Policy Submissions

Credo AI's Comments on NIST’s Risk Management Framework GenAI Profile

Credo AI submitted comments on NIST RFC 600-1 Risk Management Framework Generative AI Profile, highlighting ways to enhance its usability and relevance for enterprises.

June 4, 2024
Lucía Gamboa
No items found.
No items found.

In the ever-evolving landscape of artificial intelligence, ensuring safety, security, and trustworthiness is paramount. At Credo AI, we're dedicated to advancing AI governance and risk management, and we're excited to share the highlights of our submission to the National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF) GenAI Profile request for comments.

The release of the GenAI Profile is a significant step towards concrete and actionable AI risk management. It empowers organizations to manage AI-specific risks independently, fostering efficiency in day-to-day development pipelines.

Our feedback stems from practical experience and close collaboration with enterprises navigating the adoption of NIST’s RMF and other AI governance frameworks. Some of our suggestions include:

  • Risks: We propose dividing risks into model and output risks to better match the product development cycle. This categorization ensures all actions have associated risks and provides specific scenarios for each risk, enhancing applicability and effectiveness.
  • Actions categorization: Further categorizing mitigating actions based on organizational or system-level relevance and enabling filtering based on model characteristics can enhance usability and relevance for enterprises.
  • Implementation: We recommend breaking down mitigating actions into achievable steps, facilitating easier completion and tracking. Additionally, classifying actions based on model characteristics and defining evidence requirements can streamline task distribution within organizations.

Looking Ahead

Credo AI has taken steps to operationalize the first edition of the NIST AI RMF GenAI Profile within our platform. This integration provides a straightforward approach to implementing continuous governance and accountability that aligns with best AI/ML lifecycle practices. With Credo AI, you'll benefit from a seamless solution for managing the NIST AI RMF, including the ability to:

  • Track and drive the NIST AI RMF adoption across all internal teams.
  • Demonstrate compliance with customers and the market.
  • Reduce overall AI risk exposure through adherence to a best-practice risk management framework created by a standard-setting body.

Read our full submission here

Don’t let uncertainty about where to start with the NIST AI RMF hold you back. Reach out to us and simplify your adoption now!

Credo AI values the opportunity to contribute to the development of generative AI risk management standards and frameworks. We eagerly anticipate the finalization of the GenAI Profile and remain committed to facilitating its adoption across enterprises.

DISCLAIMER. The information we provide here is for informational purposes only and is not intended in any way to represent legal advice or a legal opinion that you can rely on. It is your sole responsibility to consult an attorney to resolve any legal issues related to this information.