12 Compliance Dimensions
GlassPlane — 12 Compliance Dimensions
Sección titulada «GlassPlane — 12 Compliance Dimensions»GlassPlane (panel.ossfia.ai) mide el compliance de cada repositorio en 12 dimensiones con scoring evidence-first.
| # | Dimension | Weight | Que mide |
|---|---|---|---|
| 1 | Framework Compliance | 9% | Phase artifacts + context layers + baseline subtree |
| 2 | Gate Progression | 7% | Gates A-F by track |
| 3 | Data Governance | 10% | Classification, provenance, quality, retention |
| 4 | Security Posture | 9% | Secrets, SBOM, threat model, AIA |
| 5 | SAST/SCA | 8% | Static analysis + dependency audit |
| 6 | OWASP ASI | 8% | ASI01-10 + MCP Top 10 |
| 7 | EU AI Act | 8% | Art. 6, 10, 11, 14, 50, 73 |
| 8 | AI Governance | 8% | AIBOM, ISO 42001, NIST RMF |
| 9 | Delivery Performance | 10% | DORA + SPACE + DX AI |
| 10 | Spec Coverage | 7% | OpenAPI, data dict, ADRs |
| 11 | Singapore MGF | 8% | D1-D4: accountability, risk, human, technical |
| 12 | Colombia AI Ethics | 8% | D1-D5: ethics, equity, transparency, governance, sustainability |
Scoring
Sección titulada «Scoring»- Platinum: 96-100
- Gold: 81-95
- Silver: 61-80
- Bronze: 31-60
- Critical: 0-30
Cada score es trazable a un artefacto via evidence levels: absent → present → valid → executed → confirmed.