This page is still being polished. If you have thoughts, please share them via the feedback form.
Data on this page is preliminary and may change. Please do not share or cite these figures publicly.
Structured analysis to identify, characterize, and prioritize potential harms and risks.
Also in Risk & Assurance
Emerging risks and concerns that are identified must be addressed in order to maintain assurance.
Reasoning
Organizational practice requiring emerging risks be addressed as part of assurance maintenance; too vague to specify assessment, testing, auditing, or documentation mechanism.
Initiate Assurance Plan
Initialize the assurance plan artifact which will organize and contain the plans for establishing and maintaining assurance.
2.2.4 Assurance DocumentationDescribe capability needs:
Provide a high-level description of the specific mission needs which inform the system’s development, including the operational environment, the current state, particular needs to be addressed, and the desired end state.
2.2.4 Assurance DocumentationDocument system details
Provide detailed documentation about the system, including a system description, mission description, system employment, details of expected system use, the scope of operations (including foreseeable misuse), system requirements, system architecture, and system stakeholders.
2.2.4 Assurance DocumentationIdentify AI-specific considerations
Create detailed documentation of considerations that include AIspecific policies, requirements, and guidance. Identify the AI components of the system including details on algorithms, models, architecture, data use, and rationale for the design. Identify the interactions between AI, humans, other systems, potential effects, and planned accountability for the system.
2.2.4 Assurance DocumentationDefine assurance claims
Define assurance claims and sub-claims that achieve the top-level assurance claim defined as, “While operating within its defined scope, the system will achieve its intended outcomes without introducing unacceptable risks, throughout its lifecycle.”
2.2.4 Assurance DocumentationIdentify requirements and protocols for assurance cases
Identify the types of evidence, validation methods, and documentation standards needed to support assurance claims. Additionally identify the methods for review and acceptance of assurance cases.
2.2.4 Assurance DocumentationA Framework for the Assurance of AI-Enabled Systems
Kapusta, Ariel S.; Jin, David; Teague, Peter M.; Houston, Robert A.; Elliott, Jonathan B.; Park, Grace Y.; Holdren, Shelby S. (2025)
The United States Department of Defense (DOD) looks to accelerate the development and deployment of AI capabilities across a wide spectrum of defense applications to maintain strategic advantages. However, many common features of AI algorithms that make them powerful, such as capacity for learning, large-scale data ingestion, and problem-solving, raise new technical, security, and ethical challenges. These challenges may hinder adoption due to uncertainty in development, testing, assurance, processes, and requirements. Trustworthiness through assurance is essential to achieve the expected value from AI. This paper proposes a claims-based framework for risk management and assurance of AI systems that addresses the competing needs for faster deployment, successful adoption, and rigorous evaluation. This framework supports programs across all acquisition pathways provide grounds for sufficient confidence that an AI-enabled system (AIES) meets its intended mission goals without introducing unacceptable risks throughout its lifecycle. The paper's contributions are a framework process for AI assurance, a set of relevant definitions to enable constructive conversations on the topic of AI assurance, and a discussion of important considerations in AI assurance. The framework aims to provide the DOD a robust yet efficient mechanism for swiftly fielding effective AI capabilities without overlooking critical risks or undermining stakeholder trust.
Operate and Monitor
Running, maintaining, and monitoring the AI system post-deployment
Developer
Entity that creates, trains, or modifies the AI system
Manage
Prioritising, responding to, and mitigating AI risks
