NIST AI Risk Management Framework (AI RMF).

NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage. Es gehört zur Kategorie Compliance und Frameworks der Cybersicherheit.

NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage.

The NIST AI Risk Management Framework (AI RMF 1.0), published 26 January 2023, is a voluntary, sector-agnostic framework for managing risks to individuals, organizations, and society from the design, development, deployment, and use of AI systems. It is structured around four core Functions: Govern (culture, policy, oversight), Map (context, characterization, risk identification), Measure (analysis and assessment of risks), and Manage (prioritization, response, communication). Each Function is broken into Categories and Subcategories with outcome statements rather than prescriptive controls. NIST released the Generative AI Profile (NIST AI 600-1) in July 2024, adding GenAI-specific risk categories (confabulation, dangerous-content generation, data privacy, environmental, human-AI configuration, information integrity, IP, obscene/sexual content, value chain) with mapped actions. AI RMF is increasingly referenced by regulators (it appears in the U.S. Executive Order 14110 and is mapped to ISO/IEC 42001 controls), used by enterprises as the structure for AI policies and red-team programs, and forms the basis of vendor questionnaires.

Schutzmaßnahmen gegen NIST AI Risk Management Framework (AI RMF) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: AI RMF 1.0, NIST AI 100-1, NIST AI 600-1.