Auditing artificial intelligence (AI) systems is essential in today’s technology-driven environment, where organizations face increasing scrutiny regarding the ethical and secure use of AI technologies. The NIST AI Risk Management Framework (RMF) offers a structured approach to auditing AI systems, helping organizations identify, assess, and mitigate risks associated with their AI implementations. This guide will explore how to effectively audit your AI systems using the NIST RMF, focusing on its four core functions: Govern, Map, Measure, and Manage.
NIST 800-171 / DFARS
The Defense Federal Acquisition Regulation Supplement (DFARS) governs the acquisition of goods and services for the Department of Defense (DoD). Both officials and contractors must comply with the requirements set forth in DFARS. As anyone who has looked at the requirements set forth in DFARS knows, DFARS itself is a complex regulatory body that is broad in scope and depth. Contractors and subcontractors that supply or work with the DoD are required to comply with DFARS or face penalties for non-compliance, making it essential to understand exactly what your DFARS compliance requirements are and how you can meet them.
When it comes to technology and science, the U.S. Government has a variety of bodies and agencies that help support innovation and promote industry-wide standards. One of the most important (and under appreciated) of these organizations is NIST.
When it comes to data that cyber criminals are after, defense and military information rank near (if not at) the top of the list. And its not something the U.S. Department of Defense (DOD) federal government is taking lightly. Between cyber protection, support, and other teams, the DOD is on pace to have 133 teams of federal agencies dedicated specifically to cyber defense. In addition, the DOD is working with the National Institute of Standards and Technology (NIST) to implement regulations that will also make sensitive data handled by DOD and government contractors secure as well.
If your organization works with US government agencies, including the military, you’ll need to conduct one or more NIST assessments. Getting ready includes determining which standards apply, conducting readiness assessments, implementing, and securing an official assessor.
To work with the US government, organizations need to implement NIST frameworks like the CSF. NIST SP 800-53 maps CSF principles into executable controls, which then translate into requirements in other frameworks, like SP 800-171, that are required for specific contracts.
The US Department of Defense (DoD) spent $439.4 billion on contracts for products and services in 2020. That’s billions of tax dollars awarded to hundreds, if not thousands of companies contributing to US national defense. To get involved in this lucrative industry, contractors must abide by Defense Federal Acquisition Regulations Supplement (DFARS) requirements, such as limiting offshore acquisitions to organizations located in DFARS-compliant countries. Read on to review the list of DFARS-compliant countries (2021) and the safeguards that organizations must demonstrate to secure DoD contracts.
Compliance with the National Insitute of Standards and Technology (NIST) Special Publication 800-171 is critical to demonstrating your security posture as a Department of Defense (DoD) contractor—helping you maintain preferred contractor status. NIST 800-171 compliance helps safeguard sensitive information such as Covered Defense Information (CDI) and Controlled Unclassified Information (CUI). Read on to learn all about NIST 800-171 passing scores.
How and Why DoD Contractors Must Protect Covered Defense Information
The federal government utilizes contractors to provide routine services and products to achieve the nation’s missions and conduct operations. During the course of business, the government shares sensitive information with federal contractors, which is then stored, processed, and transmitted via information systems. Department of Defense (DoD) contractors must abide by Defense Federal Acquisition Regulation Supplement (DFARS) requirements for protecting Covered Defense Information (CDI), which is directly related to national security.
Safeguarding Covered Defense Information and Cyber Incident Reporting
If your company is a supplier or contractor with the US Department of Defense (DoD), it has to comply with several regulations to ensure the safety of US citizens, domestic and abroad. The most comprehensive is the Defense Federal Acquisition Regulation Supplement (DFARS). It specifies the requirements pertaining to covered defense information (CDI), including ways to safeguard it and report on any cyber incidents that could compromise it.