Standards
NIST AI RMF: governing risk, measuring trust
A voluntary framework for trustworthy AI, and where measurement fits.
What the NIST AI RMF is. Released in 2023, the NIST AI Risk Management Framework is a voluntary, consensus-driven framework for managing AI risks to individuals, organizations, and society. It is organized around four functions — Govern, Map, Measure, and Manage — and is supported by a companion Playbook and a Generative AI Profile. It is widely referenced and designed to align with other risk-management efforts.
Its strength is structure; its open question is always how you actually Measure trustworthiness — particularly security and resilience — for a system that behaves differently every time you probe it.
How we use it. PharosOne lives in the Measure function: we quantify an agent's security and resilience with reproducible adversarial testing and statistical confidence bounds. Those results feed Map (identifying the risks in your deployment's context) and Manage (prioritizing and remediating them), and are crosswalked to AIUC-1 controls so the same evidence serves multiple frameworks at once.
Read the framework at nist.gov/itl/ai-risk-management-framework.
The RMF asks you to Measure. Reproducible adversarial testing is how that measurement is actually done.
Configurations like yours — generic results describe the population, not your specific agent.