NIST-AI-RMF
NIST AI Risk Management Framework 1.0 (AI 100-1)
US
Version 1.0
137 obligations
Requirement
39
Documentation
34
Risk Management
29
Transparency
14
Monitoring
10
Human Oversight
9
Data Governance
2
Reset
- I. Foundational Information
- Art. FR-1. Understanding and Addressing Risks, Impacts, and Harms (3)
- Art. TR-1. Valid and Reliable (4)
- Art. TR-2. Safe (5)
- Art. TR-3. Secure and Resilient (3)
- Art. TR-4. Accountable and Transparent (3)
- Art. TR-5. Explainable and Interpretable (3)
- Art. TR-6. Privacy-Enhanced ref
- Art. TR-7. Fair — with Harmful Bias Managed ref
- II. AI RMF Core Framework
- Ch. 1 — GOVERN
- Art. GV-1. Policies, Processes, Procedures, and Practices (8)
- Art. GV-2. Accountability Structures (3)
- Art. GV-3. Workforce Diversity, Equity, Inclusion, and Accessibility (2)
- Art. GV-4. Organizational Culture of AI Risk (6)
- Art. GV-5. Engagement with Relevant AI Actors (3)
- Art. GV-6. Third-Party AI Risks and Supply Chain (3)
- Ch. 2 — MAP
- Art. MP-1. Context is Established and Understood (8)
- Art. MP-2. Categorization of the AI System (6)
- Art. MP-3. AI Capabilities, Usage, Goals, Benefits, and Costs (5)
- Art. MP-4. Third-Party Component Risks and Benefits (5)
- Art. MP-5. Impact Characterization (4)
- Ch. 3 — MEASURE
- Art. MS-1. Appropriate Methods and Metrics (11)
- Art. MS-2. Trustworthy Characteristics Evaluation (24)
- Art. MS-3. Risk Tracking Mechanisms (5)
- Art. MS-4. Measurement Efficacy Feedback (6)
- Ch. 4 — MANAGE
- Art. MG-1. Risk Prioritization and Response (4)
- Art. MG-2. Strategies for Benefits and Impact Management (6)
- Art. MG-3. Third-Party AI Risk Management (2)
- Art. MG-4. Risk Treatment and Communication Plans (5)
- Annex A. NIST AI RMF Subcategory Reference
Monitoring Obligations
10Title I — Foundational Information
Title II — AI RMF Core Framework
Chapter 1 — GOVERN
Article GV-1. Policies, Processes, Procedures, and Practices
1 obligation
Article GV-4. Organizational Culture of AI Risk
1 obligation
Chapter 2 — MAP
Chapter 3 — MEASURE
Article MS-1. Appropriate Methods and Metrics
2 obligations
NIST-RMF-MS-1-03
Monitoring
Regularly assess appropriateness of AI metrics and effectiveness of controls
Organizations must conduct regular assessments of whether their AI metrics remain appropriate and whether existing contr
NIST-RMF-MS-1-04
Monitoring
Include error reports in regular assessments of metrics and controls
Organizations must incorporate reports of errors into their regular assessments of AI metrics appropriateness and contro
Article MS-2. Trustworthy Characteristics Evaluation
1 obligation
Article MS-3. Risk Tracking Mechanisms
1 obligation
Article MS-4. Measurement Efficacy Feedback
2 obligations
NIST-RMF-MS-4-03
Monitoring
Validate AI System Performance Through Expert Input
Organizations must ensure measurement results regarding AI system trustworthiness in deployment context(s) and across th
NIST-RMF-MS-4-05
Monitoring
Identify Performance Changes Through Stakeholder Consultation
Organizations must identify measurable performance improvements or declines based on consultations with relevant AI acto
Chapter 4 — MANAGE
Article MG-3. Third-Party AI Risk Management
1 obligation
Article MG-4. Risk Treatment and Communication Plans
1 obligation