NEW! Data443 Acquires Vaikora – Real-Time AI Runtime Control & Enforcement for AI Agent
The NIST AI Risk Management Framework (AI RMF) is the United States National Institute of Standards and Technology’s voluntary framework for managing AI system risk. It is structured around four functions: GOVERN, MAP, MEASURE, and MANAGE. The Generative AI Profile (NIST AI 600-1) extends the framework with LLM-specific risk categories and controls.
NIST frameworks are voluntary in legal terms but operationally near-mandatory for federal contractors and any vendor selling into the public sector. Several US states began referencing NIST AI RMF in their procurement requirements in 2025; by 2026 the framework is the default starting point for enterprise AI governance programs.
The four functions cover the full lifecycle. GOVERN sets organizational AI policy. MAP catalogs AI systems and their risks. MEASURE produces metrics and assurance evidence. MANAGE handles incident response and continuous improvement. Each function maps to specific deliverables (policies, registries, controls, runbooks) that audit teams can verify.
NIST AI RMF is one of several international frameworks. ISO/IEC 42001 is the international management-system standard. The EU AI Act is the regulatory regime in the European Union. NIST AI RMF maps cleanly to both and many enterprises use NIST as the implementation framework while certifying against ISO/IEC 42001.
A federal contractor’s AI governance program publishes its NIST AI RMF MEASURE evidence quarterly: which AI systems are deployed, what risks each carries, which controls mitigate which risks, and which metrics demonstrate control effectiveness. A second example: a healthcare vendor selling to government customers maps Vaikora’s compliance preset library to NIST AI RMF MANAGE controls, providing direct evidence of incident response capability.
Voluntary in legal terms. Operationally near-mandatory for federal contractors and increasingly referenced in state procurement and enterprise security baselines.
NIST AI RMF is a US framework focused on risk management. ISO/IEC 42001 is the international AI management-system standard, structured for certification. Most large programs use both: NIST as the day-to-day framework, ISO as the certification target.
Vaikora’s compliance presets include explicit NIST AI RMF mappings. Each policy is tagged with the RMF functions it supports, so audit evidence is generated as a side effect of normal operation.
NIST AI 600-1, published 2024 and refreshed in 2026, is a profile that extends the core RMF with categories specific to generative AI risks: misinformation, hallucination, data leakage, and prompt-injection-style attacks.
Last updated: 2026-05-20.
