NIST AI RMF: the full kit
The NIST AI RMF has four pieces (framework, Core, Playbook, GenAI Profile) plus NIST ARIA. Keep the two quartets separate → the NIST Core functions are govern, map, measure, manage, while TEVV is test, evaluate, verify, validate.
A guide for incorporating risk and trustworthiness into AI design, development, use and evaluation. Four pieces → the framework, the Core, the Playbook, the GenAI Profile. Plus ARIA.
The seven trustworthy AI characteristics → Valid & reliable · Safe · Secure & resilient · Explainable & interpretable · Privacy-enhanced · Fair with harmful bias managed · Accountable & transparent.
- Govern → cultivate and implement a culture of risk management.
- Map → identify use and risks related to use in context.
- Measure → assess, analyse and track risks.
- Manage → prioritise risks and act based on projected impact.
- Four key steps → test, evaluate, verify and validate → TEVV → the organisational activities for assessing and managing risk.
- Playbook → suggests actions to accomplish the outcomes of the Core functions.
- Generative AI Profile → companion document applying the RMF to generative AI.
A system to assess LLMs against predefined scenarios and testing approaches → improves tools, measurement methods and metrics for evaluating models and making acquisition or deployment decisions. Intended to confirm claims about model capabilities, red team LLMs to stress controls and guardrails, and field test real-world use. Initial focus → generative AI risks, broader later.
Keep the two NIST quartets separate → the Core functions are govern, map, measure, manage · the key steps are test, evaluate, verify, validate. Swapping them is the classic distractor.