The NIST AI Risk Management Framework (AI RMF), published in January 2023, provides guidance for managing risks associated with AI systems. It is organized around four functions: Govern, Map, Measure, and Manage. The AI RMF is voluntary and designed to work alongside other NIST frameworks including the Cybersecurity Framework.
The Govern function establishes the organizational culture, policies, and roles for AI risk oversight. Map identifies AI risks in context - who is affected, what harms could occur, and under what conditions. Measure analyzes and assesses identified risks using metrics and testing methodologies. Manage prioritizes and treats risks through treatment plans, monitoring, and response procedures.
Because the AI RMF is designed to complement other NIST frameworks, organizations already using the NIST CSF can extend existing risk management processes into AI without building parallel structures from scratch.
Keep Exploring