Overview
Severity: MEDIUM | Affected: NIST | Category: policy
The U.S. National Institute of Standards and Technology (NIST) has officially released the AI Security Framework and Reference (AI-SFR) version 1.0, a landmark publication for the industry. This voluntary framework provides a comprehensive set of guidelines, standards, and best practices for managing security risks associated with artificial intelligence systems. It follows the structure of the widely adopted NIST Cybersecurity Framework, with functions like 'Govern', 'Map', 'Measure', and 'Manage' tailored specifically for AI contexts. The AI-SFR addresses critical areas such as securing the AI development lifecycle (AI-SDLC), data and model provenance, adversarial machine learning defense, and incident response for AI-specific events like model evasion or data poisoning. The framework is designed to be technology-agnostic and applicable across various sectors, aiming to establish a common language and baseline for AI security that can be integrated into organizational risk management programs worldwide.