Unorma

United States · Voluntary framework

NIST AI RMF, trustworthy

The United States' reference framework for trustworthy AI. Voluntary by law, increasingly mandatory in practice — enterprise buyers and federal agencies expect it.

Status
Published — v1.0 + Generative AI profile
Structure
4 functions: Govern, Map, Measure, Manage
Legal force
Voluntary — de facto US baseline
Controls in Unorma
72

What it is

The NIST AI Risk Management Framework, in plain language.

The NIST AI Risk Management Framework organizes trustworthy AI around four functions — Govern, Map, Measure and Manage — and seven characteristics, from validity and reliability to fairness and accountability. It is the deepest of the major frameworks: 72 controls in Unorma's implementation.

There are no NIST fines. There are lost deals instead: US enterprise procurement, federal contractors and insurers increasingly ask for AI RMF alignment. Adopting it early is the cheapest trust signal available in the US market — and it maps cleanly onto the EU AI Act and ISO 42001 work you may already be doing.

Who it applies to

  • US-market AI vendors

    Selling AI into US enterprises or government? AI RMF alignment is turning up in RFPs and vendor security reviews.

  • Enterprises deploying AI

    The framework gives your governance committee a defensible, recognized structure for AI risk decisions.

  • Global companies

    Pairing NIST with the EU AI Act covers both sides of the Atlantic — and Unorma maps the overlap automatically.

Requirements

What NIST AI RMF actually asks of you.

72 controls in Unorma — each with plain-language guidance, action steps and the evidence you need.

  • Govern

    Policies, accountability structures and a risk culture that spans the AI portfolio.

  • Map

    Context, capabilities, and impacts of each system — categorized and documented.

  • Measure

    Quantitative and qualitative assessment of trustworthiness characteristics and risks.

  • Manage

    Prioritizing, responding to and monitoring risks over the full lifecycle.

  • Trustworthiness characteristics

    Valid & reliable, safe, secure, accountable, explainable, privacy-enhanced, fair.

  • Generative AI profile

    Specific guidance for the risks unique to generative systems.

NIST AI RMF in Unorma

From regulation text to audit-ready, in one platform.

  • Maturity assessment 1–5

    Each AI system gets a NIST maturity level with a clear path to the next one — not just a pass/fail checkbox.

  • Six NIST document templates

    AI RMF Playbooks, Impact Assessments, Risk Registers and Monitoring Plans, generated from your actual system data.

  • Cross-framework credit

    Evidence uploaded for the EU AI Act or ISO 42001 is automatically suggested against matching NIST controls — ~100 mappings built in.

  • Gap analysis with guidance

    All 72 controls with plain-language explanations, action steps and evidence requirements per control.

Track NIST AI RMF readiness from day one.

14-day free trial · No credit card · All 72 controls included

Start free trial

Cross-framework intelligence

Evidence for NIST AI RMF counts elsewhere too.

~100 cross-framework mappings mean work done once counts toward multiple frameworks automatically.