NIST AI RMF
The pragmatic US framework for AI risk. One framework done well buys multi-jurisdictional alignment largely for free.
The NIST AI Risk Management Framework is a pragmatic US framework for risk identification and mitigation. Adopting it covers a substantial share of the requirements across the EU AI Act, state-level US laws and international standards: one framework done well can get an enterprise multi-jurisdictional alignment largely for free.
The NIST AI Risk Management Framework is a pragmatic US framework for risk identification and mitigation. The updated NIST AI 100-2, introduced in March 2025, explicitly names AI agents as a threat surface for the first time. Draft NIST IR 8596 maps the cybersecurity framework specifically to agentic threats.
Adopting NIST AI RMF covers a substantial share of the requirements across the EU AI Act, state-level US laws and international standards. This one framework done well can get an enterprise multi-jurisdictional alignment largely for free. Research published under the Cloud Security Alliance's AI Safety Initiative has begun mapping NIST standards to agentic AI governance.
In the three-layer standards landscape, NIST AI RMF handles multi-framework alignment, ISO 42001 handles certifiable AI governance in a broad sense, and AIUC-1 handles agent-specific certification. They are complementary, not competing.
| Claim | Source | Status |
|---|---|---|
| Research under the Cloud Security Alliance's AI Safety Initiative has begun mapping NIST standards to agentic AI governance. | Agentic AI Governance: NIST Standards | verified 2026-07-02 |
| NIST AI 100-2 (March 2025) explicitly names AI agents as a threat surface for the first time; draft NIST IR 8596 maps the cybersecurity framework to agentic threats. | AI Risk Management Framework | verified 2026-07-02 |