Is it time to enforce an Authority-to-Operate (ATO) for Healthcare Organizations?
The Change Healthcare security breach has impacted over 94% of hospitals as reported by the American Health Association (AHA). A
March 25, 2024
Assessing and Accrediting AI Systems with stackArmor’s ATO for AI™
Operationalizing NIST AI RMF can be accelerated by mapping AI risks to NIST SP 800-53 Security Controls with AI specific Control Overlays to provide a proven and tested pathway for assessing and accredited AI systems within the Public Sector. We are an inaugural member of the NIST AI Safety Institute Consortium.
The Whitehouse Executive Order (EO 14110) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence directs Agency Chief Information Officers, Chief Information Security Officers, and authorizing officials to operationalize generative AI and other critical and emerging technologies. Agencies must incorporate risk management tailored to AI systems. The NIST AI Risk Management Framework (NIST AI 100-1) helps manage the many risks of AI and promote trustworthy and responsible development and use of AI systems. Given the stringent timelines associated with implementing strong governance and risk management protocols, agencies should consider augmenting and enhancing existing risk management models such NIST RMF and NIST SP 800-53 with AI specific Control Overlays to accredit AI systems.
NIST AI RMF (NIST AI 100-1) provides a starting point for organizations to understand and assess risk associated with AI systems. Organizations must find systematic and consistent ways to enable actions to manage AI risks and responsibly deploy trustworthy AI systems. AI systems present a unique set of risks and challenges that include:
As Chief AI Officers begin to dive into AI adoption, understanding these complex risks in a highly repeatable way is essential. NIST AI RMF is a foundational risk management framework that defines four functions: Govern, Map, Measure and Manage. Each of these high-level functions is broken down into categories and subcategories, which are further subdivided into specific actions and outcomes.
Those defined actions and outcomes, however, fall short of giving teams the prescriptive guidance required for implementing meaningful operational changes. There is a gap, in other words, between the concepts presented and the actionable set of instructions, steps and specific guidance on how best to implement risk management capabilities.
The Change Healthcare security breach has impacted over 94% of hospitals as reported by the American Health Association (AHA). A
The US Government is continuing to move rapidly to ensure US competitiveness in the area of Artificial Intelligence (AI). The
Ms. Clare Martorana, U.S. Federal Chief Information Officer, Office of the Federal Chief Information Officer, Office of Management Budget. Subject:
stackArmor provides FedRAMP, FISMA/RMF, and CMMC/DFARS compliance acceleration services on Amazon Web Services (AWS). stackArmor’s ThreatAlert® Security Platform reduces the time and cost of an ATO by 40%. We serve enterprise customers in Defense, Aerospace, Space, Government, and Healthcare markets as well as ISV’s looking to offer cloud solutions for Government.
Menu
Blog
© stackArmor. All Rights Reserved 2024.