NIST-RMF-MP-4-05
Documentation
MP-4 — Third-Party Component Risks and Benefits
Document internal risk controls for AI system components
Description
Organizations must create and maintain comprehensive documentation of all internal risk controls established for managing risks from AI system components, including third-party AI technologies.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
NIST-RMF-MP-4-01
Risk Management
Map risks and benefits of all AI system components including third-party elements
NIST-RMF-MP-4-02
Risk Management
Implement approaches for mapping AI technology and legal risks of components
NIST-RMF-MP-4-03
Risk Management
Map and document third-party intellectual property infringement risks
NIST-RMF-MP-4-04
Risk Management
Identify internal risk controls for AI system components
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started