AWS Public Sector Blog
How AWS helps agencies meet OMB AI governance requirements
As artificial intelligence (AI) continues to advance and find applications across various domains, the responsible development and use of AI systems has become a top priority for the US government. The 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (EO 14110) aims to promote the responsible use of AI while mitigating potential risks and ensuring the protection of civil rights and liberties.
In March 2024, the Office of Management and Budget (OMB) released a memo that provides more specific directions to agencies for compliance with the guidance outlined in the executive order. The memo, M-24-10 Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence, outlined ways in which agencies can strengthen AI governance, advance responsible AI innovation, and manage risks from the use of AI.
The Amazon Web Services (AWS) commitment to safe, transparent, and responsible AI—including generative AI—is reflected in our endorsement of the White House Voluntary AI Commitments, our participation in the UK AI Safety Summit, and our dedication to providing customers with features that address specific challenges in this space. In this post, we explore how AWS can help agencies address the governance requirements outlined in M-2410 as public sector entities look to build internal capacity for AI.
Enabling agencies to build and strengthen AI governance
Robust governance is the foundation upon which responsible AI initiatives must be built. AWS offers a range of services and tools that can empower agencies to establish and operationalize AI governance practices. Our AI services account for responsible AI across eight key dimensions: controllability, fairness, explainability, veracity and robustness, governance, privacy and security, safety, and transparency. As agencies look to stand up their own governance teams in compliance with M-24-10, our documented best practices can help create scalable frameworks for internal success. Our Responsible use of machine learning guide outlines specific steps public sector organizations can take in design, development, deployment, and operation of AI systems.
At the core of AWS offerings, lies a suite of AI and machine learning (ML) services such as Amazon Bedrock, Amazon SageMaker, Amazon Connect, Amazon Transcribe, and Amazon Translate, which are engineered with built-in governance and compliance features. These services enable agencies to develop, deploy, and manage AI applications while maintaining oversight, transparency, and control throughout the entire lifecycle. Tools like Amazon SageMaker Clarify and Amazon SageMaker Model Monitor facilitate bias detection and provide model explainability and continuous performance monitoring. By using these capabilities, agencies can proactively identify and mitigate potential biases, fostering trust and accountability in their AI systems.
For example, Amazon SageMaker—our fully managed, end-to-end ML service that empowers everyday developers and scientists to build, train, and deploy their own ML models—incorporates tools that help customers identify and limit bias, explain predictions, and continuously monitor system performance to identify new bias risks. We are also committed to sharing best practices and collaborating on research to ensure AI is developed and deployed responsibly.
AWS offers a comprehensive suite of data services, such as Amazon Simple Storage Service (Amazon S3) for secure and scalable data storage, Amazon SageMaker Ground Truth for creating high-quality training datasets, and AWS Lake Formation for building and managing data lakes with automated governance and compliance controls. These services empower agencies to implement sound data governance practices, ensuring the integrity and security of the data fueling their AI initiatives.
Recognizing the multifaceted nature of AI governance, AWS has developed an AI governance framework that offers comprehensive guidance on establishing and operationalizing best practices across critical areas such as data governance, model governance, monitoring, auditing, and risk management. This framework can serve as a blueprint for agencies seeking to implement robust policies, processes, and controls that align with the principles outlined in the memo.
Advancing responsible AI innovation
Responsible AI innovation requires a holistic approach that seamlessly integrates security, compliance, and ethical considerations into the development and deployment processes. Given the 200-plus FedRAMP compliant services that AWS offers, we are well-positioned to support federal agencies in their journey towards advancing responsible AI innovation.
AWS offers a secure and compliant infrastructure that meets rigorous standards and regulatory requirements, including government-specific certifications such as FedRAMP, International Traffic in Arms Regulations (ITAR), and the Department of Defense Cloud Computing Security Requirements Guide (CC SRG). This infrastructure is fortified with multiple layers of physical and logical security controls, regional data residency options, and encryption mechanisms, ensuring the utmost protection for sensitive data and applications.
AWS AI services are designed with built-in security, enabling responsible AI development from the ground up. For instance, Amazon SageMaker provides a secure and compliant environment for building AI systems, complete with features like AWS PrivateLink for private network access, encryption at rest and in transit, and integration with AWS Identity and Access Management (IAM) for granular access control.
When it comes to access to innovating with AI services, the AWS Partner Network offers AI and generative AI solutions and services to government agencies across the world. Our partners offer a range of products, services, technologies including specialized consulting services, and applications from AWS, that are secure, efficient, and scalable across public sector organizations.
A shared commitment: AWS and federal agencies on the path to trustworthy AI
As federal agencies embrace the transformative potential of AI, AWS remains steadfast in our commitment to supporting responsible AI. AWS supports federal agencies beyond just our technical offerings, providing training and other services to ensure our customers can meet their mission needs through the cloud.
Our professional services teams can assist agencies in addressing their specific needs, ranging from consulting to implementation. We also provide comprehensive training resources and certification programs to equip agency personnel with the necessary skills and knowledge to design, develop, and deploy AI systems responsibly and securely. These training offerings cover a broad range of topics, including AI ethics, bias mitigation, model explainability, and secure AI development practices. By investing in workforce development, federal agencies can cultivate a culture of responsible AI, fostering a deep understanding of the principles and best practices that underpin trustworthy AI initiatives.
Through continuous innovation, collaboration, and adherence to the principles of responsible AI, AWS stands ready to empower federal agencies in unlocking the full potential of AI while safeguarding against potential harms and ensuring alignment with the executive order’s vision for a safe, secure, and trustworthy AI ecosystem.
Contact the AWS public sector team or your account team to learn more about how we can help with your compliance needs related to the OMB M-24-10 memo and EO 14110.