Cyber IT Supervisory Forum eBook
Notional AI Adoption and Implementation Stages * Description Stage AI has not yet been adopted by the organization, but the organization needs to take a proactive defensive posture to avoid AI-related risks. Proactive Defense The organization deploys various software products that have embedded AI functionality for targeted applications. Embedded Capability Deployment
Exploratory Development
The organization is exploring one or more potential AI use cases, developed internally, and needs to begin putting in place a foundational control structure. AI is implemented in one or a small number of low-risk production use cases (e.g., not customer-facing, not affecting transactional activity, not affecting financial reporting). AI is implemented in one or a small number of moderate-risk production use cases (e.g., customer-facing but not affecting transactional activity, not affecting financial reporting). AI is implemented in one or a small number of high-risk production use cases (e.g., customer-facing and affecting transactional activity, affecting financial reporting). AI has become broadly adopted across the organization and is employed across a number of different use cases.
Low-Impact Use
Moderate-Impact Use
Increasing Risk Level
High-Impact Use
Broad-Based AI Adoption
* Note: These stages are not necessarily progressive; firms often jump directly to a specific stage.
CRI AI Implementation Guidance – Conceptual Framework
AI Adoption / Implementation Stages
Embedded Capability Deployment
NIST AI RMF
Proactive Defense
Exploratory Development
Low-Impact Use
Moderate Impact Use
High-Impact Use
Broad-Based AI Adoption
Govern
Govern 1 Govern 2
Map
Subcategory-Level Guidance / Control Objectives
Map 1 Map 2 Measure
Map to CRI Profile where relevant
Measure 1 Measure 2
Manage Measure
Measure 2
Also informed by: • OCC Model Risk Guidance • MITRE ATT&CK for Learning Systems (ATLAS) • OWASP LLM Top 10 • Machine Learning Security Top 10 • ISO 42001
FS-Tailored Control Implementation Guidance
Made with FlippingBook Digital Publishing Software