Documentation Index
Fetch the complete documentation index at: https://docs.ayliea.com/llms.txt
Use this file to discover all available pages before exploring further.
NIST AI Risk Management Framework
The NIST AI Risk Management Framework (AI RMF 1.0) is the U.S. government’s foundational framework for managing AI risk. Organized around four core functions — Govern, Map, Measure, Manage — it gives organizations a structured lifecycle for identifying, assessing, and treating AI risks across systems and use cases. NIST AI RMF is the right framework for organizations adopting AI broadly, especially those that:- Sell into U.S. federal markets or work with federal contractors
- Need a vendor-neutral, well-cited framework recognized by auditors and regulators
- Want a lifecycle structure that complements ISO/IEC 42001 certification work
Many AI-specific regulations (EU AI Act guidance, Colorado AI Act, state-level frameworks) explicitly reference NIST AI RMF as an acceptable risk-management approach. A strong AI RMF posture often translates directly to other regulatory contexts.
What this framework covers
The assessment spans the four core functions, with categories grouped by the lifecycle phase they govern.Govern — Policy & Oversight
Govern — Policy & Oversight
Organizational policies, risk management processes, and oversight structures for AI systems. Covers legal compliance, resource allocation, documentation, and system inventory.
Govern — Teams, Culture & Third-Party
Govern — Teams, Culture & Third-Party
Workforce diversity, stakeholder engagement, organizational risk culture, and third-party AI risk management practices.
Map — Context, Categorization & Risk Tolerance
Map — Context, Categorization & Risk Tolerance
Establishing context for AI system risks — categorizing systems, identifying potential harms, capturing benefits and costs, and setting risk tolerance for each system class.
Measure — Metrics, Methods & Quality
Measure — Metrics, Methods & Quality
Selecting appropriate metrics and methods to measure identified AI risks — including effectiveness of risk controls, system trustworthiness characteristics, and quality of inputs and outputs.
Manage — Treatment, Communication & Continuous Improvement
Manage — Treatment, Communication & Continuous Improvement
Treating risks based on measurement, prioritizing remediation, communicating risk to stakeholders, and continuously improving the AI risk management posture.
Why this matters for customers
NIST AI RMF gives an organization a defensible answer to “how do you manage AI risk?” The framework is broad enough to apply to a wide range of AI use cases (predictive, generative, agentic) while being prescriptive enough to drive concrete program changes. This assessment surfaces:- Whether your AI governance policies cover the full lifecycle from sourcing through retirement
- Whether your AI system inventory captures categorization and risk classification
- Whether you measure risk with metrics appropriate to each system class (not one-size-fits-all)
- Whether risk treatment decisions are tracked, communicated, and revisited as systems evolve
How it relates to other frameworks
NIST AI RMF is the foundational lifecycle framework. Pair it with these specializations for depth:- NIST AI 600-1 (GAI Profile) — generative-AI-specific risks layered on the AI RMF core
- ISO/IEC 42001 — the formal AI management system standard (certification-ready)
- AI Security (AISS) — control-level technical depth for AI security specifically
- AI Agent Security — agent-specific guardrails for the LLM06 Excessive Agency risk class