Je veux savoir à propos de…

40812

Federal Register / Vol. 86, No. 143 / Thursday, July 29, 2021 / Notices
jbell on DSKJLSW7X2PROD with NOTICES

better manage AI risks for their intended use cases or scenarios.
6. Be readily usable as part of any enterprises broader risk management strategy and processes.
7. Be consistent, to the extent possible, with other approaches to managing AI risk. The Framework should, when possible, take advantage of and provide greater awareness of existing standards, guidelines, best practices, methodologies, and tools for managing AI risks whether presented as frameworks or in other formats. It should be lawand regulation-agnostic to support organizations ability to operate under applicable domestic and international legal or regulatory regimes.
8. Be a living document. The Framework should be capable of being readily updated as technology, understanding, and approaches to AI
trustworthiness and uses of AI change and as stakeholders learn from implementing AI risk management.
NIST expects there may be aspects of AI
trustworthiness that are not sufficiently developed for inclusion in the initial Framework.
As noted below, NIST solicits comments on these and potentially other desired attributes of an AI RMF, as well as on high-priority gaps in organizations ability to manage AI
risks.
Goals of This Request for Information RFI
This RFI invites stakeholders to submit ideas, based on their experience as well as their research, to assist in prioritizing elements and development of the AI RMF. Stakeholders include but are not limited to industry, civil society groups, academic institutions, federal agencies, state, local, territorial, tribal, and foreign governments, standards developing organizations and researchers. The Framework is intended to address AI risk management related to individuals, groups or organizations involved in the design, development, use, and evaluation of AI systems.
The goals of the Framework development process, generally, and this RFI, specifically, are to:
1. Identify and better understand common challenges in the design, development, use, and evaluation of AI
systems that might be addressed through a voluntary Framework;
2. gain a greater awareness about the extent to which organizations are identifying, assessing, prioritizing, responding to, and communicating AI
risk or have incorporated AI risk management standards, guidelines, and best practices, into their policies and practices; and
VerDate Sep<11>2014

19:19 Jul 28, 2021

Jkt 253001

3. specify high-priority gaps for which guidelines, best practices, and new or revised standards are needed and could be addressed by the AI RMFor which would require further understanding, research, and development.
Details About Responses to This Request for Information When addressing the topics below, respondents may describe the practices of their organization or organizations with which they are familiar. They also may provide information about the type, size, and location of those organizations if they desire. Providing such information is optional and will not affect NISTs full consideration of the comment. Respondents are encouraged to provide generalized information based on research and potential practices as well as on current approaches and activities.
Comments containing references, studies, research, and other empirical data that are not widely published e.g., available on the internet should include copies of the referenced materials. All submissions, including attachments and other supporting materials, will become part of the public record and subject to public disclosure.
NIST reserves the right to publish relevant comments publicly, unedited and in their entirety. All relevant comments received by the deadline will be made publicly available at https
www.nist.gov/itl/ai-risk-managementframework and at regulations.gov.
Respondents are strongly encouraged to use the template available at: https
www.nist.gov/itl/ai-risk-managementframework.
Personally identifiable information PII, such as street addresses, phone numbers, account numbers or Social Security numbers, or names of other individuals, should not be included.
NIST asks commenters to avoid including PII as NIST has no plans to redact PII from comments. Do not submit confidential business information, or otherwise sensitive or protected information. Comments that contain profanity, vulgarity, threats, or other inappropriate language or content will not be considered. NIST requests that commenters, to the best of their ability, only submit attachments that are accessible to people who rely upon assistive technology. A good resource for document accessibility can be found at: section508.gov/create/documents.
Specific Requests for Information The following statements are not intended to limit the topics that may be addressed. Responses may include any topic believed to have implications for
PO 00000

Frm 00011

Fmt 4703

Sfmt 4703

the development of an AI RMF, regardless of whether the topic is included in this document. All relevant responses that comply with the requirements listed in the DATES and ADDRESSES sections of this RFI and set forth below will be considered.
NIST is requesting information related to the following topics:
1. The greatest challenges in improving how AI actors manage AIrelated riskswhere manage means identify, assess, prioritize, respond to, or communicate those risks;
2. How organizations currently define and manage characteristics of AI
trustworthiness and whether there are important characteristics which should be considered in the Framework besides: Accuracy, explainability and interpretability, reliability, privacy, robustness, safety, security resilience, and mitigation of harmful bias, or harmful outcomes from misuse of the AI;
3. How organizations currently define and manage principles of AI
trustworthiness and whether there are important principles which should be considered in the Framework besides:
Transparency, fairness, and accountability;
4. The extent to which AI risks are incorporated into different organizations overarching enterprise risk managementincluding, but not limited to, the management of risks related to cybersecurity, privacy, and safety;
5. Standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles to identify, assess, prioritize, mitigate, or communicate AI risk and whether any currently meet the minimum attributes described above;
6. How current regulatory or regulatory reporting requirements e.g., local, state, national, international relate to the use of AI standards, frameworks, models, methodologies, tools, guidelines and best practices, and principles;
7. AI risk management standards, frameworks, models, methodologies, tools, guidelines and best practices, principles, and practices which NIST
should consider to ensure that the AI
RMF aligns with and supports other efforts;
8. How organizations take into account benefits and issues related to inclusiveness in AI design, development, use and evaluationand how AI design and development may be carried out in a way that reduces or manages the risk of potential negative impact on individuals, groups, and society.

E:FRFM29JYN1.SGM

29JYN1