| Control | Status | |
|---|---|---|
| Artificial Intelligence (AI) & Autonomous Technologies Governance | Mechanisms exist to ensure policies, processes, procedures and practices related to the mapping, measuring and managing of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent and implemented effectively. | |
| Situational Awareness of AI & Autonomous Technologies | Mechanisms exist to develop and maintain an inventory of Artificial Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party). | |
| AI & Autonomous Technologies Internal Controls | Mechanisms exist to identify and document internal cybersecurity & data privacy controls for Artificial Intelligence (AI) and Autonomous Technologies (AAT). | |
| Assigned Responsibilities for AI & Autonomous Technologies | Mechanisms exist to define and differentiate roles and responsibilities for: (1) Artificial Intelligence (AI) and Autonomous Technologies (AAT) configurations; and (2) Oversight of AAT systems. | |
| AI & Autonomous Technologies Risk Profiling | Mechanisms exist to document the risks and potential impacts of Artificial Intelligence (AI) and Autonomous Technologies (AAT) that are: (1) Designed; (2) Developed; (3) Deployed; (4) Evaluated; and/or (5) Used. | |
| Artificial Intelligence Test, Evaluation, Validation & Verification (AI TEVV) | Mechanisms exist to implement Artificial Intelligence Test, Evaluation, Validation & Verification (AI TEVV) practices to enable Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related security, resilience and compliance-related conformity testing throughout the lifecycle of the AAT. | |
| AI TEVV Trustworthiness Assessment | Mechanisms exist to evaluate Artificial Intelligence (AI) and Autonomous Technologies (AAT) for trustworthy behavior and operation including security, anonymization and disaggregation of captured and stored data for approved purposes. | |
| AI TEVV Safety Demonstration | Mechanisms exist to demonstrate the Artificial Intelligence (AI) and Autonomous Technologies (AAT) to be deployed are safe, residual risk does not exceed the organization's risk tolerance and can fail safely, particularly if made to operate beyond its knowledge limits. | |
| AI TEVV Security & Resiliency Assessment | Mechanisms exist to evaluate the security and resilience of Artificial Intelligence (AI) and Autonomous Technologies (AAT) to be deployed. | |
| Robust Stakeholder Engagement for AI & Autonomous Technologies | Mechanisms exist to compel ongoing engagement with relevant Artificial Intelligence (AI) and Autonomous Technologies (AAT) stakeholders to encourage feedback about positive, negative and unanticipated impacts. | |
| AI & Autonomous Technologies Stakeholder Diversity | Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) stakeholder competencies, skills and capacities incorporate demographic diversity, broad domain and user experience expertise. | |
| AI & Autonomous Technologies Stakeholder Competencies | Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related operator and practitioner proficiency requirements for Artificial Intelligence (AI) and Autonomous Technologies (AAT) are defined, assessed and documented. | |
| AI & Autonomous Technologies Viability Decisions | Mechanisms exist to define the criteria as to whether Artificial Intelligence (AI) and Autonomous Technologies (AAT) achieved intended purposes and stated objectives to determine whether its development or deployment should proceed. | |
| AI & Autonomous Technologies Production Monitoring | Mechanisms exist to monitor the functionality and behavior of the deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT). | |
| AI & Autonomous Technologies Measurement Approaches | Mechanisms exist to measure Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks to deployment context(s) through review and consultation with industry experts, domain specialists and end users. | |
| Measuring AI & Autonomous Technologies Effectiveness | Mechanisms exist to regularly assess the effectiveness of existing controls, including reports of errors and potential impacts on affected communities. | |
| Unmeasurable AI & Autonomous Technologies Risks | Mechanisms exist to identify and document unmeasurable risks or trustworthiness characteristics. | |
| AI & Autonomous Technologies Harm Prevention | Mechanisms exist to proactively prevent harm by regularly identifying and tracking existing, unanticipated and emergent Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks. |