Summary
This document is a regulatory alert regarding the preliminary draft of the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) released by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). The Cyber AI Profile aims to extend the existing NIST Cybersecurity Framework (CSF) 2.0 to address new cybersecurity risks and opportunities associated with AI technologies. It outlines three focus areas: Secure, Defend, and Thwart, which address securing AI systems, enhancing cybersecurity processes through AI, and building resilience against AI-enabled cyberattacks. The draft integrates AI considerations across the six core functions of the CSF 2.0: Govern, Identify, Protect, Detect, Respond, and Recover. Each function includes proposed AI-specific considerations to guide organizations in managing cybersecurity risks related to AI systems. The document emphasizes a risk-based approach and encourages organizations to tailor their cybersecurity strategies based on their unique needs and risk tolerances.
