🌐

Operational Environment (Agencies)

NIST AI RMFOWASP KC6AISVS C5NIST 800-53

Capabilities that allow agents to interact with external systems and environments, posing varying levels of risk. (NIST: Manage; OWASP: KC6; AISVS: C5)

Subcomponents

API Access
Access to external APIs for data and actions.
→
Code Execution
Ability to execute code in a controlled environment.
→
Limited Code Execution Capability
Restricted code execution for safety.
→
Extensive Code Execution Capability
Broader code execution with higher risk.
→

Security Implications

Operational environments can be abused for privilege escalation, code injection, or data exfiltration. Apply least privilege and runtime controls.

Implementation Considerations

Enforce least privilege, runtime controls, and continuous monitoring. Reference: OWASP KC6, AISVS C5.

Related Components

🛠️Tool Integration Frameworks

NIST 800-53 Rev 5 Controls

AC-2 AC-3 AC-6 CM-6 SI-4 SI-7

🗂️ Framework References

NIST AI Risk Management Framework

NIST AI RMF Official Documentation NIST AI RMF 1.0 (PDF)

OWASP AISVS

Interactive AISVS Tool OWASP AISVS GitHub Repository