ATO for AI™

Assessing and Accrediting AI Systems with 
stackArmor’s ATO for AI™

Operationalizing NIST AI RMF can be accelerated by mapping AI risks to NIST SP 800-53 Security Controls with AI specific Control Overlays to provide a proven and tested pathway for assessing and accredited AI systems within the Public Sector. We are an inaugural member of the NIST AI Safety Institute Consortium.

Whitehouse Executive Order (EO 14110)

The Whitehouse Executive Order (EO 14110) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence directs Agency Chief Information Officers, Chief Information Security Officers, and authorizing officials to operationalize generative AI and other critical and emerging technologies. Agencies must incorporate risk management tailored to AI systems. The NIST AI Risk Management Framework (NIST AI 100-1) helps manage the many risks of AI and promote trustworthy and responsible development and use of AI systems. Given the stringent timelines associated with implementing strong governance and risk management protocols, agencies should consider augmenting and enhancing existing risk management models such NIST RMF and NIST SP 800-53 with AI specific Control Overlays to accredit AI systems.

NIST AI RMF

NIST AI RMF (NIST AI 100-1) provides a starting point for organizations to understand and assess risk associated with AI systems. Organizations must find systematic and consistent ways to enable actions to manage AI risks and responsibly deploy trustworthy AI systems. AI systems present a unique set of risks and challenges that include:

  • Trustworthiness of underlying models
  • Training data used during pre-deployment
  • Data boundaries and data flows in and out of the AI system/service
  • Static and dynamic threats from data
Figure - AI Trustworthy Systems Must Consider a Complex AI Risk Landscape. NIST AI RMF Provides Guidance in Assessing a Systems Risk with Regard To the Use of AI.

As Chief AI Officers begin to dive into AI adoption, understanding these complex risks in a highly repeatable way is essential. NIST AI RMF is a foundational risk management framework that defines four functions: Govern, Map, Measure and Manage. Each of these high-level functions is broken down into categories and subcategories, which are further subdivided into specific actions and outcomes.

Those defined actions and outcomes, however, fall short of giving teams the prescriptive guidance required for implementing meaningful operational changes. There is a gap, in other words, between the concepts presented and the actionable set of instructions, steps and specific guidance on how best to implement risk management capabilities.

ATO for AI™ News

Contents

  • Assessing and Accrediting AI Systems
  • NIST AI RMF
  • stackArmor’s ATO for AI™ Governance Model
  • About stackArmor
  • stackArmor’s ATO for AI™ Toolkit

Download Whitepaper