A New Way to SSP: The Component Definition Approach to Defining Controls
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine
Assessing and Accrediting AI Systems with stackArmor’s ATO for AI™
Operationalizing NIST AI RMF can be accelerated by mapping AI risks to NIST SP 800-53 Security Controls with AI specific Control Overlays to provide a proven and tested pathway for assessing and accredited AI systems within the Public Sector. We are an inaugural member of the NIST AI Safety Institute Consortium.
The Whitehouse Executive Order (EO 14110) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence directs Agency Chief Information Officers, Chief Information Security Officers, and authorizing officials to operationalize generative AI and other critical and emerging technologies. Agencies must incorporate risk management tailored to AI systems. The NIST AI Risk Management Framework (NIST AI 100-1) helps manage the many risks of AI and promote trustworthy and responsible development and use of AI systems. Given the stringent timelines associated with implementing strong governance and risk management protocols, agencies should consider augmenting and enhancing existing risk management models such NIST RMF and NIST SP 800-53 with AI specific Control Overlays to accredit AI systems.
NIST AI RMF (NIST AI 100-1) provides a starting point for organizations to understand and assess risk associated with AI systems. Organizations must find systematic and consistent ways to enable actions to manage AI risks and responsibly deploy trustworthy AI systems. AI systems present a unique set of risks and challenges that include:
As Chief AI Officers begin to dive into AI adoption, understanding these complex risks in a highly repeatable way is essential. NIST AI RMF is a foundational risk management framework that defines four functions: Govern, Map, Measure and Manage. Each of these high-level functions is broken down into categories and subcategories, which are further subdivided into specific actions and outcomes.
Those defined actions and outcomes, however, fall short of giving teams the prescriptive guidance required for implementing meaningful operational changes. There is a gap, in other words, between the concepts presented and the actionable set of instructions, steps and specific guidance on how best to implement risk management capabilities.
A New Way to SSP: The Component Definition Approach to Defining Controls Guest Post by Johann Dettweiler, CISO, stackArmor Imagine
California’s AI RAMP or FedRAMP for AI?: Urgent need for an actionable and enforceable US safety and security framework for
The FedRAMP PMO announced the Emerging Technology Prioritization Framework (ETPF) to fast-track AI solutions in code generation, image generation, and
stackArmor provides FedRAMP, FISMA/RMF, and CMMC/DFARS compliance acceleration services on Amazon Web Services (AWS). stackArmor’s ThreatAlert® Security Platform reduces the time and cost of an ATO by 40%. We serve enterprise customers in Defense, Aerospace, Space, Government, and Healthcare markets as well as ISV’s looking to offer cloud solutions for Government.
Menu
Blog
© stackArmor. All Rights Reserved 2024.