January 26, 2022

WASHINGTON – Global tech trade association ITI provided guidance to the National Institute of Standards and Technology (NIST) as the agency seeks to build and strengthen its AI Risk Management Framework (RMF). In comments to its Concept Paper on Tuesday, ITI applauded NIST’s efforts to develop a robust AI framework and made recommendations to ensure it provides effective mechanisms for organizations to leverage and manage a wide range of AI-related risks.

“We believe that NIST’s Risk Management Framework will be helpful but should allow for flexibility in updates given the nascent state of technical solutions related to AI,” ITI wrote in its comments. “We hope that such a framework can help provide a construct by which to evaluate risk, while also setting forth a methodology for developers and users to utilize in determining the risk associated with a particular use of AI technology. We are equally committed to the responsible development and deployment of AI technology and encourage NIST to view us as a partner.”

ITI offered a series of recommendations to help strengthen the framework and encouraged NIST to:

  • Seek to maintain coherence with prior works, clearly establishing a linkage between the AI Risk Management Framework and the Cybersecurity and Privacy Frameworks;

  • Leverage and align the RMF with standards that are currently under development in international standards bodies (ISO/IEC JTC 1);

  • Clarify how risks differ for human facing and non-human facing AI systems, and set forth appropriate risk evaluation criteria;

  • Seek to maintain and foster consistency internationally to the extent possible; and

  • Add a function that accounts for contingencies similar to the Respond function in the Cybersecurity Framework.

ITI also provided specific line edits to the Concept Paper aimed at aligning the AI RMF with international standards development activities, as well as activities being undertaken by international fora like the Organisation for Economic Co-operation and Development (OECD).

Last year, ITI published a set of Global AI Policy Recommendations intended to help governments facilitate an environment that supports AI while also addressing the technology’s challenges. In September 2021, ITI engaged with NIST’s efforts to foster trust in AI technology, including responding to NIST’s RFI on an AI Risk Management Framework.

Read the full comments here.

Public Policy Tags: Artificial Intelligence, Cybersecurity