NIST-AI-RMF
NIST AI Risk Management Framework 1.0 (AI 100-1)
- I. Foundational Information
- Art. FR-1. Understanding and Addressing Risks, Impacts, and Harms (3)
- Art. TR-1. Valid and Reliable (4)
- Art. TR-2. Safe (5)
- Art. TR-3. Secure and Resilient (3)
- Art. TR-4. Accountable and Transparent (3)
- Art. TR-5. Explainable and Interpretable (3)
- Art. TR-6. Privacy-Enhanced ref
- Art. TR-7. Fair — with Harmful Bias Managed ref
- II. AI RMF Core Framework
- Ch. 1 — GOVERN
- Art. GV-1. Policies, Processes, Procedures, and Practices (8)
- Art. GV-2. Accountability Structures (3)
- Art. GV-3. Workforce Diversity, Equity, Inclusion, and Accessibility (2)
- Art. GV-4. Organizational Culture of AI Risk (6)
- Art. GV-5. Engagement with Relevant AI Actors (3)
- Art. GV-6. Third-Party AI Risks and Supply Chain (3)
- Ch. 2 — MAP
- Art. MP-1. Context is Established and Understood (8)
- Art. MP-2. Categorization of the AI System (6)
- Art. MP-3. AI Capabilities, Usage, Goals, Benefits, and Costs (5)
- Art. MP-4. Third-Party Component Risks and Benefits (5)
- Art. MP-5. Impact Characterization (4)
- Ch. 3 — MEASURE
- Art. MS-1. Appropriate Methods and Metrics (11)
- Art. MS-2. Trustworthy Characteristics Evaluation (24)
- Art. MS-3. Risk Tracking Mechanisms (5)
- Art. MS-4. Measurement Efficacy Feedback (6)
- Ch. 4 — MANAGE
- Art. MG-1. Risk Prioritization and Response (4)
- Art. MG-2. Strategies for Benefits and Impact Management (6)
- Art. MG-3. Third-Party AI Risk Management (2)
- Art. MG-4. Risk Treatment and Communication Plans (5)
- Annex A. NIST AI RMF Subcategory Reference
Title I — Foundational Information
Article TR-1. Valid and Reliable
4 obligations
NIST-RMF-TR-1-01
Requirement
Ensure AI System Validation
AI system providers must ensure their systems are valid by confirming through objective evidence that requirements for t
NIST-RMF-TR-1-02
Requirement
Ensure AI System Reliability
AI system providers must ensure their systems are reliable by implementing measures to ensure the system performs as req
NIST-RMF-TR-1-03
Data Governance
Ensure Data Representativeness
AI system providers must ensure that the data used for building the system have sufficient representativeness to reflect
NIST-RMF-TR-1-04
Requirement
Ensure AI System Correctness and Precision
AI system providers must ensure their systems are sufficiently correct, precise, or exact for their intended purpose as
Article TR-2. Safe
2 obligations
NIST-RMF-TR-2-01
Requirement
Safe operation under defined conditions
AI systems must be designed, developed, and deployed to not lead to endangerment of human life, health, property, or env
NIST-RMF-TR-2-02
Requirement
Responsible design, development, and deployment practices
Implement responsible practices throughout the design, development, and deployment phases to improve safe operation of A
Title II — AI RMF Core Framework
Chapter 1 — GOVERN
Chapter 2 — MAP
Chapter 3 — MEASURE
Article MS-2. Trustworthy Characteristics Evaluation
8 obligations
NIST-RMF-MS-2-17
Data Governance
Examine AI System Privacy Risks
Organizations must examine privacy risks of the AI system as identified in the MAP function.
NIST-RMF-MS-2-18
Documentation
Document Privacy Risk Examination
Organizations must document the examination of privacy risks of the AI system.
NIST-RMF-MS-2-19
Requirement
Evaluate Fairness and Bias
Organizations must evaluate fairness and bias as identified in the MAP function.
NIST-RMF-MS-2-20
Documentation
Document Fairness and Bias Evaluation Results
Organizations must document the results of fairness and bias evaluations.
NIST-RMF-MS-2-21
Requirement
Assess Environmental Impact and Sustainability
Organizations must assess environmental impact and sustainability of AI model training and management activities as iden
NIST-RMF-MS-2-22
Documentation
Document Environmental Impact and Sustainability Assessment
Organizations must document the assessment of environmental impact and sustainability of AI model training and managemen
NIST-RMF-MS-2-23
Requirement
Evaluate TEVV Metrics and Processes Effectiveness
Organizations must evaluate the effectiveness of the employed TEVV metrics and processes in the MEASURE function.
NIST-RMF-MS-2-24
Documentation
Document TEVV Effectiveness Evaluation
Organizations must document the evaluation of the effectiveness of employed TEVV metrics and processes.
Article MS-3. Risk Tracking Mechanisms
5 obligations
NIST-RMF-MS-3-01
Risk Management
Establish AI Risk Tracking Mechanisms
Organizations must implement and maintain mechanisms for tracking identified AI risks over time, ensuring continuous mon
NIST-RMF-MS-3-02
Risk Management
Implement Regular AI Risk Identification and Tracking
Organizations must establish approaches, assign personnel, and maintain documentation to regularly identify and track ex
NIST-RMF-MS-3-03
Risk Management
Consider Risk Tracking for Difficult-to-Assess Settings
Organizations must consider and implement risk tracking approaches specifically for settings where AI risks are difficul
NIST-RMF-MS-3-04
Transparency
Establish End User and Community Feedback Processes
Organizations must establish feedback processes that enable end users and impacted communities to report problems with A
NIST-RMF-MS-3-05
Monitoring
Integrate Feedback into AI System Evaluation Metrics
Organizations must integrate the feedback processes from end users and impacted communities into their AI system evaluat
Article MS-4. Measurement Efficacy Feedback
6 obligations
NIST-RMF-MS-4-01
Risk Management
Connect AI Risk Measurement to Deployment Context with Expert Consultation
Organizations must connect their measurement approaches for identifying AI risks to the specific deployment context(s) a
NIST-RMF-MS-4-02
Documentation
Document AI Risk Measurement Approaches
Organizations must document their measurement approaches for identifying AI risks that are connected to deployment conte
NIST-RMF-MS-4-03
Monitoring
Validate AI System Performance Through Expert Input
Organizations must ensure measurement results regarding AI system trustworthiness in deployment context(s) and across th
NIST-RMF-MS-4-04
Documentation
Document AI System Trustworthiness Measurement Results
Organizations must document measurement results regarding AI system trustworthiness in deployment contexts and across th
NIST-RMF-MS-4-05
Monitoring
Identify Performance Changes Through Stakeholder Consultation
Organizations must identify measurable performance improvements or declines based on consultations with relevant AI acto
NIST-RMF-MS-4-06
Documentation
Document Performance Changes and Risk Data
Organizations must document identified measurable performance improvements or declines that are based on stakeholder con