This page is still being polished. If you have thoughts, please share them via the feedback form.
Data on this page is preliminary and may change. Please do not share or cite these figures publicly.
Red teaming, capability evaluations, adversarial testing, and performance verification.
Also in Risk & Assurance
Verify the implementation of the improvements and validate the effectiveness of the improvement in addressing the corresponding issue impacting system assurance. This step may essentially iterate on the assessment on the system after implementation of improvements.
Reasoning
Validates improvements' effectiveness through post-implementation system reassessment and testing.
Initiate Assurance Plan
Initialize the assurance plan artifact which will organize and contain the plans for establishing and maintaining assurance.
2.2.4 Assurance DocumentationDescribe capability needs:
Provide a high-level description of the specific mission needs which inform the system’s development, including the operational environment, the current state, particular needs to be addressed, and the desired end state.
2.2.4 Assurance DocumentationDocument system details
Provide detailed documentation about the system, including a system description, mission description, system employment, details of expected system use, the scope of operations (including foreseeable misuse), system requirements, system architecture, and system stakeholders.
2.2.4 Assurance DocumentationIdentify AI-specific considerations
Create detailed documentation of considerations that include AIspecific policies, requirements, and guidance. Identify the AI components of the system including details on algorithms, models, architecture, data use, and rationale for the design. Identify the interactions between AI, humans, other systems, potential effects, and planned accountability for the system.
2.2.4 Assurance DocumentationDefine assurance claims
Define assurance claims and sub-claims that achieve the top-level assurance claim defined as, “While operating within its defined scope, the system will achieve its intended outcomes without introducing unacceptable risks, throughout its lifecycle.”
2.2.4 Assurance DocumentationIdentify requirements and protocols for assurance cases
Identify the types of evidence, validation methods, and documentation standards needed to support assurance claims. Additionally identify the methods for review and acceptance of assurance cases.
2.2.4 Assurance DocumentationA Framework for the Assurance of AI-Enabled Systems
Kapusta, Ariel S.; Jin, David; Teague, Peter M.; Houston, Robert A.; Elliott, Jonathan B.; Park, Grace Y.; Holdren, Shelby S. (2025)
The United States Department of Defense (DOD) looks to accelerate the development and deployment of AI capabilities across a wide spectrum of defense applications to maintain strategic advantages. However, many common features of AI algorithms that make them powerful, such as capacity for learning, large-scale data ingestion, and problem-solving, raise new technical, security, and ethical challenges. These challenges may hinder adoption due to uncertainty in development, testing, assurance, processes, and requirements. Trustworthiness through assurance is essential to achieve the expected value from AI. This paper proposes a claims-based framework for risk management and assurance of AI systems that addresses the competing needs for faster deployment, successful adoption, and rigorous evaluation. This framework supports programs across all acquisition pathways provide grounds for sufficient confidence that an AI-enabled system (AIES) meets its intended mission goals without introducing unacceptable risks throughout its lifecycle. The paper's contributions are a framework process for AI assurance, a set of relevant definitions to enable constructive conversations on the topic of AI assurance, and a discussion of important considerations in AI assurance. The framework aims to provide the DOD a robust yet efficient mechanism for swiftly fielding effective AI capabilities without overlooking critical risks or undermining stakeholder trust.
Verify and Validate
Testing, evaluating, auditing, and red-teaming the AI system
Developer
Entity that creates, trains, or modifies the AI system
Measure
Quantifying, testing, and monitoring identified AI risks
