Title page
Contents
Executive Summary 2
Introduction 5
Current and Proposed AI Regulations and Rules 6
Cybersecurity Risk Management in Contracts as a Case Study for AI 7
Cybersecurity Procurement Challenges and Lessons for AI 9
Balancing the Level of Risk Management with the Level of Risk Impact 9
Recommendation 10
Balancing Trust in Vendors' Commitment to Risk Management Practices with Government's Need for Verification 11
Recommendation 13
Appropriately Preparing the Acquisition Workforce 13
Recommendation 15
Third-Party Auditing Concerns 15
Recommendation 16
Incident Sharing and Reporting Enforcement 17
Recommendation 18
Summary of Recommendations for AI Risk Management 19
Conclusion 20
Author 21
Acknowledgments 21
Endnotes 22
Table 1. Summary of the Documents NIST Developed in Compliance with FISMA Directives 10