# Content Domain 5: Security, Compliance, and Governance for AI Solutions
<a name="ai-practitioner-01-domain5"></a>

Domain 5 covers security, compliance, and governance for AI solutions and represents 14% of the scored content on the exam.

**Topics**
+ [Task Statement 5.1: Explain methods to secure AI systems.](#ai-practitioner-01-task5.1)
+ [Task Statement 5.2: Recognize governance and compliance regulations for AI systems.](#ai-practitioner-01-task5.2)

## Task Statement 5.1: Explain methods to secure AI systems.
<a name="ai-practitioner-01-task5.1"></a>

Objectives:
+ Identify AWS services and features to secure AI systems (for example, IAM roles, policies, and permissions; encryption; Amazon Macie; AWS PrivateLink; AWS shared responsibility model).
+ Describe the concept of source citation and documenting data origins (for example, data lineage, data cataloging, Amazon SageMaker Model Cards).
+ Describe best practices for secure data engineering (for example, assessing data quality, implementing privacy-enhancing technologies, data access control, data integrity).
+ Describe security and privacy considerations for AI systems (for example, application security, threat detection, vulnerability management, infrastructure protection, prompt injection, encryption at rest and in transit).

## Task Statement 5.2: Recognize governance and compliance regulations for AI systems.
<a name="ai-practitioner-01-task5.2"></a>

Objectives:
+ Identify AWS services and features to assist with governance and regulation compliance (for example, AWS Config, Amazon Inspector, AWS Audit Manager, AWS Artifact, AWS CloudTrail, AWS Trusted Advisor).
+ Describe data governance strategies (for example, data lifecycles, logging, residency, monitoring, observation, retention).
+ Describe processes to follow governance protocols (for example, policies, review cadence, review strategies, governance frameworks such as the Generative AI Security Scoping Matrix, transparency standards, team training requirements).