New guidelines from the Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) provide recommendations to help stakeholders make informed decisions and help providers “build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorized parties.”
The “Guidelines for Secure AI System Development” document covers four main areas:
- Secure design — This section covers understanding risks and threat modeling, as well as trade-offs to consider on system and model design.
- Secure development — This applies to the development stage of the AI system development life cycle, including supply chain security, documentation, and asset and technical debt management.
- Secure deployment — This section includes protecting infrastructure and models from compromise, threat or loss, developing incident management processes, and responsible release.
- Secure operation and maintenance — This section offers guidelines on logging and monitoring, update management, and information sharing.
In general, the guidelines follow a “secure by default” approach and align closely to existing recommendations from CISA, the NCSC, and other agencies.
“The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority,” CISA says.
Read more at NCSC.
Contact FOSSlife to learn about partnership and sponsorship opportunities.