>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Home / Frameworks / NIST AI 600-1 / GOVERN-6 — Govern 6: Third-Party Risk Management

GOVERN-6 Govern 6: Third-Party Risk Management

Official SCF Download

19 requirements in the Govern 6: Third-Party Risk Management function

GOVERN 6.1Policies and procedures are in place that address AI risks associated with third-party entities
GV-6.1-001Categorize different types of GAI content with associated third-party rights (e.g., copyright
GV-6.1-002Conduct joint educational activities and events in collaboration with third parties to promote
GV-6.1-003Develop and validate approaches for measuring the success of content provenance management efforts
GV-6.1-004Draft and maintain well-defined contracts and service level agreements (SLAs) that specify content
GV-6.1-005Implement a use-cased based supplier risk assessment framework to evaluate and monitor third-party
GV-6.1-006Include clauses in contracts which allow an organization to evaluate third-party GAI processes and
GV-6.1-007Inventory all third-party entities with access to organizational content and establish approved
GV-6.1-008Maintain records of changes to content made by third parties to promote content provenance
GV-6.1-009Update and integrate due diligence processes for GAI acquisition and procurement vendor
GV-6.1-010Update GAI acceptable use policies to address proprietary and open-source GAI technologies and
GOVERN 6.2Contingency processes are in place to handle failures or incidents in third-party data or AI
GV-6.2-001Document GAI risks associated with system value chain to identify over-reliance on third-party
GV-6.2-002Document incidents involving third-party GAI data and systems, including open- data and
GV-6.2-003Establish incident response plans for third-party GAI technologies Align incident response plans
GV-6.2-004Establish policies and procedures for continuous monitoring of third-party GAI systems in
GV-6.2-005Establish policies and procedures that address GAI data redundancy, including model weights and
GV-6.2-006Establish policies and procedures to test and manage risks related to rollover and fallback
GV-6.2-007Review vendor contracts and avoid arbitrary or capricious termination of critical GAI technologies
← Back to all requirements