Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has officially released the AI Secure Development Framework (AI-SDF), a landmark set of guidelines for federal agencies procuring and deploying AI systems. A key requirement of the AI-SDF is the mandatory implementation of verifiable data and model provenance, forcing vendors to provide a secure 'bill of materials' for their AI models, detailing training data, architectures, and fine-tuning processes. The framework also establishes rigorous third-party auditing requirements for high-risk AI applications, particularly those used in critical infrastructure and law enforcement. This move aims to mitigate risks from data poisoning and model theft by increasing transparency and accountability in the AI supply chain. Compliance will be required for all new federal AI contracts starting in Q1 2027.