U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. News
  3. Publication Library
  4. Safety and Security Guidelines for Critical Infrastructure Owners and Operators

Safety and Security Guidelines for Critical Infrastructure Owners and Operators


The U.S. Department of Homeland Security (DHS) was tasked in Executive Order 14110: Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence to develop safety and security guidelines for use by critical infrastructure owners and operators. DHS developed these guidelines in coordination with the Department of Commerce, the Sector Risk Management Agencies (SRMAs) for the 16 critical infrastructure sectors, and relevant independent regulatory agencies.

The guidelines begin with insights learned from the Cybersecurity and Infrastructure Security Agency’s (CISA) cross-sector analysis of sector-specific AI risk assessments completed by SRMAs and relevant independent regulatory agencies in January 2024. The CISA analysis includes a profile of cross-sector AI use cases and patterns in adoption and establishes a foundational analysis of cross-sector AI risks across three distinct types: 1) Attacks Using AI, 2) Attacks Targeting AI Systems, and 3) Failures in AI Design and Implementation. DHS drew upon this analysis, as well as analysis from existing U.S. government policy, to develop specific safety and security guidelines to mitigate the identified cross-sector AI risks to critical infrastructure. The guidelines incorporate the National Institute of Standards and Technology (NIST) AI Risk Management Framework (AI RMF), including its four functions that help organizations address the risks of AI systems: Govern, Map, Measure, and Manage.

While the guidelines in this document are written broadly so they are applicable across critical infrastructure sectors, DHS encourages owners and operators of critical infrastructure to consider sector-specific and context-specific AI risks and mitigations.

Attachment Ext. Size Date
Safety and Security Guidelines for Critical Infrastructure Owners and Operators PDF 858.28 KB 04/26/2024
Last Updated: 04/29/2024
Was this page helpful?
This page was not helpful because the content