Understanding and Implementing the NIST AI Risk Management Framework (RMF)

Introduction

• Implement the NIST risk management framework

1. Overview: The Need of an AI Risk Management Framework

• Why the need for an AI RMF
• The origin and overview of NIST AI RMF

2. Sections 1-2: Foundational Information – Framing Risk

• Understanding and addressing risks, impacts, and harms: Sections 1.1
• Challenges, measurement, and tolerance: Sections 1.2-1.2.2
• Prioritization and integration: Sections 1.2.3-1.2.4
• Audience: Section 2

3. Sections 3-4: AI Risks, Trustworthiness, and Effectiveness

• Trustworthiness, valid, and reliable: Sections 3–3.1
• Safe, secure, resilient, accountable, and transparent: Sections 3.2–3.4
• Explainable, interpretable, and privacy: Sections 3.5–3.6
• Fair, with harmful bias managed: Section 3.7
• Effectiveness: Section 4

4. Section 5: Core

• AI RMF Core: Section 5
• Govern: Section 5.1, C1
• Govern: Section 5.1, C2–3
• Govern: Section 5.1, C4–6
• Map: Section 5.2, C1
• Map: Section 5.2, C2–5
• Measure: Section 5.3, C1
• Measure: Section 5.3, C2–4
• Manage: Section 5.4
• Using the Playbook to operationalize AI RMF Core

5. Section 6, Appendix A–D: AI RMF Profiles

• Overview of profiles: Section 6
• Overview of Appendices A–D

Conclusion

• Where do you begin?