app.cubelet.ai← cubelet.ai

Sign in Sign up free

Explore

Cubelet Catalog

Atomic knowledge units for GRC, cybersecurity, and compliance professionals.

CMMC Level 2

CISA

CISM

CRISC

CDPSE

CMMC Level 2 VulnOps 🔒 CISA 🔒 CISM 🔒 CRISC 🔒 CDPSE NIST AI RMF ISO 42001 EU AI Act TRAIGA

All GOVERN — Policies, Processes, and Accountability MAP — Context, Risks, and Impacts MEASURE — Evaluation, Monitoring, and Testing MANAGE — Response, Implementation, and Communication

19 cubelets

⊞ Grid ≡ List

govern-1.1GOVERN 1.1: Legal and regulatory requirements involving AI are understood, managed, and documented.53/60 govern-1.2GOVERN 1.2: The characteristics of trustworthy AI are integrated into organizational policies, processes, and procedures.53/60 govern-1.3GOVERN 1.3: Processes and procedures are in place to determine the needed level of risk management activities based on the organization's risk tolerance.55/60 govern-1.4GOVERN 1.4: The risk management process and its outcomes are established through transparent policies, procedures, and other controls based on organizational risk priorities.52/60

govern-1.5GOVERN 1.5: Ongoing monitoring and periodic review of the risk management process and its outcomes are planned, organizational roles and responsibilities are clearly defined, including determining the frequency of periodic review.52/60

govern-1.6GOVERN 1.6: Mechanisms are in place to inventory AI systems and are resourced according to organizational risk priorities.52/60

govern-1.7GOVERN 1.7: Processes and procedures are in place for decommissioning and phasing out of AI systems safely and in a manner that does not increase risks or decrease the organization’s trustworthiness.53/60

govern-2.1GOVERN 2.1: Roles and responsibilities and lines of communication related to mapping, measuring, and managing AI risks are documented and are clear to individuals and teams throughout the organization.52/60

govern-2.2GOVERN 2.2: The organization’s personnel and partners receive AI risk management training to enable them to perform their duties and responsibilities consistent with related policies, procedures, and agreements.54/60

govern-2.3GOVERN 2.3: Executive leadership of the organization takes responsibility for decisions about risks associated with AI system development and deployment.52/60

govern-3.1GOVERN 3.1: Decision-makings related to mapping, measuring, and managing AI risks throughout the lifecycle is informed by a diverse team (e.g., diversity of demographics, disciplines, experience, expertise, and backgrounds).51/60

govern-3.2GOVERN 3.2: Policies and procedures are in place to define and differentiate roles and responsibilities for human-AI configurations and oversight of AI systems.53/60

govern-4.1GOVERN 4.1: Organizational policies, and practices are in place to foster a critical thinking and safety-first mindset in the design, development, deployment, and uses of AI systems to minimize negative impacts.52/60

govern-4.2GOVERN 4.2: Organizational teams document the risks and potential impacts of the AI technology they design, develop, deploy, evaluate and use, and communicate about the impacts more broadly.52/60

govern-4.3GOVERN 4.3: Organizational practices are in place to enable AI testing, identification of incidents, and information sharing.55/60

govern-5.1GOVERN 5.1: Organizational policies and practices are in place to collect, consider, prioritize, and integrate feedback from those external to the team that developed or deployed the AI system regarding the potential individual and societal impacts related to AI risks.53/60

govern-5.2GOVERN 5.2: Mechanisms are established to enable AI actors to regularly incorporate adjudicated feedback from relevant AI actors into system design and implementation.53/60

govern-6.1GOVERN 6.1: Policies and procedures are in place that address AI risks associated with third-party entities, including risks of infringement of a third party’s intellectual property or other rights.54/60

govern-6.2GOVERN 6.2: Contingency processes are in place to handle failures or incidents in third-party data or AI systems deemed to be high-risk.54/60