bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/Global-Standard.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

279 lines
7.1 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-global-standard
title: Global Standard
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [international standards, ISO, IEC, IEEE, W3C, RFC]
duplicate_of: none
source_trust_level: A
confidence_score: 0.85
verification_status: applied
tags: [standards, iso, ieee, w3c, rfc, governance, compliance]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: Standard
applicable_to: [Compliance, Engineering, Governance]
---
# Global Standard
## 매 한 줄
> **"매 international consensus 의 의 의 의 의 specification"**. 매 ISO, IEC, IEEE, W3C, IETF, ANSI. 매 software / hardware / quality / safety / AI ethics. 매 modern: ISO/IEC 42001 (AIMS), 매 EU AI Act, 매 NIST AI RMF.
## 매 핵심
### 매 organization
- **ISO** (International Org for Standardization).
- **IEC** (Electrotechnical).
- **ITU** (Telecommunication).
- **IEEE** (Engineering).
- **W3C** (Web).
- **IETF** (Internet — RFCs).
- **ANSI** (American National).
- **CEN/CENELEC** (Europe).
- **NIST** (US).
### 매 modern AI standards
- **ISO/IEC 42001**: AI Management System.
- **ISO/IEC 23894**: AI risk management.
- **ISO/IEC 5338**: AI lifecycle.
- **NIST AI RMF 1.0**.
- **EU AI Act** (regulation, 2024).
- **IEEE 7000 series**: AI ethics.
### 매 software / quality
- **ISO 9001**: Quality management.
- **ISO 27001**: Info security.
- **ISO 27701**: Privacy.
- **SOC 2** (US).
- **GDPR** (EU privacy).
### 매 응용
1. **Compliance certification**.
2. **B2B procurement** requirement.
3. **Regulated industry** (medical, automotive).
4. **Cross-border** trade.
5. **AI governance**.
## 💻 패턴
### ISO/IEC 42001 (AI management)
```yaml
# 매 high-level requirements
ai_management_system:
context: "Organization's AI strategy, scope, stakeholders"
leadership: "AI policy, roles, responsibilities"
planning:
- risk_assessment
- opportunity_identification
- objectives
support:
- resources
- competence
- awareness
- communication
- documentation
operation:
- ai_lifecycle_management
- third_party_ai_oversight
performance_evaluation:
- monitoring
- internal_audit
- management_review
improvement: "Continual + corrective"
```
### NIST AI RMF (4 functions)
```yaml
ai_rmf:
govern:
- policies
- accountability
map:
- context
- risks
measure:
- methods
- testing
manage:
- prioritize
- respond
```
### Compliance audit trail
```python
class ComplianceLog:
def __init__(self, standard):
self.standard = standard
self.entries = []
def log(self, control_id, evidence, auditor, timestamp=None):
self.entries.append({
'control': control_id,
'evidence': evidence,
'auditor': auditor,
'timestamp': timestamp or datetime.now(),
})
def export_for_audit(self):
return pd.DataFrame(self.entries).to_excel('audit.xlsx')
```
### SBOM (Software Bill of Materials, NIST)
```python
import json
def generate_sbom(project):
"""매 NTIA minimum elements."""
return {
'metadata': {'project': project.name, 'version': project.version, 'timestamp': now()},
'components': [
{'name': c.name, 'version': c.version, 'license': c.license, 'supplier': c.supplier, 'hash': c.sha256}
for c in project.dependencies
],
}
# 매 SPDX or CycloneDX format
```
### Privacy (GDPR data subject rights)
```python
def gdpr_request(user_id, request_type):
if request_type == 'access':
return all_user_data(user_id)
if request_type == 'erasure':
delete_user_data(user_id, retain_legal_basis=True)
if request_type == 'portability':
return export_user_data_json(user_id)
if request_type == 'rectification':
return enable_user_self_correction(user_id)
```
### Security (ISO 27001 control sample)
```yaml
controls:
A.5.1: "Information security policies"
A.6.1: "Internal organization (roles)"
A.8.1: "Asset management"
A.9.1: "Access control"
A.10.1: "Cryptography"
A.12.4: "Logging and monitoring"
A.16.1: "Incident management"
A.18.1: "Compliance with legal"
```
### AI risk register (ISO 23894)
```python
@dataclass
class AIRisk:
risk_id: str
description: str
likelihood: str # 매 low / med / high
impact: str
inherent_score: int
controls: list
residual_score: int
owner: str
```
### Standards compliance checker
```python
def check_compliance(system, standard):
"""매 high-level."""
requirements = load_standard(standard)
results = {}
for req in requirements:
results[req.id] = verify_evidence(system, req)
return results
```
### W3C web standards
```html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Compliant</title>
</head>
<body>
<main>
<h1 id="page-title">Title</h1>
<article aria-labelledby="page-title">...</article>
</main>
</body>
</html>
```
### RFC compliance (IETF)
```python
# 매 RFC 7231 HTTP semantic
# 매 RFC 8259 JSON
# 매 RFC 7519 JWT
import jwt
token = jwt.encode({'sub': user_id, 'exp': exp_time}, secret, algorithm='HS256')
```
### EU AI Act (risk-tier compliance)
```python
def eu_ai_act_compliance(use_case, model):
risk_tier = classify_risk_tier(use_case)
if risk_tier == 'unacceptable': return 'PROHIBITED'
if risk_tier == 'high':
return {
'risk_management_system': required,
'data_governance': required,
'technical_documentation': required,
'record_keeping': required,
'transparency': required,
'human_oversight': required,
'accuracy_robustness_security': required,
}
if risk_tier == 'limited':
return {'transparency_disclosure': required}
return 'minimal_obligations'
```
## 매 결정 기준
| 상황 | Standard |
|---|---|
| AI governance | ISO/IEC 42001 + NIST AI RMF |
| Quality | ISO 9001 |
| Security | ISO 27001 + SOC 2 |
| Privacy | ISO 27701 + GDPR |
| Web | W3C + WCAG 2.2 |
| Internet protocol | IETF RFC |
| EU market | EU AI Act + GDPR |
| Healthcare | HIPAA / GDPR + ISO 13485 |
**기본값**: 매 industry-relevant 의 baseline + 매 ISO 27001 (info sec) + 매 product-specific. 매 AI = ISO 42001 + EU AI Act.
## 🔗 Graph
- 부모: [[Governance]]
- 변형: [[ISO]] · [[IEEE]] · [[W3C]]
- 응용: [[GDPR]] · [[EU-AI-Act]] · [[NIST-AI-RMF]]
- Adjacent: [[Ethics & AI]] · [[Enterprise-Software-Engineering]]
## 🤖 LLM 활용
**언제**: 매 enterprise. 매 regulated industry. 매 cross-border.
**언제 X**: 매 internal prototype.
## ❌ 안티패턴
- **Compliance-as-checkbox**: 매 paper but no practice.
- **Single-standard focus**: 매 multi 의 ignore.
- **No update tracking**: 매 standards evolve.
- **Self-attestation only**: 매 third-party audit 의 lack.
## 🧪 검증 / 중복
- Verified (ISO websites, NIST, EU AI Act 2024, W3C).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-04-20 | Auto |
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — orgs + 매 ISO 42001 / NIST RMF / SBOM / EU AI Act code |
Reference in New Issue View Git Blame Copy Permalink