ID and evaluate compliance & legal obligations for AI system development and deployment

HITRUST CSF requirement statement [?] (19.06aAISecOrganizational.1)

The organization 
(1) performs an assessment to identify and evaluate its compliance with applicable legal 
and regulatory requirements addressing the development and deployment of AI systems, 
including potential liability for harmful, infringing, or damaging outputs or behaviors. 
This assessment is performed 
(2) prior to deployment of the AI system and
(3) regularly (at least annually) thereafter.

Evaluative elements in this requirement statement [?]

1. The organization performs an assessment to identify and evaluate its compliance 
with applicable legal and regulatory requirements addressing the development and 
deployment of AI systems, including potential liability for harmful, infringing, or damaging 
outputs or behaviors.

2. This assessment is performed prior to the deployment of the AI system.

3. This assessment is performed regularly (at least annually).

Illustrative procedures for use during assessments [?]

• Policy: Examine policies related to each evaluative element within the requirement statement. Validate the existence of a written or undocumented policy as defined in the HITRUST scoring rubric.
  
  
• Procedure: Examine evidence that written or undocumented procedures exist as defined in the HITRUST scoring rubric. Determine if the procedures and address the operational aspects of how to perform each evaluative element within the requirement statement.
  
  
• Implemented: Examine evidence that all evaluative elements within the requirement statement have been implemented as defined in the HITRUST scoring rubric, using a sample based test where possible for each evaluative element. Example test(s):
  • For example, review the organizations assessment documentation to evaluate its compliance with applicable legal and regulatory requirements addressing the development and deployment of AI systems, including potential liability for harmful, infringing, or damaging outputs or behaviors. Further, confirm that the assessment was performed prior to the deployment of the AI system (if within the past year) and that one is performed regularly (at least annually).
    
    
• Measured: Examine measurements that formally evaluate and communicate the operation and/or performance of each evaluative element within the requirement statement. Determine the percentage of evaluative elements addressed by the organization’s operational and/or independent measure(s) or metric(s) as defined in the HITRUST scoring rubric. Determine if the measurements include independent and/or operational measure(s) or metric(s) as defined in the HITRUST scoring rubric. Example test(s):
  • For example, measures indicate completeness of the organization’s assessment to identify and evaluate its compliance with applicable legal and regulatory requirements addressing the development and deployment of AI systems. Reviews, tests, or audits are completed by the organization to measure the effectiveness of the implemented controls and to confirm that an assessment is performed regularly (at least annually).
    
    
• Managed: Examine evidence that a written or undocumented risk treatment process exists, as defined in the HITRUST scoring rubric. Determine the frequency that the risk treatment process was applied to issues identified for each evaluative element within the requirement statement.
  
  

Placement of this requirement in the HITRUST CSF [?]

• Assessment domain: 19 Data Protection & Privacy
• Control category: 06 Compliance
• Control reference: 06.a – Identification of Applicable Legislation
  
  

Specific to which parts of the overall AI system? [?]

N/A, not AI component-specific

Discussed in which authoritative AI security sources? [?]

• ISO/IEC 22989:2022: Information technology — Artificial intelligence — Artificial intelligence concepts and terminology
  2022, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • 5. AI Concepts > 5.17. Jurisdictional issues
      
      

• ISO/IEC 23894:2023 Information technology — Artificial intelligence — Guidance on risk management
  2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • Annex A > A.2- Accountability > Last paragraph > Last sentence
      
      

• ISO/IEC 38507:2022 Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations
  2022, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • 5. Overview of AI and AI systems > 5.5. Constraints on the use of AI
    • 6. Policies to address the use of AI > 6.6. Compliance > 6.6.1. Compliance obligations
    • 6. Policies to address the use of AI > 6.7. Risk > 6.7.3. Objectives
      
      

• ISO/IEC 42001:2023 Information technology — Artificial intelligence — Management system
  2023, © International Standards Organization (ISO)/International Electrotechnical Commission (IEC)
  • Where:
    • 4. Context of the organization > 4.1. Understanding the organization and its context > Note 2, bullet a, sub-bullet 1
      
      

• OWASP AI Exchange
  2024, © The OWASP Foundation
  • Where:
    • #CHECKCOMPLIANCE
      
      

• LLM AI Cybersecurity & Governance Checklist
  Feb. 2024, © The OWASP Foundation
  • Where:
    • 3. Checklist > 3.7. Legal > Bullet #7
    • 3. Checklist > 3.7. Legal > Bullet #8
    • 3. Checklist > 3.8. Regulatory > Bullet #1
    • 3. Checklist > 3.8. Regulatory > Bullet #10
      
      

• Generative AI framework for HM Government
  2023, Central Digital and Data Office, UK Government
  • Where:
    • Using generative AI safely and responsibly > Ethics > Accountability and responsibility > Practical recommendations > Bullet 1
    • Using generative AI safely and responsibly > Legal considerations > Paragraph 1
      
      

• Securing Machine Learning Algorithms
  2021, © European Union Agency for Cybersecurity (ENISA)
  • Where:
    • 4.1- Security Controls > Organizational > Assess the regulations and laws the ML application must comply with
      
      

Discussed in which commercial AI security sources? [?]

• Databricks AI Security Framework
  Sept. 2024, © Databricks
  • Where:
    • DASF 12: Delete records from datasets and retrain models to forget data subjects
    • DASF 29: Build MLOps workflows to track models and trace data sources and lineage to retrain models with the updated dataset by following legal constraints
    • DASF 27: Pretrain a large language model (LLM) to only use the data that is allowed with LLMs for inference
      
      

Control functions against which AI security threats? [?]

• Control function: Decision support
  • Denial of AI service
  • Prompt injection
  • Evasion
  • Model inversion
  • Model extraction and theft
  • Data poisoning
  • Model poisoning
  • Compromised 3rd-party training datasets
  • Compromised 3rd-party models or code
  • Confabulation
  • Excessive agency
  • Sensitive information disclosed in output
    

Additional information

• Q: When will this requirement included in an assessment? [?]
  • This requirement will always be added to HITRUST assessments which include the
    Security for AI systems regulatory factor.
  • No other assessment tailoring factors affect this requirement.
    
    

• Q: Will this requirement be externally inheritable? [?] [?]
  • No (dual responsibility). The AI application provider and its AI service providers (if used) are responsible for independently performing this requirement outside of the AI system’s technology stack.