The NIST AI Risk Management Framework and Third-Party Risk Management

GOVERN 2: Accountability structures are in place so that the appropriate teams and individuals are empowered, responsible, and trained for mapping, measuring, and managing AI risks.

GOVERN 3: Workforce diversity, equity, inclusion, and accessibility processes are prioritized in the mapping, measuring, and managing of AI risks throughout the lifecycle.

GOVERN 4: Organizational teams are committed to a culture that considers and communicates AI risk.

GOVERN 5: Processes are in place for robust engagement with relevant AI actors.

GOVERN 6: Policies and procedures are in place to address AI risks and benefits arising from third-party software and data and other supply chain issues.

Seek out experts to collaborate with your team on defining and implementing AI and TPRM processes and solutions; selecting risk assessment questionnaires and frameworks; and optimizing your program to address AI risks throughout the entire third-party lifecycle – from sourcing and due diligence to termination and offboarding – according to your organization’s risk appetite.

As part of this process, you should define:

• Governing policies, standards, systems, and processes to protect data from AI risks
• Legal and regulatory requirements, ensuring that third parties are assessed accordingly
• Clear roles and responsibilities (e.g., RACI) for team accountability
• Risk scoring and thresholds based on your organization’s risk tolerance
• Assessment and monitoring methodologies that are based on third-party criticality and continually reviewed
• Third-party AI inventories
• Fourth-party mapping to understand exposure to AI usage-based risks in your extended ecosystem
• Key performance indicators (KPIs) and key risk indicators (KRIs) for internal stakeholders
• Contractual requirements and right to audit
• Incident response requirements
• Risk and internal stakeholder reporting
• Risk mitigation and remediation strategies

MAP 2: Categorization of the AI system is performed.

MAP 3: AI capabilities, targeted usage, goals, and expected benefits and costs compared with appropriate benchmarks are understood.

MAP 4: Risks and benefits are mapped for all components of the AI system, including third-party software and data.

MAP 5: Impacts to individuals, groups, communities, organizations, and society are characterized.

• Type of content required to validate controls
• Criticality to business performance and operations
• Location(s) and related legal or regulatory considerations
• Level of reliance on fourth parties (to avoid concentration risk)
• Exposure to operational or client-facing processes
• Interaction with protected data

From this inherent risk assessment, your team can automatically tier suppliers according to AI risk exposure, set appropriate levels of further diligence, and determine the scope of ongoing assessments.

Rule-based tiering logic enables vendor categorization using a range of data interactions and regulatory considerations.

MEASURE 2: AI systems are evaluated for trustworthy characteristics.

MEASURE 3: Mechanisms for tracking identified AI risks over time are in place.

MEASURE 4: Feedback about efficacy of measurement is gathered and assessed.

Assessments should be managed centrally and backed by workflow, task management, and automated evidence review capabilities to ensure your team has visibility into third-party risks throughout the relationship lifecycle.

Notably, a TPRM solution should include built-in remediation recommendations based on risk assessment results to ensure that third parties address risks promptly and satisfactorily while providing the appropriate evidence to auditors.

To complement vendor AI evaluations, continuously track and analyze external threats to third parties. As part of this, monitor the Internet and dark web for cyber threats and vulnerabilities. All monitoring data should be correlated with assessment results and centralized in a unified risk register for each vendor, streamlining risk review, reporting, remediation, and response initiatives.

Monitoring sources typically include:

• 1,500+ criminal forums; thousands of onion pages; 80+ dark web special access forums; 65+ threat feeds; and 50+ paste sites for leaked credentials — as well as several security communities, code repositories, and vulnerability databases covering 550,000 companies
• Databases containing 10+ years of data breach history for thousands of companies around the world

Finally, continuously measure third-party KPIs and KRIs against your requirements to help your team uncover risk trends, determine third-party risk status, and identify exceptions to common behavior that could warrant further investigation.

MANAGE 2: Strategies to maximize AI benefits and minimize negative impacts are planned, prepared, implemented, documented, and informed by input from relevant AI actors.

MANAGE 3: AI risks and benefits from third-party entities are managed.

MANAGE 4: Risk treatments, including response and recovery, and communication plans for the identified and measured AI risks are documented and monitored regularly.

Key capabilities in a third-party incident response service include:

• Continuously updated and customizable event and incident management assessments
• Real-time questionnaire completion progress tracking
• Defined risk owners with automated chasing reminders to keep surveys on schedule
• Proactive vendor reporting
• Consolidated views of risk ratings, counts, scores, and flagged responses for each vendor
• Workflow rules to trigger automated playbooks to act on risks according to their potential impact on the business
• Built-in reporting templates for internal and external stakeholders
• Guidance from built-in remediation recommendations to reduce risk
• Data and relationship mapping to identify relationships between your organization and third, fourth, and Nth parties to visualize information paths and reveal at-risk data

Armed with these insights, your team can better manage and triage third-party entities, understand the scope and impact of the incident, what data was involved, whether the third party’s operations were impacted, and when remediations are completed.