NIST AI Risk Management Framework (AI RMF).

NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage. Cette notion relève de la catégorie Conformité et référentiels en cybersécurité.

NIST's voluntary framework for managing AI risks, published January 2023 (AI RMF 1.0) with a Generative AI Profile released in July 2024, organized around four Functions: Govern, Map, Measure, and Manage.

The NIST AI Risk Management Framework (AI RMF 1.0), published 26 January 2023, is a voluntary, sector-agnostic framework for managing risks to individuals, organizations, and society from the design, development, deployment, and use of AI systems. It is structured around four core Functions: Govern (culture, policy, oversight), Map (context, characterization, risk identification), Measure (analysis and assessment of risks), and Manage (prioritization, response, communication). Each Function is broken into Categories and Subcategories with outcome statements rather than prescriptive controls. NIST released the Generative AI Profile (NIST AI 600-1) in July 2024, adding GenAI-specific risk categories (confabulation, dangerous-content generation, data privacy, environmental, human-AI configuration, information integrity, IP, obscene/sexual content, value chain) with mapped actions. AI RMF is increasingly referenced by regulators (it appears in the U.S. Executive Order 14110 and is mapped to ISO/IEC 42001 controls), used by enterprises as the structure for AI policies and red-team programs, and forms the basis of vendor questionnaires.

Les défenses contre NIST AI Risk Management Framework (AI RMF) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.

Noms alternatifs courants : AI RMF 1.0, NIST AI 100-1, NIST AI 600-1.