AAT-01 - Artificial Intelligence (AI) & Autonomous Technologies Governance

Mechanisms exist to ensure policies, processes, procedures and practices related to the mapping, measuring and managing of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent and implemented effectively.

AAT-01.1 - AI & Autonomous Technologies-Related Legal Requirements Definition

Mechanisms exist to identify, understand, document and manage applicable statutory and regulatory requirements for Artificial Intelligence (AI) and Autonomous Technologies (AAT).

AAT-01.2 - Trustworthy AI & Autonomous Technologies

Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) are designed to be reliable, safe, fair, secure, resilient, transparent, explainable and data privacy-enhanced to minimize emergent properties or unintended consequences.

AAT-01.3 - AI & Autonomous Technologies Value Sustainment

Mechanisms exist to sustain the value of deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT).

AAT-02 - Situational Awareness of AI & Autonomous Technologies

Mechanisms exist to develop and maintain an inventory of Artificial Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party).

-CRY-01 - Use of Cryptographic Controls

Cryptographic mechanisms exist to prevent unauthorized disclosure and modification of information at rest and in transit using known public standards and trusted cryptographic technologies. At a minimum, these measures should comply with TLS 1.3 for data in transit and AES-256 bit encryption for data at rest. Additional mechanisms may be put in place based on data sensitivity.

-IAC-07.2 - Termination of Employment

All Physical and Logical access must be revoked within 24 hours after voluntary termination. Immediate revocation is required for involuntary terminations.