-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
158 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| ## **Presentation: Establishing a Compliant AI Governance Framework** | ||
|
|
||
| ### **Slide 1: Title Slide** | ||
|
|
||
| * **Title:** AI Governance & Onboarding Framework | ||
| * **Subtitle:** Ensuring Mission Alignment, Compliance, and Risk Mitigation | ||
| * **Presenter:** [Your Name/Office] | ||
| * **Date:** January 2026 | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 2: The Federal AI Landscape** | ||
|
|
||
| * **The Mandate:** Executive Order 14110 and OMB M-24-10 have shifted AI from "experimental" to "regulated." | ||
| * **The Goal:** We must move from siloed, unrecorded AI projects to a centralized, transparent inventory. | ||
| * **The Risk of Inaction:** Failure to comply leads to project termination, public reporting of non-compliance, and increased liability regarding civil rights. | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 3: Our Governance Philosophy** | ||
|
|
||
| * **Centralized Oversight:** A single point of truth for all AI use cases (the Inventory). | ||
| * **Risk-Based Approach:** We don't over-regulate low-risk tools; we focus resources on "Rights-Impacting" and "Safety-Impacting" AI. | ||
| * **NIST-Aligned:** Our process follows the NIST AI Risk Management Framework (Map, Measure, Manage, Govern). | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 4: The 4-Gate Onboarding Workflow** | ||
|
|
||
| * **Gate 1: Discovery:** Intake form identifies the "Who, What, and Why." | ||
| * **Gate 2: Risk Screening:** Rapid determination of "Rights-Impacting" status. | ||
| * **Gate 3: Assessment:** Deep dive into data quality, bias, and performance metrics. | ||
| * **Gate 4: Authorization:** Formal CAIO/Board approval to deploy. | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 5: Defining "High-Risk" AI (OMB M-24-10)** | ||
|
|
||
| * **Rights-Impacting:** AI used in hiring, law enforcement, immigration, or benefit eligibility. | ||
| * **Safety-Impacting:** AI controlling critical infrastructure, emergency response, or medical triage. | ||
| * **Mandatory Requirements:** These projects *must* have an Impact Assessment and a Human-in-the-loop override. | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 6: Performance & Transparency** | ||
|
|
||
| * **The Inventory:** We will collect 15+ metadata points (ID, Technique, Stage, etc.) for annual OMB reporting. | ||
| * **Measuring Success:** We track more than just accuracy; we measure **Fairness, Robustness, and Explainability.** | ||
| * **Public Accountability:** Unless classified, our inventory will be shared on AI.gov to build public trust. | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 7: Strategic Next Steps** | ||
|
|
||
| 1. **Deploy the Portal:** Launch the SharePoint/Database intake form using the proposed metadata schema. | ||
| 2. **Appoint the Review Board:** Establish the cross-functional team (IT, Legal, Policy) to review high-risk cases. | ||
| 3. **Audit Existing Tools:** Catalog current "shadow AI" projects into the new framework. | ||
| 4. **Training:** Educate program managers on the new federal "Minimum Practices." | ||
|
|
||
| --- | ||
|
|
||
| ### **Slide 8: Conclusion & Call to Action** | ||
|
|
||
| * **Summary:** This framework isn't just a hurdle; it’s a roadmap for scaling AI safely and legally. | ||
| * **Request:** Approval to formalize this onboarding process as the standard agency SOP. | ||
| * **Questions?** | ||
|
|
||
| --- | ||
|
|
||
| ### **How to use this:** | ||
|
|
||
| * **For the CIO:** Emphasize Slide 4 (Workflow) and Slide 7 (Next Steps). | ||
| * **For Legal/General Counsel:** Emphasize Slide 5 (Risk Categories) and Slide 6 (Transparency). | ||
| * **For Program Managers:** Focus on the "Intake" process to show them exactly how to get their projects started. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| # Federal AI Project Onboarding & Governance Framework (2026) | ||
|
|
||
| ## 1. Overview & Regulatory Authority | ||
|
|
||
| This framework ensures our organization complies with the following federal mandates: | ||
|
|
||
| * **OMB Memorandum M-24-10:** Mandates the appointment of a Chief AI Officer (CAIO) and the implementation of "Minimum Practices" for AI. | ||
| * **Executive Order 14110:** Directs the safe, secure, and transparent development of AI. | ||
| * **NIST AI Risk Management Framework (RMF 1.0):** The gold standard for identifying and managing AI-specific risks. | ||
| * **GAO-21-519SP:** Provides the accountability framework for federal AI auditing and monitoring. | ||
|
|
||
| --- | ||
|
|
||
| ## 2. The Onboarding Workflow (The Lifecycle) | ||
|
|
||
| Every AI project must pass through these four "Governance Gates" to ensure compliance: | ||
|
|
||
| 1. **Phase 1: Intake (Map):** Project teams submit a standardized intake form. | ||
| 2. **Phase 2: Risk Categorization:** Teams determine if the AI is "Rights-Impacting" or "Safety-Impacting." | ||
| 3. **Phase 3: Assessment (Measure):** High-risk projects complete a full Impact Assessment and technical testing. | ||
| 4. **Phase 4: Authorization (Govern):** The CAIO or Governance Board grants final approval for deployment. | ||
|
|
||
| --- | ||
|
|
||
| ## 3. Standardized Metadata Inventory (Data Schema) | ||
|
|
||
| *To be collected for every project at the "Intake" phase.* | ||
|
|
||
| | Field Name | Description | | ||
| | --- | --- | | ||
| | **Unique ID** | Persistent ID (e.g., DEPT-2026-001) for annual reporting. | | ||
| | **Project Name/Summary** | Plain-language description of the AI’s purpose and benefit. | | ||
| | **Topic Area** | Mission area (e.g., Law Enforcement, Benefits Delivery, HR). | | ||
| | **Development Stage** | (Planned, Research, Pilot, Active, or Retired). | | ||
| | **Rights/Safety Risk** | Binary flag (Yes/No) based on the Impact Checklist. | | ||
| | **Technique Used** | (e.g., Generative AI/LLM, Computer Vision, Regression). | | ||
| | **Data Sensitivity** | Does the system process PII or Law Enforcement Sensitive data? | | ||
|
|
||
| --- | ||
|
|
||
| ## 4. Rights-Impacting Determination Checklist | ||
|
|
||
| *If any box is checked, the project is "Presumptively High-Risk" per **OMB M-24-10, Appendix I**.* | ||
|
|
||
| * [ ] **Civil Rights:** Affects hiring, education, voting, or law enforcement. | ||
| * [ ] **Essential Services:** Affects healthcare, housing, or public benefit eligibility. | ||
| * [ ] **Personal Safety:** Controls critical infrastructure or emergency response. | ||
| * [ ] **Biometrics:** Uses facial recognition or gait analysis in public spaces. | ||
|
|
||
| --- | ||
|
|
||
| ## 5. AI Impact Assessment (For High-Risk Projects) | ||
|
|
||
| *Required under **OMB M-24-10 Section 5(b)(ii)** before deployment.* | ||
|
|
||
| 1. **Expected Benefit:** Quantitative or qualitative mission improvement. | ||
| 2. **Risk Identification:** Specific harms to civil liberties or safety. | ||
| 3. **Data Appropriateness:** Verification that training data is representative and fit-for-purpose. | ||
| 4. **Fairness Testing:** Results showing no disparate impact across protected demographics. | ||
| 5. **Recourse Plan:** Process for humans to appeal and override AI-generated decisions. | ||
|
|
||
| --- | ||
|
|
||
| ## 6. Technical Performance Metrics | ||
|
|
||
| *Teams must report these values annually to the Agency AI Inventory.* | ||
|
|
||
| * **Correctness:** Accuracy, Precision, Recall, or F1 Score. | ||
| * **Reliability:** Latency and uptime for safety-critical systems. | ||
| * **Fairness:** Disparate impact ratio or demographic parity scores. | ||
| * **Robustness:** Documented "Data Drift" scores and adversarial test results. | ||
|
|
||
| --- | ||
|
|
||
| ## 7. Reference Directory | ||
|
|
||
| | Requirement | Primary Source | Section | | ||
| | --- | --- | --- | | ||
| | **Annual Reporting** | [OMB M-24-10](https://www.whitehouse.gov/wp-content/uploads/2024/03/M-24-10-Advancing-Governance-Innovation-and-Risk-Management-for-Agency-Use-of-Artificial-Intelligence.pdf) | Section 3(a)(iv) | | ||
| | **Risk Management** | [NIST AI RMF 1.0](https://www.nist.gov/itl/ai-risk-management-framework) | Map, Measure, Manage | | ||
| | **Accountability** | [GAO-21-519SP](https://www.gao.gov/products/gao-21-519sp) | Principles 1-4 | | ||
| | **Inventory Schema** | [CIO.gov AI Inventory](https://www.cio.gov/policies-and-priorities/Executive-Order-13960-AI-Use-Case-Inventories-Reference/) | 2024-2025 Instructions | | ||
|
|