My information Resource (blog.mir.net)

NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook

The National Institute of Standards and Technology (NIST) announces the launch of the NIST Trustworthy and Responsible AI Resource Center (AIRC), a one-stop-shop for foundational content, technical documents, and toolkits to enable responsible use of Artificial Intelligence (AI). The AIRC offers industry, government, and academic stakeholders knowledge of AI standards, measurement methods and metrics, datasets, and other resources. 

The launch of the AI Resource Center was announced during the White House Summit for Democracy held this week. The AIRC is part of NIST’s continued effort to promote a shared understanding and improve communication among those seeking to operationalize trustworthy and responsible AI. 

The Resource Center will facilitate implementation of trustworthy and responsible approaches such as those described in NIST’s AI Risk Management Framework (AI RMF). That voluntary Framework articulates and offers guidance for addressing the key building blocks of trustworthy AI in order to better manage risks to individuals, organizations, and society associated with AI.

The initial version of the AIRC, which will be expanded over time based on contributions from NIST and others, includes the AI RMF 1.0 and the first complete version of the  companion playbook. Content in the AI RMF Playbook can now be filtered by AI RMF function, topic, and AI actor role so that users can quickly isolate relevant information most useful to them. 

The AIRC includes access to a standards tracker about AI standards around the globe, along with a metrics hub to assist in test, evaluation, verification, and validation of AI. 

A trustworthy and responsible AI Glossary in the AIRC is being released in beta format as a spreadsheet as approaches to visualize the relationships between and among these terms continue to advance. A final glossary will be produced at a later date based on input from the community.
In addition, the new resource center will  be a repository for NIST technical and policy documents related to the AI RMF, the NIST AI publication series, as well as NIST-funded external resources in the area of trustworthy and responsible AI. 
The AIRC Engagements and Events page will include updates on how to engage with NIST on the topic of trustworthy and responsible AI. 

Sign up to receive email notifications about NIST’s AI activities here.

Become a Collaborator on the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project
The National Cybersecurity Center of Excellence (NCCoE) has issued a Federal Register Notice (FRN) inviting industry participants and other interested collaborators to participate in the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project.

The NCCoE Healthcare project team will build an environment that will model patients’ use of smart speakers in a telehealth ecosystem. The goal of this project is to identify and mitigate cybersecurity and privacy risks associated with these ecosystems. This project will result in a publicly available NIST Cybersecurity Practice Guide.

There are two ways to join the NCCoE for this project:

Become an NCCoE Collaborator – Collaborators are members of the project team that work alongside the NCCoE staff to build the demonstration by contributing products, services, and technical expertise.

Get Started Today – If you are interested in becoming an NCCoE collaborator for the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration project, first review the requirements identified in the Federal Register Notice. To become a collaborator, visit the project page to see the final project description and request a Letter of Interest (LOI) template--you will then receive a link to download the LOI template. 

Go to the project page here

Complete the LOI template and send it to the NCCoE Healthcare team at hit_nccoe@nist.gov.

Join our Community of Interest – By joining the NCCoE Healthcare Community of Interest (COI), you will receive project updates and the opportunity to share your expertise to help guide this project. Request to join our Healthcare COI by visiting our project page.

If you have any questions, please contact our project team at hit_nccoe@nist.gov.

What is this paper about?

As manufacturers are increasingly targeted in cyberattacks, any
gaps in cybersecurity leave small manufacturers vulnerable to attacks. Small
manufacturers tend to operate facilities with limited staff and resources,
often causing cybersecurity to fall by the wayside as something that costs too
much time and money. Additionally, bringing together various cybersecurity
standards, frameworks, and guides to derive a coherent action plan is a
challenge even for those experienced in cybersecurity.

Security segmentation is a cost effective and efficient security
design approach for protecting cyber assets by grouping them based on their
communication and security requirements. This paper outlines a practical
six-step approach, incorporating the NIST
Cybersecurity Framework (CSF) and NIST IR 8183 Cybersecurity Framework: Manufacturing Profile
(“CSF Manufacturing Profile”), that manufacturers can follow to implement
security segmentation and mitigate cyber vulnerabilities in their manufacturing
environments.

The NIST Cybersecurity White Paper: Security Segmentation in a Small
Manufacturing Environment is now available free of charge.

Let us know what you think!

Questions? Email our team at manufacturing_nccoe@nist.gov with your
feedback and let us know if you would like to join the Manufacturing community
of interest. We value and welcome your input.

Project Page

 There’s Now Extra Time to Comment…Please Share Your Feedback on
our Three NIST Identity Guidance Items!

NIST has extended the deadlines to submit comments to drafts of
three key pieces of guidance related to digital identity:

1. Digital Identity Guidelines
   (NIST SP 800-63-4) | Extended until April 14, 2023 NIST
   SP 800-63 intends to respond to the changing digital landscape that has
   emerged since the last major revision of this suite was
   published in 2017—including the real-world implications of online risks.
   The guidelines present the process and technical requirements for meeting
   digital identity management assurance levels for identity proofing,
   authentication, and federation, including requirements for security and
   privacy as well as considerations for fostering equity and the usability
   of digital identity solutions and technology.
2. Guidelines for Derived Personal Identity
   Verification (PIV) Credentials (NIST SP 800-157r1) | Extended until April 21,
   2023 NIST SP 800-157 has been
   revised to feature an expanded set of derived PIV credentials to include
   public key infrastructure (PKI) and non-PKI-based phishing-resistant
   multi-factor authenticators.
3. Guidelines for Personal Identity Verification (PIV)
   Federation
   (NIST SP 800-217) | Extended
   until April 21, 2023 NIST SP 800-217 details
   technical requirements on the use of federated PIV identity and the
   interagency use of assertions to implement PIV federations backed by PIV
   identity accounts and PIV credentials.

Read More