The National Institute of Standards and Technology (NIST) recently released the Second Public Draft of Digital Identity Guidelines for review and public comment. The draft contains new requirements for government contractors using AI systems. With the federal government being such an important customer for intelligent automation technology providers, the new requirements could be significant.
The additions to the second draft of the NIST guidelines appear in Sec. 3.8 of the document:
All uses of AI and ML must be documented and communicated to organizations relying on these systems, credential service providers (CSPs), identity providers (IdPs), or verifiers using AI and ML must disclose this to all responsible persons making access decisions based on these systems.
Organizations using AI and ML must provide information to entities using their technology, including methods and techniques for training models, descriptions of training data sets, frequency of model updates, and testing results.
Organizations using AI and ML systems must implement the NIST AI Risk Management Framework to evaluate risks and must consult SP1270 for managing bias in AI.
The provisions in the Draft Guidelines call for detailed disclosures that explain how AI systems operate, the data they rely on, and the algorithms that drive their decisions. NIST is accepting public comment on the guideline until Oct. 7, 2024. Interested parties can find information on the draft and instructions for those who want to participate in the comment process here.