Page 183 - Cyber Defense eMagazine July 2024
P. 183

But with emerging technology like artificial intelligence, new standards like this are just beginning to take
            shape.

            Numbers have shown the federal government has an appetite for AI. According to a report from Stanford
            University, U.S. Defense and Federal Civilian agencies spent nearly $3B on AI solutions. This illustrates
            that the federal government  recognizes  the benefits and needs to adopt artificial intelligence  to remain
            competitive and protect our national security. But how do technology companies become mission-ready
            for these needs?



            The Intersection of Standards

            There are a few recent mandates around the federal use of AI such as the Office of Management  and
            Budget’s  newly released  Memo M-24-10.  This states  government  agencies  must meet and implement
            mandatory  AI safeguards  that provide  more reliability  testing,  transparency  and  testing of AI systems.
            Agencies must meet these standards by December 1, 2024.

            This is where it gets complicated. Since many commercial AI solutions are delivered using cloud services,
            these AI solutions must be FedRAMP accredited.

            With the rapid adoption of AI, there are now federal agency-specific use cases that detail the intersection
            of AI and cloud services. For example, the Department of Labor (DOL) has several projects utilizing cloud
            based commercial  off the shelf NLP models for language translation,  claims document processing  and
            website chatbots. The United States Treasury has similar use cases.

            These use cases, with both cloud and AI integration, are subject to FedRAMP compliance already.



            Meeting New Benchmarks and Beyond


            Regardless  of whether a technology  company is providing a cloud-based  AI service or just a typical AI
            model, there are a few steps that can be taken now to accelerate the use of AI by building upon existing
            frameworks like FedRAMP.

            Compliance  can be achieved  at a faster  pace with an  authority-to-operate  (ATO)  system  to create an
            overlay for AI that is based on NIST AI RMF and NIST SP 800-53. By applying an ATO to AI, agencies
            can  tailor,  extend  and  augment  existing  guidelines  and  accelerate  the  integration  of  AI  systems  and
            safeguards.

            Another  helpful  resource  comes  from  the  FedRAMP  Program  Management  Office  which  recently
            published the Emerging Technology  Prioritization  Framework, designed  to accelerate the availability of
            FedRAMP accredited Gen AI cloud solutions for federal agencies.


            To jumpstart the availability of AI solutions, the FedRAMP PMO published a draft prioritization framework
            that defines the initial categories of Generative AI solutions and the benchmarks that will be used to drive







            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          183
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   178   179   180   181   182   183   184   185   186   187   188