《2022欧盟AI网络安全与标准化报告.docx》由会员分享,可在线阅读,更多相关《2022欧盟AI网络安全与标准化报告.docx(18页珍藏版)》请在三一办公上搜索。
1、ensaE1.JRCPFAN,1NNAGENUY寸口每卡通供.南节O1.O1.OI1.1.O1.00101CYBERSECURITYOFAIANDSTANDARDISATIONMARCH2023ABBREVIATIONSAbbreviationDefinitionA1.Andkiia1.IrWIipenceCEN.CENeiECEuropeanCommitteeforS1.andafd1.sa1.kxi-EuropeanCxwn*11eekxE1.ectfoncaStarKtefd1.sanonCIAConfidentia1.ity.IntegrityandAvai1.abi1.ityENEu
2、ropeanStanctefdESOEuropeanStandardisationOfQanISa1.METSIEuropoanTe1.oconvnunicationsStandardsInsthu1.oORGfO1.pReportICTInformaDonAndCommunicatkxisTechno1.ogyISGIndustrySpoci1.icationGroupISOMternationa1.OrganizationIofStandafdzabonITInformabonTechno1.ogyJTCJointTechnica1.CommineeM1.Machne1.earningNI
3、STNationa1.InsbtuteofStandardsandTechno1.ogyR&DResearchAndDeetopfnen1.SAISecurityofArtifioa1.t11te1.rceSCSubcommitieeSDOStandards-Devdopwgahhco11wnonIevxHofcybersecurityacrossEurope.Estab1.ishedin2004andstrengthenedbytheEUCybcrsecurdyAct.theEuropeanUnionAgencyforCybersccurityCOCtrtbutostoEUcyberpo1.
4、icy,enhancesthetrustworthinessc1.ICTproducts,servicesandprocessesW1.Ihcybersecuritycert1icatk)schemes,cooperatesMhKtemberStatesandEUbodies.andhe1.psEuropepreparetortecybercha1.1.engeso1.tomorrow.Throughknovedgesharing,capa1.ybui1.dingandawarenessraising.theAgencyworkstogetherW1.thitskeystakeho1.ders
5、tostrengthentrustinthennectedenomy,toboostresi1.ienceoftheUni,sGfraStrUCtUre.and.u1.timate1.y,tokeepEuropessoetyandcitizensdigda1.tysecure.MoreinformationaboutENISAanddsWOfkcanbefndhere:ww.enisa.europa.eu.CONTACTFxcontactingtheauthorsp1.easeUSCteamemsa.eufopa.euFormediaenquiriesaboutthispaper.piease
6、usepressemsaeuropaeu.AUTHORSP.Bezombes.S.Brunessaux.S.CadzowEDITOR(三)ENISA:E.MagoaaraS.GorniakP.MagnabOSOOE.Tsekmezog1.ouACKNOW1.EDGEMENTSWewou1.d1.iketothankIbCJointResearchCentreandtheEuropeanCommission1(xtheiractivecontributionandconsentsduringthedraftingstage.A1.so,wcWoUIC1.iketothanktheEN1.SAAd
7、HocExportGrouponAnificia1.Inte1.1.igence(A1.)CytXHSOCUriWfortheva1.uab1.efcod-backandcommentsinva1.idatingthisreport1.EGA1.NOTICEThisP1.JbtoCa1.iOnrepresentstheviewsandinterpretationsofENISA,un1.essstatedotherwise,hdoesnotendorsearegu1.atoryob1.igationofENISAorofENISAbodiespursuanttotheRegu1.ation(E
8、U)No2019881.ENISAhastherhttoa1.ter,updateorremovethepub1.icationoranyoftscontents.Itismendedforinformationpurposeson1.yanditmustbeaccessib1.efreeofcharge.A1.1.referencestoitoritsuseasawho1.eorpartia1.Iymustntai11ENISAasitssource.Third-partysourcesarequotedasappropriate.ENISAisnotresponsib1.eor1.iab1
9、.eforthecontentoftheexterna1.sourcesinc1.udingexterna1.websitesreferencedinthispub1.ication.Na1.herEN1.SAnoranypersonactingonitsbeha1.fisresponsib1.efortheusethatmightbemadeoftheinformationcontainedinthispubteation.ENISAmaintainsitsinte1.1.ectua1.propertyrightsinrHationtothispub1.ication.COPYRIGHTNO
10、TICEEuropeanUnionAgencyforCybersecurity(ENISA).2023TsPubfccationis1.icencedunderCCBY4OmU11cssotherwisenoted,thereuseofthisdocumentisauthorisedundertheCreativeConvnonsAttribution40Internationa1.(CCBY4O)fccencehtts7crca!ivccommons.org.bccnses.,by.,4,).Thsmeansthatreuseisa三owod,providedthatappropriatec
11、rcdgorganisations255.2.3 RecommendationsinpreparationforIheimp1.ementationofthedraftA1.Act255.3 ANA1.OBSERVATIONS26AANNEX:2727A.1SE1.ECTIONOFISO27000SERIESSTANDARDSRE1.EVANTTOTHECYBERSECURITYOFA1.CYBERSECURITYOFA1.ANDSTANDARDISATION:ensaA.2RE1.EVANTISOIECSTANDARDSPUB1.ISHEDORP1.ANNEDIUNDERDEVE1.OPME
12、NT29A.3CEN-CENE1.ECJOINTTECHNICA1.COMMITTEE21ANDDRAFTA1.ACTREQUIREMENTS31A.4ETSIACTIVITIESANDDRAFTAJACTREQUIREMENTS33EXECUTIVESUMMARYTheovera1.1.objectiveOI1.hCpresentdocumentistoprovideanoverviewo1.standar(fe(existing,beingdratted,underconsiderationandp1.anned)re1.atedtotheCybasecurityofa11ifka1.in
13、te1.1.igence(A1.),assesstboircoverageandidcMygapsnstandardisation.ItdeessobyconsideringtboSP(XXicibcsofA1.andinparticu1.armachine1.earning,andbyadoptingabroadVIewofcytersecurit/,empassmgboththe,tfadtionaconfideta1.ity-itegrity-ayai1.abMyparaagmandthebroadercepo1.A1.trustworthiness.Fina1.1.y,therepor
14、texamineshowstandardisationcansupporttheimp1.ementationOfthecybersecurityaspectsembeddedintheproposedEUregu1.ation1.ayingdownharmontsedru1.esona11ificia1.inte1.1.igence(COM(2021)206fina1.)draftA1.Act).Thereportdescribesthestandardisation1.andscapecoveringA1.,bydepictingtheactivitiesofthemamStandards
15、Dcvc1.opingOrganisations(SDOs)thatseemtobeguidedbyconcernaboutmsuff100ntknxeoftheappfccationdexitingtechniquestoCoUnkXthreatsandVuincrabiMiesarisingfromA1.Thsresu1.tsintheongoingdev。IOPmenIo1.adhocreportsandguidance,andoadhocstandards.Tereportarguesthatexistinggenera1.purposetechnica1.andorganisatio
16、na1.standards(suchasISOIEC27001andISO-IEC9001)canContrtutetomitigatingsomeoftherisksfacedbyA1.withthehe1.pofspecificgukianceonhowtheycanbeapp1.iedinanA1.context.Thisconsiderationstemsfromthefactthat,inessence,A1.issoftwareandthere1.orSOftwaresecuritymeasurescanbetransposedtotheA1.domain.Thereporta1.
17、sospecifiesthatthisapproachisnotexhaustiveandthatithassome1.imitations.Forexamp1.e,whi1.ethereportfocusesonsoftv/areaspeds.thebo11ofA1.caninc1.udebothtechnica1.andorganisationa1.etementsbeyondSoftWare.scashardv/areorinfrastructure.Otherexampiesinc1.udethefactthatdeterminingappropriatesecuritymeasure
18、sre1.iesonasystem-specificana1.ysis,andthefactthatsomeaspectsofcybersecurityaresti1.1.thesubjectofresearchanddeve1.opment,andthereforemightbenotmatureenoughtobexhaustive1.ystandardised.Inaddersecurityaspectsintheriskassessmentofhigh-risksystemsinordertodeterminethecybersecurityrisksthatarespedfictot
19、heintendeduseofeachsystem.Second1.y,thereporthighfeghtsthe1.ackofstandardscoveringthempetencesand100teoftheactxsperformingconformityassessments.Third1.y,itnotesIha1.thegovernancesystemsdrawnupbythedraftA1.ActandtheCybersecurityAa(CSA)1shou1.dworkinharmonytoavoiddup1.icationofeffortsatnationa1.1.eve1
20、.Fina1.1.y,thereportCOnC1.UdoSthatsomestandardt*fMC11y1.adonGfBrnBgn8mmj但WCSWiEMycyg5u的s3and啖划gRubtcnca1.concernsIsa1.ECTR24368.2022PuWishedInformationtechno1.ogyArtificia1.imd1.igenccOverviewoftfustwortht11essInart1.t1.cia1.1.nte1.enceSQ1ECTR240282020PuWishedInformationtechno1.ogy-Artificia1.Inte1.
21、1.igenceProcessmanagementframeworkforbigdataana1.yticsIsa1.eC24668022PuWishedInformationtechno1.ogy-Artificia1.inte1.1.igence(AI)BqsinA1.systemsandA1.aideddecisionmakingISQ1.ECTR240272021Pub1.ishedInformationtechno1.ogyArtftida1.inte1.1.igence(AI)Overviewofcomputationa1.approachesforA1.systemsscTR24
22、372:2021PuWishedInformationtechno1.ogy-Bigdatareferencearchitecture-Part1:Frameworkandapp1.icationprocessISQIECTR205471:2020PuWisbedInformationtechno1.ogy-Bigdatare1.erencearchitecture-Part2:UsecasesandderivedrequirementsISQ1.ECTR20547-2:2018Pub1.ishedInformationtechno1.ogy-Bigdatareferencearchitect
23、ure-Part3:RoferencearchitectureIS0iC20547-3:2020PuWisbedIn1.ormattontechno1.ogyBigdatare1.erencearchitecture-Part4:Securityandprivacysic20547-4:2020PuWishedInformationtechno1.ogy-Bigdatareferencearchitecture-Part5:StandardsroadmapISQ1.ECTR205475:2018Pub1.ishedInformationtechno1.ogyGovernanceofIT-Gov
24、ernanceImp1.icationsoftheuseofartificia1.inte1.1.igencebyorganizationsISaIeC3a5072022Pub1.ishedSafetyofmachinery-Re1.ationshipwrthISO12100-Part5:Imp1.icationsofembeddedartificia1.inte1.1.igencemachineIetamingJSTR2210052021PuWishedArt1.1.1.c1.a1.Inte1.1.igence(AJ)UsecasessaiECTR24030:2021PuMished(tob
25、ervisodnewversionexpectedinMay2023)Artificia1.inte1.1.igence-Functiona1.safetyandA1.systemsISa1.ECCDTR5469Apf-23SoftwareengineeringSystemsandsoftwareQua1.ityRequirementsandEva1.uation(SQuaRE)Qua1.itymode1.forA1.systemssaecots25059May-23Artificia1.inte1.1.igence-Dataqua1.itytorana1.yticsandmachine1.e
26、arning(M1.)-Part1:Overview,termino1.ogy,andexamp1.esSQ1ECCO52591M23Artificia1.inte1.1.igence-Dataqua1.ityforana1.yticsandmachine1.earning(M1.)-Part3:DaIaqua1.itymanagementrequirementsandgueinesIsaIeCco5259-3Ju1.-23Artmcia1.Inte1.1.if1.ence-Dataqua1.itytorana1.yticsandmachine1.earning(M1.)-Part4:Data
27、qua1.ityprocessframeworkISaiECCD5259-4Ju1.23Informationtechno1.ogy-Ar1.ificui1.inte1.1.igence-Contro1.kibt1.ityofautomatedartificia1.mte1.1.igencesystemsISQIECAW1.TS8200JM23Informationtechno1.ogy-Artificia1.Inte1.1.igence-A1.systemHfecyc1.eprocessesISQIECDIS5338Aug23Informationtechno1.ogyArtificia1.
28、inte1.1.igence-GuidanceforAJapp1.icationsISQIECDIS5339Aug23Informationtechno1.ogy-Artificia1.Inte1.1.igenceOverviewofmachine1.earningcomputingdevicesISQIECAWITR17903Nv23Artificia1.inte1.1.igence-Dataqua1.ityforana1.yticsandmachine1.earning(M1.)-Part2:Dataqua1.itymeasuresISQIECCD52592Jan24Information
29、techno1.ogy-Art1.ticto1.InieHkjence-Objectivesandapproachesfoeexp1.ainabi1.ityofM1.mode1.sandA1.systemsS0,1.CAW1.TS6254Fb-24Informationtechno1.ogy-Ar1.ifkia1.inte1.1.igence-TreatmentofunwantedbiasInc1.assificationandregressionmacine1.earningtasksISQIECAW1.TS12791Fet-24SoftwareandsystemsengineeringSo
30、ftwaretestingPart11:TestingofA1.systems,cAWTS29119-111JFt24Artificia1.inte1.1.igence-Dataqua1.ityforana1.yticsandmachine1.earning(M1.)Part5:Dataqua1.itygovernanceISQIECAW1.5255Fet-25Informationtechno1.ogy-Ar1.1.tcia1.Inte1.IHienceTransparencytaxonomyo1.AJsystemsISQIECAW1.127%Feb-25Qua1.ityeva1.uatio
31、nguide1.inesforA1.systemsISOIECAWITSM71UnderConsidorabonInformationtechno1.ogy-AHificioIinte1.1.igence-Rc1.crcnccarchitectureofknow1.edgeengineeringISQIECDIS5392Underdeve1.opmerrtA.3CEN-CENE1.ECJOINTTECHNICA1.COMMITTEE21ANDDRAFTA1.ACTREQUIREMENTSNameTR,s.ENActkn:atatop(ISO-IEC)-deve1.op(ESOa)Targetd
32、dtcISO1EC22989:2022Artificia1.inte1.1.igenceconceptsandtermino1.ogyISAdop(Ju1.y2022ISIEC2308:2022Frameworkforartificia1.inte1.1.igence(AJ)systemsusingmachine1.earning(M1.)ISAdop(Ju1.y2022ISoIECCD5259-1Dataqua1.ityforana1.yticsandmachine1.earning(M1.)-Part1:Overview,termino1.ogy,andexamp1.estsAdDPeDe
33、cember2023IS,IEC9001:2015Qua1.itymanagementsystems-RequirementsIS2015ISOIEC42001Artificia1.inte1.1.igence-FianagementsystemISAdopcDecember2023ISeXIEC27001:2022Informationsecuritymanagementsystems-RequirementsIS2022ISdIEC23994GuidanceonriskmanagementISAdoptDecember2023TransparcfxzyandprovisionofinformationtousersHumanoversightQua1.itymanagementsysemConformityassessmentAccuracyHIcCybersecurityBBDDf1.f1.D1D
