meeting sign-up

The LF AI & Data Foundation allows for self-registration to meetings via the foundation's Zoom.

Subscribe to the mailing list

Agendas, Meeting minutes

Google drive logo Request access to the project's Google drive folder which will be used to hold agendas, meeting notes, presentations, etc.

Communication channels

Slack logo Please join the LF AI & Data Foundation Slack for informal communication with work group members and other registered users:

then join the project channel:


Project structure

Initially, the work group will establish two subgroups to better divide and focus work against specific subject areas each with their own home page:

Work group members are encouraged to join and contribute to these subgroups each of which hosts its own bi-weekly meetings.

The subgroups will provide updates of its activities as part of the work group's meeting agenda.

Planned activities

A high-level view of the activity areas the work group and its subgroups will explore and develop concrete assets for:

Planned activities diagram

Standards and project collaboration

The work group intends to collaborate with and reference work from other foundations and organizations including:


References

This section contains additional references to projects and resources that the work group might find useful:

LF AI & Data

  • LF AI & Data public calendar - Zoom calendar for all meetings
  • Projects:
    • Data Prep. Kit (DPK) - accelerates unstructured data preparation for LLM app developers
    • Docling - simplifies document processing, parsing diverse formats including advanced PDF understanding
    • BeeAI - empowers developers to discover, run, and compose AI agents from any framework
Model transparency
Threat modeling
Compliance projects
  • CNCF OSCAL Compass - a set of tools that enable the creation, validation, and governance of documentation artifacts for compliance needs.
  • OpenSSF Gemara - a logical model to describe the categories of compliance activities, how they interact, and the schemas to enable automated interoperability between them.
Security compliance standards
Risk (Auditing)

Code of Conduct

The work group and its subgroups adhere to the LF AI & Data's Code of Conduct (CoC) as published here:

License

All repository content is licensed under the Apache 2.0 license unless otherwise noted. Including:

  • Displayed logos are copyrighted and/or trademarked by their respective owners.

About

No description, website, or topics provided.

Resources

License

Contributing

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •