- The IT complexity puzzle and how modernizing IT service management can help CIOs solve it and unlock growth
- 웨이모, 엠마(EMMA) 논문 공개 "멀티모달 모델을 자율 주행 영역으로 확장"
- 네이버 밴드, 미국 월간 활성 사용자 600만 돌파 "3년 만에 2배 성장"
- 칼럼 | 적절한 의도와 잘못된 주체…오픈AI '심플QA'의 한계
- Bluesky's stormy day: How its explosive growth led to inevitable outages
Modernizing and Applying FedRAMP Security Standards to Accelerate Safe AI
Often, technology develops faster than we can handle. This is especially true for the federal government and its partners — organizations that must adhere to strict security standards in the interest of national security.
The Federal Risk and Authorization Management Program, familiarly known as FedRAMP, is a clear case in point. FedRAMP provides a standardized and mandatory approach to security assessment, authorization and monitoring for cloud products and services. Commercial cloud service providers looking to do business with the government must be FedRAMP accredited and compliant.
But with emerging technology like artificial intelligence, new standards like this are just beginning to take shape.
Numbers have shown the federal government has an appetite for AI. According to a report from Stanford University, U.S. Defense and Federal Civilian agencies spent nearly $3B on AI solutions. This illustrates that the federal government recognizes the benefits and needs to adopt artificial intelligence to remain competitive and protect our national security. But how do technology companies become mission-ready for these needs?
The Intersection of Standards
There are a few recent mandates around the federal use of AI such as the Office of Management and Budget’s newly released Memo M-24-10. This states government agencies must meet and implement mandatory AI safeguards that provide more reliability testing, transparency and testing of AI systems. Agencies must meet these standards by December 1, 2024.
This is where it gets complicated. Since many commercial AI solutions are delivered using cloud services, these AI solutions must be FedRAMP accredited.
With the rapid adoption of AI, there are now federal agency-specific use cases that detail the intersection of AI and cloud services. For example, the Department of Labor (DOL) has several projects utilizing cloud based commercial off the shelf NLP models for language translation, claims document processing and website chatbots. The United States Treasury has similar use cases.
These use cases, with both cloud and AI integration, are subject to FedRAMP compliance already.
Meeting New Benchmarks and Beyond
Regardless of whether a technology company is providing a cloud-based AI service or just a typical AI model, there are a few steps that can be taken now to accelerate the use of AI by building upon existing frameworks like FedRAMP.
Compliance can be achieved at a faster pace with an authority-to-operate (ATO) system to create an overlay for AI that is based on NIST AI RMF and NIST SP 800-53. By applying an ATO to AI, agencies can tailor, extend and augment existing guidelines and accelerate the integration of AI systems and safeguards.
Another helpful resource comes from the FedRAMP Program Management Office which recently published the Emerging Technology Prioritization Framework, designed to accelerate the availability of FedRAMP accredited Gen AI cloud solutions for federal agencies.
To jumpstart the availability of AI solutions, the FedRAMP PMO published a draft prioritization framework that defines the initial categories of Generative AI solutions and the benchmarks that will be used to drive selection. The initial focus is on Generative AI solutions for chat interfaces, code generation and prompt-based image generation.
Whether or not a company is subjected to FedRAMP or other similar standards, it’s important to stay up to date with the latest guidance to ensure compliance. Having an awareness of these mandates and guidelines can make processes and development more efficient.
Government agencies should look for industry partners that are prioritizing security and thinking one step ahead. New regulations and standards are being rolled out frequently, so it’s only a matter of time before some of these best practices become mandatory.
About the Author
Gaurav “GP” Pal is CEO and founder of stackArmor. He is an award-winning Senior Business Leader with a successful track record of growing and managing a secure cloud solutions practice with over $100 million in revenue focused on U.S. federal, Department of Defense, non-profit and financial services clients.GP can be reached at stackArmor’s company website https://stackarmor.com/