NIST-RMF-GV-6-01 Risk Management GV-6 — Third-Party AI Risks and Supply Chain

Third-Party AI Risk Management Policies

Description

Organizations must establish and maintain policies and procedures specifically designed to address AI risks and benefits that arise from third-party software, data, and other supply chain components.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

NIST-RMF-GV-6-02 Risk Management

Third-Party Intellectual Property Risk Policies

NIST-RMF-GV-6-03 Risk Management

High-Risk Third-Party AI System Contingency Processes

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Third-Party AI Risk Management Policies

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment