top of page

NIST Releases New Ai Risk Management Framework

The National Institute for Standards and Technology (NIST) recently released its Artificial Intelligence Risk Management Framework.

The National Institute for Standards and Technology (NIST) recently released its Artificial Intelligence Risk Management Framework, a flexible set of guidelines that assists artificial intelligence actors, such as organisations and individuals, address the unique risks posed by artificial intelligence.

The framework of the Artificial Intelligence Risk Management Framework (AI RMF 1.0) is broken into two parts. Part 1 addresses foundational information, focusing on how AI actors can frame the potential risks of AI. Part 2 is the core of the AI RMF, centring on four functions: Govern, Map, Measure, and Manage.


The AI RMF begins by addressing three categories of harm that AI Actors need to consider when using AI systems:

  • Harm to people: violations of individual liberties or threats to physical, psychological, or economic safety and opportunity; discrimination against groups of people; and harm to societal access to democracy and education

  • Harm to an organisation: interruption of business operations; potential security breaches; and damage to reputation

  • Harm to an ecosystem: disruption of global financial or supply chain systems and damage to the environment and natural resources

The framework highlights the fluid nature of risks during the AI lifecycle and highlights seven characteristics that make trustworthy AI systems:

  • Valid and reliable

  • Safe

  • Secure and resilient

  • Accountable and transparent

  • Explainable and interpretable

  • Privacy-enhanced

  • Fair with harmful bias managed

Finally, the NIST emphasises that AI actors should periodically evaluate AI risk management effectiveness in order to improve their abilities to manage AI risks.


The AI Risk Management Framework core is composed of four functions: Govern, Map, Measure, and Manage. Each core function is broken down into numerous categories and sub-categories, with each having identified actions that should be performed continuously throughout the AI system lifecycle. NIST has published an accompanying AI RMF Playbook to help organisations navigate the RMF and achieve their outcomes through suggested actions that organisations can apply in their own context.


The Govern function centres around aspects of compliance and evaluation and is the cornerstone that enables other functions to process. Strong governance requires organisations to have structures, systems, processes, and teams in place to create and implement the policies, accountability structure, and organisational culture necessary for identifying and mitigating AI risks. Some examples of key elements to the Govern function include assigning roles and responsibilities related to the other core functions, developing policies and procedures to ensure legal and regulatory compliance, and establishing systems to collect, consider, prioritise, and integrate feedback from external sources.


The Map function establishes the context to frame risks related to AI systems. AI systems rely on a complex network of interdependent activities, and understanding the interplay of these activities can make it easier for AI actors to anticipate the impacts of AI systems. Outcomes from the Map function provide the basis for the Measure and Manage functions.


The Measure function employs tools and methodologies to analyse, assess, benchmark, and monitor AI risks and related impacts. AI actors should track metrics for trustworthy characteristics, social impacts, and human interactions. Users should conduct comprehensive software testing and performance assessment and document and report the results. AI actors are encouraged to provide results for independent review to improve the effectiveness of their testing and minimise the potential for internal bias.


The Manage function concerns the allocation of resources to mapped and measured risks with the goal being to maximise AI benefits and minimise negative impacts. Policies developed in the Govern function will provide guidance as to which risks should be prioritised based on their likelihood and potential impact. Risk treatment under the Manage function should include plans on how to respond to, recover from, and communicate about incidents or events that cause harm.


The NIST AI RMF and accompanying playbook provide a thorough set guidelines, actions, and outcomes for individuals and organisations to implement in their development of and interactions with AI systems. While adherence is voluntary, organisations adopting the framework will be better prepared for the unique and often unforeseen risks that AI systems present.

Article originated in JD Supra

ISO News is an aggregator of global media. All the content is available free on the internet, we have just arranged it in one platform for educational purposes only. In each article, the hyperlink to the primary source is included. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – and the content will be deleted within 24 hours.

8 views0 comments


Sponsored by:
bottom of page