NIST-AI-RMF
NIST AI Risk Management Framework 1.0 (AI 100-1)
- I. Foundational Information
- Art. FR-1. Understanding and Addressing Risks, Impacts, and Harms (3)
- Art. TR-1. Valid and Reliable (4)
- Art. TR-2. Safe (5)
- Art. TR-3. Secure and Resilient (3)
- Art. TR-4. Accountable and Transparent (3)
- Art. TR-5. Explainable and Interpretable (3)
- Art. TR-6. Privacy-Enhanced ref
- Art. TR-7. Fair — with Harmful Bias Managed ref
- II. AI RMF Core Framework
- Ch. 1 — GOVERN
- Art. GV-1. Policies, Processes, Procedures, and Practices (8)
- Art. GV-2. Accountability Structures (3)
- Art. GV-3. Workforce Diversity, Equity, Inclusion, and Accessibility (2)
- Art. GV-4. Organizational Culture of AI Risk (6)
- Art. GV-5. Engagement with Relevant AI Actors (3)
- Art. GV-6. Third-Party AI Risks and Supply Chain (3)
- Ch. 2 — MAP
- Art. MP-1. Context is Established and Understood (8)
- Art. MP-2. Categorization of the AI System (6)
- Art. MP-3. AI Capabilities, Usage, Goals, Benefits, and Costs (5)
- Art. MP-4. Third-Party Component Risks and Benefits (5)
- Art. MP-5. Impact Characterization (4)
- Ch. 3 — MEASURE
- Art. MS-1. Appropriate Methods and Metrics (11)
- Art. MS-2. Trustworthy Characteristics Evaluation (24)
- Art. MS-3. Risk Tracking Mechanisms (5)
- Art. MS-4. Measurement Efficacy Feedback (6)
- Ch. 4 — MANAGE
- Art. MG-1. Risk Prioritization and Response (4)
- Art. MG-2. Strategies for Benefits and Impact Management (6)
- Art. MG-3. Third-Party AI Risk Management (2)
- Art. MG-4. Risk Treatment and Communication Plans (5)
- Annex A. NIST AI RMF Subcategory Reference
Human Oversight Obligations
9Title I — Foundational Information
Title II — AI RMF Core Framework
Chapter 1 — GOVERN
Article GV-3. Workforce Diversity, Equity, Inclusion, and Accessibility
1 obligation
Chapter 2 — MAP
Article MP-3. AI Capabilities, Usage, Goals, Benefits, and Costs
1 obligation
Chapter 3 — MEASURE
Article MS-1. Appropriate Methods and Metrics
6 obligations
NIST-RMF-MS-1-06
Human Oversight
Involve internal experts who were not front-line developers in assessments
Organizations must involve internal experts who did not serve as front-line developers of the AI system in regular asses
NIST-RMF-MS-1-07
Human Oversight
Involve independent assessors in regular assessments and updates
Organizations must involve independent assessors (external to the organization) in regular assessments and updates of AI
NIST-RMF-MS-1-08
Human Oversight
Consult domain experts in assessments as necessary per risk tolerance
Organizations must consult domain experts to support assessments when necessary based on their organizational risk toler
NIST-RMF-MS-1-09
Human Oversight
Consult users in assessments as necessary per organizational risk tolerance
Organizations must consult users of the AI system to support assessments when necessary based on their organizational ri
NIST-RMF-MS-1-10
Human Oversight
Consult external AI actors in assessments as necessary per risk tolerance
Organizations must consult AI actors external to the team that developed or deployed the AI system to support assessment
NIST-RMF-MS-1-11
Human Oversight
Consult affected communities in assessments as necessary per risk tolerance
Organizations must consult affected communities to support assessments when necessary based on their organizational risk
Chapter 4 — MANAGE
Article MG-2. Strategies for Benefits and Impact Management
1 obligation