Home»Support»Centralpoint Glossary»NIST AI RMF
  • Printer Friendly Version
  • Decrease Text SizeIncrease Text Size

NIST AI RMF

The NIST AI Risk Management Framework, abbreviated AI RMF and published as NIST AI 100-1 in January 2023 with a Generative AI Profile (AI 600-1) added in July 2024, is the United States federal voluntary framework for managing risks from AI systems — used as a de facto baseline by federal agencies, government contractors, and enterprises across regulated industries even without statutory mandate. The framework has four functions: Govern (establish accountability, policies, oversight), Map (understand context, identify risks, document the system), Measure (analyze and track risks with quantitative and qualitative methods), and Manage (prioritize, respond, treat, monitor). The Generative AI Profile extends these functions to GenAI-specific risks: hallucination, prompt injection, data poisoning, intellectual property infringement, CBRN (chemical, biological, radiological, nuclear) information uplift, dangerous capabilities, environmental impact, and information integrity. Unlike the EU AI Act, the NIST AI RMF is voluntary and not prescriptive — it provides a structured way to think about AI risk without mandating specific technical controls. Federal agencies under OMB M-24-10 are required to follow the AI RMF (or equivalent) for federal AI use, and many state laws (Colorado AI Act, Texas TRAIGA) reference it. A practical adoption pattern: charter an AI governance committee aligned to Govern, complete the AI system inventory aligned to Map, implement an evaluation harness aligned to Measure, define an incident-response and continuous-monitoring program aligned to Manage. AI governance teams use the NIST AI RMF as the bridge between board-level governance and engineering-level controls because its function decomposition maps cleanly onto traditional risk management practice.

NIST-aligned governance from 25 years of federal-grade discipline: Centralpoint serves the US Congress and federal departments, meaning the audit, oversight, and incident-response disciplines the NIST AI RMF formalizes are 25-year operational habits at Oxcyon rather than new asks. Evidence stays on-premise, tokens meter per skill, and NIST-aligned chatbots deploy through one line of JavaScript.


Related Keywords:
NIST AI RMF,NIST AI RMF,Oxcyon, AI, AI Governance, Generative AI, Inference, Inference, Inferencing, RAG, Prompts, Skills Manager,
Back