The adoption and usage of artificial intelligence (AI) and machine learning (ML) technologies have the potential to greatly benefit public and private organizations by improving efficiency and delivering better digital government services. This document provides a set of guidelines for AI/ML adoption and usage by DC government agencies, along with mapping to the NIST AI RMF, to promote responsible AI practices.
The definition of the terms used in this document can be found in the Glossary section of the OCTO Policy Website and Appendix 1 below.
1. Define the Purpose and Scope of AI/ML Systems (NIST RMF Step 1: Categorize):
- Clearly articulate the purpose and intended outcomes of AI/ML systems.
- Define the scope of AI/ML deployment to specific use cases within the agency. Use cases should be aligned with the agency's mission, values, and goals.
2. Identify Risks and Mitigation Strategies (NIST RMF Step 2: Identify):
- Conduct a risk assessment of AI/ML systems, considering factors such as privacy, security, bias, accountability, and unintended consequences.
- Once the risks have been assessed, policies and procedures should be developed and implemented to mitigate those risks.
3. Ensure Transparency and Explainability (NIST RMF Step 3: Select):
- Prioritize transparency and explainability in AI/ML systems to promote understanding and trust.
- Document the decision-making process and provide explanations for AI/ML outcomes.
4. Foster Accountability and Governance (NIST RMF Step 4: Implement):
- Establish clear lines of responsibility for AI/ML systems, including roles and responsibilities of personnel involved.
- Implement mechanisms for auditing and monitoring AI/ML systems to ensure compliance with established guidelines.
- Where possible, use open data to train AI and ML systems. This will help to ensure that the systems are not biased against any particular group of people.
5. Protect Privacy and Data Security (NIST RMF Step 5: Assess):
- Adhere to privacy regulations and guidelines when collecting, storing, and processing data for AI/ML purposes.
- Implement robust data security measures to safeguard against unauthorized access, breaches, or misuse.
6. Address Bias and Fairness (NIST RMF Step 6: Authorize):
- Mitigate biases in AI/ML systems by regularly assessing and monitoring algorithms for fairness and equity.
- Develop procedures for handling bias-related concerns raised by stakeholders.
7. Prioritize Ethical Considerations (NIST RMF Step 7: Monitor):
- Ensure compliance with ethical guidelines and frameworks when designing and deploying AI/ML systems.
- Establish mechanisms for ongoing ethical review and evaluation of AI/ML practices to ensure that the systems are being used in a responsible and ethical manner
8. Promote Collaboration and Partnerships (NIST RMF Step 8: Adapt):
- Foster collaboration with external stakeholders, experts, and the community to ensure inclusive AI/ML practices.
- Engage in partnerships to leverage shared resources, knowledge, and best practices.
Appendix 1 – Terms and Definitions