PATHWAY TO AI READINESS

Icon representing risk management

Risk Management

Vision

Robust risk management processes, including cybersecurity, that support capability experimentation, adoption, and operations, enabling resilient identification, mitigation, and recovery from threats or vulnerabilities.

Essential Self-Assessment Questions

  • Have we identified the key cybersecurity risks associated with deploying AI for our intended use case?
  • Do we have protocols in place to respond to AI-specific security incidents?
  • Is there a continuous monitoring, assessment, and incident response plan to manage AI-related security risks?
  • How do we ensure appropriate adherence to cybersecurity guidance?
  • Who is the Authorizing Official (AO) responsible for determining and granting authorization for deployment?
  • Are we conducting regular cybersecurity audits and stress tests to evaluate the robustness of our defenses?

Resources and Links

Framework to Advance AI Governance and Risk Management in National Security

The National Security Council guidance to federal agencies using AI in national security and defense contexts to mitigate potential risks from AI and ensure that AI use aligns with our country’s core values.

LEARN MORE

NIST AI Risk Management Framework

Framework to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.

LEARN MORE

NIST Risk Management Framework for Generative AI Profile

Cross-sectoral profile of and companion resource for the AI Risk Management Framework, specifically for Generative AI.

LEARN MORE

DoD Cyber Exchange

Provides one-stop access to cyber information, policy, guidance, and training for cyber professionals throughout the DoD, and the general public.

LEARN MORE

DoD Instruction 8510.01 - Risk Management Framework for DoD Systems

Establishes the cybersecurity Risk Management Framework (RMF) for DoD Systems and establishes policy, assigns responsibilities, and prescribes procedures for executing and maintaining the RMF.

LEARN MORE

Digital.gov Introduction to ATOs

U.S. General Services Administration resource to better understand the Authority to Operate (ATO) process.

LEARN MORE

DevSecOps Continuous Authorization to Operate Evaluation Criteria

Establishes the use cases and guidelines for evaluating a request for continuous authorization for a software factory and recommended processes required to generate a package.

LEARN MORE

Operation Vulcan Logic

Details a mature, proven, agile ecosystem that achieves the intent of the Risk Management Framework (RMF).

LEARN MORE

DoD CIO ATO 101 For Small Businesses

Brochure to help small businesses navigate the ATO process.

LEARN MORE