协调人工智能指导：将自愿标准和最佳实践提炼到一个统一的框架中

Executive Summary Organizations looking to develop or deployartificial intelligence (AI)systems facemany barriers in trying to operationalize AI-related best practices. In addition to themany practical hurdles to implementation, such as a lack of resources or in-houseexpertise, the complex landscape of existing AI guidanceitselfpresents a substantialchallenge. Organizations face an overload of information, coming from a myriad ofdisparate sources, that is often written in language that can be inaccessible to manyorganizations.This places an enormous burden on practitioners to sort through anddecipher this guidance on their own—requiring time, resources, and expertise thatmany organizations, particularly smallerones, cannot afford. To address these challenges, the researchers at CSET have attempted to do thisintensive work for organizations. In this report, we present a harmonized framework forhow an organization should govern, manage, and protect its technology—and how tointegrate emerging technologiessuch asartificial intelligence into its existing practices.This work distillsmore than7,000 recommendations, collected from 52 differentguidance documents, into a condensed set of 258 recommendations. Theserecommendations aregrouped into 5 overarching categories and 34 topic areas,enabling organizations to quickly identify the most important practices across a broadset of disciplines.Thebreadthof content covered in this framework exceeds that ofanyexistingindividualguidance document. To match this scope,organizations wouldotherwise needmore than900 recommendations from seven or more differentframeworks to approximate.In creating this framework, we develop a novel processfor harmonization and methods to validatethe results that can be reusedforotherapplications. Alongside each recommendation, we indicatethe degree to which thecontentisdeveloped fromAI-specificguidance. This information, derivedfrom the harmonizationprocess,helps toillustrate how new AI guidance overlays withexistingcybersecurity,privacy, and risk managementpractices. We conclude our analysis by identifyingwhere current AI reports havebeen focusedand highlighting gaps in existingknowledge, work that forthcoming CSET research aims to address. Table of Contents Center for Security and Emerging Technology|2Executive Summary................................................................................................................................1Introduction...............................................................................................................................................4Background................................................................................................................................................6A Divided and Shifting Landscape................................................................................................6Challenges in Operationalizing AI Guidance.............................................................................7Methods...................................................................................................................................................11Collating Existing Guidance..........................................................................................................11Harmonizing Recommendations.................................................................................................12Limitations..........................................................................................................................................14Harmonization Results........................................................................................................................16Clustering...........................................................................................................................................16Framework Validation....................................................................................................................19CSET’s Harmonized AI Framework................................................................................................25Governance........................................................................................................................................27Strategy & Leadership................................................................................................................27Management..................................................................................................................................27Risk Management........................................................................................................................28IT Management.............................................................................................................................29Supply Chain.................................................................................................................................30Workforce