NIST — AI Risk Management Framework (RMF) for security teams
• Category: Security
- The NIST AI RMF is a governance + engineering framework for managing AI risks across the full lifecycle, not a “model safety checklist.”
- It’s most useful when you treat it as a translation layer: map AI risks into controls you already run (IAM, logging, change control, vendor risk).
- The RMF’s core functions are: Govern, Map, Measure, Manage — a loop you can operationalize.
- “Map” is where teams usually fail: if you don’t write down system boundaries, data flows, and who can make the model act, you can’t defend it.
- “Measure” is not just accuracy— it’s monitoring for drift, misuse, and failures of safeguards (leakage, tool abuse, policy bypass).
- “Manage” becomes real only with owners and thresholds: what triggers rollback, feature flags, and incident response.
- If you build or buy: RMF is a strong basis for a vendor questionnaire that doesn’t devolve into buzzwords.
Why it matters
Most AI security failures aren’t “unknown new attacks” — they’re classic failures (over-permissioned identities, weak boundaries, missing audit trails) expressed through a new interface (LLMs, agents, RAG, tool calls). The NIST AI RMF gives you a stable backbone to reason about those risks without chasing weekly headlines.
What to do
- Govern: assign an owner for the AI system and publish the allowed use-cases (and “explicitly not allowed” ones).
- Map: write a one-page architecture: data sources, prompts/system instructions, tools, secrets, logs, and human approval points.
- Measure: define 3–5 “security evals” (e.g., prompt injection attempts, sensitive-data extraction, tool misuse) and run them per release.
- Manage: add kill-switches: disable tool actions, disable external connectors, and rotate keys fast when compromise is suspected.
- Procurement: require vendors to show how they do monitoring, incident response, and least-privilege for agent/tool access.